Upstream changes:
Highlights
MDL-35392 - Feedback from module assign is now always shown in the gradebook
MDL-31036 - No more truncating characters in assignment quick grading
MDL-46626 - Log report export no longer contains html
MDL-23273 - Limit of responses in choice module is respected in case of synchronous submissions
Functional changes
MDL-31578 - Shibboleth can map attributes for all Moodle fields including custom attributes
MDL-47911 - Performance improvement on gradebook operations
MDL-49240 - Web service core_get_string now functions correctly
MDL-45621 - It is possible to uninstall portfolio plugins
MDL-48670 - Standard behat tests now work properly regardless of user timezone
UI changes
MDL-48533 - Backup report now links to the individual course backup summaries
MDL-49064 - left-align css class now has an RTL equivalent in bootstrap base
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-42138 - Required custom profile fields are always required on signup form even when user has logged in as guest
MDL-49059 - Possible to embed YouTube videos with start time or playlist info
MDL-48544 - Block region no longer disappears if all blocks in it were hidden
MDL-48841 - Fixed bug with not being able to reset scheduled task to defaults
MDL-49167 - Fixed regression with $CFG->yuislasharguments introduced by previous minor release
MDL-47953 - Grader report shows correct number of students per page when suspended users are present
MDL-48294 - enablemobilewebservice is no longer duplicated in Site admin
MDL-48679 - Fixed bug with missing grade export URL when using grade publishing
Upstream changes:
Moodle-2.8.3
Highlights
MDL-47935 - Atto Autosave message no longer covers text you are editing
MDL-44560 - Pagination in glossary category works correctly when entries have multiple categories
MDL-47792 - Course and Activity Completion Reports display vertical text without truncating
Functional changes
MDL-43386 - Lesson grade essay responses preserve HTML formatting
MDL-14730 - Allow linking to pages inside a lesson
MDL-47761 - Explanation is given to the users why they are unable to enrol in the course
MDL-47871 - Event monitor: Teacher can duplicate System rule
UI changes
MDL-44907 - Better styling of admin setting validation messages in bootstrapbase
MDL-48596 - Lesson editing page has correct layout used by other editing pages and does not obstruct page with blocks
MDL-47166 - Atto: outdent button is shown first followed by indent button
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-48765 - Improved icon alignment on course enrolment methods page
MDL-40285 - When assignment is submitted by one team member it is shown as submitted for all team members
MDL-38142 - User forum posts page no longer displays error for the hidden course
MDL-36877 - Final lesson page is displayed when course setting "Show gradebook to students" is set to "No"
MDL-48073 - Group filter is preserved when moving to next page of enrolled users
MDL-40326 - Course reset also resets lesson progress bar
MDL-48383 - Cron no longer warns about disabled enrol_imsenterprise after each scheduled task
MDL-48914 - Roles assignment page does not display user select if there are too many users preventing from php memory error
Upstream changes:
Release date: 12 January, 2015
Here is the full list of fixed issues in 2.8.2.
CONTENTS [hide]
1 Highlights
2 Functional changes
3 API changes
4 UI changes
5 Security issues
6 Fixes and improvements
7 See also
Highlights
MDL-40241 - Default Manager and Teacher role are able to manually mark course as completed
MDL-46442 - Notifications about assignment re-submissions are sent
MDL-43462 - EditPDF correctly shows landscape PDFs
MDL-43679 - Clicking link to Moodle in MS Word no longer results "You are already logged in" message
Functional changes
MDL-42717 - Ensure automated backup files are deleted when an error occurs because of directory permissions
MDL-47601 - Ensure old automated backups are deleted including the case when file name is renamed from language string
MDL-48023 - Changed "Cache-control: private" to "public" on public static files to increase performance
MDL-48224 - In the Task API, each adhoc and scheduled task now has it's own SMTP buffer, and the legacy cron has one buffer for all tasks. Previously scheduled tasks had no buffer, and the legacy cron had a buffer only for tasks of activity modules.
MDL-33606 - Make distinction between all section course view and a single section course view log entry
API changes
MDL-44657 - No more Javascript error when the form class is namespaced
MDL-22309 - get_role_users() works correctly when a user is assigned more than one role
MDL-48697 - Completion directory is recognized by Moodle as a valid component directory
MDL-48495 - Limit protocols supported by curl by default
UI changes
MDL-35078 - End date for self enrolment on the bulk enrolment form now also contains time
MDL-42501 - Added help about deleting grades in the course reset form
MDL-48206 - Wider textarea for the comments in the comments block
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-40097 - Course completion role criteria no longer causes fatal error
MDL-35494 - User is able to restore an activity even when they own only one course
MDL-20304 - Practice lesson does not appear in Gradebook [Patch]
MDL-45324 - Grading notifications are not sent before the grades are released to students
MDL-47133 - Keyboard shortcuts in Atto do not interfere with regional keyboard settings
MDL-37704 - Possible to lock Description field in users' profiles
MDL-36240 - Calendar events from activities are restored even without user data
MDL-14908 - Parent Role can view courses for students that are in groups
MDL-46472 - Fixed upgrade loop caused by undeletable themes
MDL-31822 - Non-default section name is shown at the site level
MDL-47475 - PDF annotation is visible by all students in the team and not only by the one who made a submission
MDL-47993, MDL-48088 - Correctly parse dates with timezones when importing from Microsoft calendar
MDL-48150 - Fixed a bug whereby only the first post in a forum was sent with the correct headers on each run of cron
MDL-48288, MDL-48191 - Grader report's floating headers work correctly when email or average row is hidden
MDL-48179 - Backup progress no longer times out when compressing large backup
MDL-48164 - 'Reply to email' does not result in out-of-office replies posted in forum
Upstream changes:
Moodle 2.8.1 release notes
Release date: 13 November 2014
Here is the full list of fixed issues in 2.8.1.
Regression fixes
MDL-48204 - Syntax error in mod/wiki/admin.php -- Note: this is the regression that lead to Moodle 2.8.1 being released a few days after 2.8.
MDL-48168 - It should be possible to edit the overall max grade after a quiz has been attempted
MDL-48156 - Schedule task manager misinterprets core\plugininfo\base::is_enabled()
Other fixes
MDL-48093 - HTML 5 video: Firefox now supports .mp4
MDL-47391 - Default profile page uses page-layout "mydashboard" instead of "mypublic"
MDL-39692 - Letter boundary cannot be deleted
MDL-39376 - performance problem while calling admin setting page in case of large amount of categories
MDL-30968 - Group hyper-link in Forum view links to list of all participants
Upstream changes:
Highlights
MDL-45780 - Atto now working with form change checker and quiz autosave
MDL-46748 - Mathjax address that changed, that caused Atto to fail to load, has been updated in Moodle
MDL-35984 - Gradebook Sum of grades shows correct total if items are hidden
Functional changes
MDL-45724 - Warning given when the same memcached instance is used for both sessions and MUC
MDL-46681 - For Multiple choices questions in the quiz / question bank, the options "Clear incorrect responses" and "Show the number of correct responses" did not make sense for "One answer only" questions. It is now impossible to select that combination of options on the form.
Security issues
MSA-14-0033 URL parameter injection in CAS authentication
MSA-14-0034 Identity information revealed early in Q&A forum
Fixes and improvements
MDL-37509 - Description of assignment hidden in calendar if "always show description" = NO
MDL-46545 - Weekly stats now working again
MDL-46589 - Automatic emails now sent after users import from CSV
MDL-43197 - Parent role only sees course total and no longer individual grades
MDL-46236 - Start New Attempt option is now followed if SCORM is set to appear in a popup
Approved by: wiz@
Upstream changes:
2.7.1
Highlights
MDL-41383 - File picker works when zooming in and out of browser
MDL-45580 - PDF Annotations working with multiple attempts
Functional changes
MDL-43274 - Course logs can no longer be deleted when course is reset
API changes
MDL-44871 - Behat tests written for Atto functionalities
MDL-43669 - Configuration option added so that mail can be sent from noreply address exclusively
UI changes
MDL-45599 - The term 'add-on' is changed to 'plugin'
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-44124 - iCal import recurrence rules working consistently
MDL-45579 - Duplicate group enrolment keys for the same course are no longer allowed
MDL-45682 - Can now insert images using Chrome
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
Upstream changes:
Moodle 2.5.6 release notes
Release date: 12 May, 2014
Here is the full list of fixed issues in 2.5.6.
Functional changes
MDL-43985 - Checkbox added to control sending of feedback when grading Assignment (backport of MDL-33600)
Security issues
MSA-14-0014 Cross-site request forgery possible in Assignment
MSA-14-0015 Web service token expiry issue for MoodleMobile
MSA-14-0016 Anonymous student identity revealed in Assignment
MSA-14-0017 File access issue in HTML block
MSA-14-0019 Reflected XSS in URL downloader repository
Fixes and improvements
MDL-45119 - When student opens assignment feedback PDF no error messages are shown
MDL-41551 - Block drag-drop fixed for Clean theme on My Home page
MDL-44936 - CSS chunking is now more reliable on IE
MDL-45154 - Warnings and errors in user profile page fixed
MDL-43721 - Poor performance on Assignment grading page fixed
Approved by: wiz@
Upstream changes:
2.5.5
Highlights
MDL-43733 - Auto-saved responses are used when a quiz attempt is submitted automatically
MDL-27414 - Random short answer matching question type now works again (with thanks to Jean-Michel Védrine)
Functional changes
MDL-40821 - Language menu in Clean shows language used
API changes
MDL-43882 - "Time spent waiting for the database" value added to performance info
UI changes
MDL-44425 - Skydrive, Box.net and Google Docs are renamed OneDrive, Box and Google Drive respectively to reflect these remote service name changes.
Security issues
MSA-14-0004 Incorrect filtering in Quiz
MSA-14-0005 Access issue in Feedback activity
MSA-14-0006 Capability issue in Chat
MSA-14-0007 Access issue in Wiki
MSA-14-0008 Cross site scripting potential in Flowplayer
MSA-14-0009 Identity information leak in Forum and Quiz
MSA-14-0010 Identity information leak in Alfresco Repository
MSA-14-0011 Cross site request forgery potential in IMS enrolments
MSA-14-0012 Access issue in Badges
Fixes and improvements
MDL-40705 - Long course names are truncated in navigation menu
MDL-40205 - Long block titles are truncated in Clean
MDL-42882 - Performance improvement to missing root directory upgrade step
MDL-40849 - Assignment marking guide screen fixed in Clean
MDL-44217 - The link colour in Bootstrapbase (and Clean) is now WCAG compliant
MDL-44029 - Quiz user overrides no longer deleted by group event handler
MDL-44018 - Variant field of question_attempts is backed up by Moodle backup
MDL-43941 - Activity show/hide toggle fixed in hidden and orphaned sections
MDL-43306 - Backup no longer introduces duplicate gradeitem sortorders when restoring
2.5.4
Highlights
MDL-41819 - Able to edit a larger number of grades in the grader report
Functional changes
MDL-42504 - Quiz auto-save detects that the connection to the server has been lost and warns students
API changes
MDL-40741 - Behat tests adapted to Clean theme
MDL-42942 - Environmental information shown at the beginning of every Behat run
Security issues
MSA-14-0001 Config passwords visibility issue
MSA-14-0002 Group constraints lacking in "login as"
MSA-14-0003 Cross-site request forgery vulnerability in profile fields
Fixes and improvements
MDL-34182 - Invalid JSON no longer output on filepicker when repository plugins output invalid content
MDL-43367 - get_child_contexts() returns correct contexts when context path missing
MDL-42913 - Group cache works as expected
MDL-40003 - Assignment submission comments are restored
MDL-42085 - Default enrolment duration is now applied when manually enrolling a user
Upstream changes:
Highlights
MDL-41252 - Accessibility improvements to course page.
MDL-34209 - Moving sections by drag and drop reorders sections correctly.
MDL-29987 - Embedded PDF files behave correctly.
Functional changes
MDL-42069 - Option to sort by last name in Quiz grading report.
MDL-38267 - Submit button is not shown after cut-off date in Assignment.
MDL-22669 - When restoring a larger course over a smaller one, the number of sections is maintained.
MDL-42666 and MDL-42668 - The Box.net repository and Box.net portfolio have been updated to use Box.net API v2. Moodle sites which have used the Box.net repository previously need to run the Box.net-alias-to-copy-conversion tool as soon as possible. Also, HTTPS is now required for sites to access Box.net. See Box.net APIv1 migration for details.
API changes
MDL-41861, MDL-41882, MDL-41853,... - Generator tools have been backported.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-32862 - Links to 1.9 resource types work after upgrade to 2.2 followed by backup and restore.
MDL-40903 - Persistent cache is now split into logical parts.
MDL-41942 - Courses in categories no longer become invisible due to caching problem.
MDL-41352 - Mymobile theme no longer producing JavaScript error on course pages.
MDL-37528 - Block drag-and-drop issue resolved.
MDL-42542 - The Portfolio cron job is now working.
MDL-42619 - Error deleting a course link from the community block is fixed.
MDL-37877 - Automated backup failure is now reported.
* APACHE_USER and APACHE_GROUP are defined somewhere else; don't redefine these here.
* Don't depend on php-zlib as Moodle does not require this module.
* Faster installation using 'pax'.
* Auto-generare PLIST.
* Don't change owner/group of Moodle files; web-server should only be able to read them, and nothing more.
Upstream changes:
Releases > Moodle 2.5.2 release notes
Release date: 9 September 2013
Here is the full list of fixed issues in 2.5.2.
Contents [hide]
1 Highlights
2 Functional changes
3 API changes
4 Security issues
5 Fixes and improvements
6 See also
Highlights
MDL-30839 - Form validation and error recovery draws the user to where focus is needed.
MDL-27953 - Uploaded users can be added with authentication options other than Manual account or No login.
MDL-38707 - Folders displayed on course pages show their name.
Functional changes
MDL-40854 - Links to course activities/resources do not appear to users without appropriate view capabilities.
MDL-35981 - Confirmation is no longer needed after deleting a comment.
MDL-38707 - Folders displayed on course pages show their name.
MDL-41036 - Question category info is now edited using the HTML editor.
API changes
MDL-40176 - Mock form submission introduced for testing.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-37333 - Clicking "Clear theme caches" in Default theme selector redirects page to "Select theme for tablet device".
MDL-41106 - MUC session cache fixes were made.
MDL-36803 - TinyMCE editor now works better with iOS.
MDL-40891 - MUC cache purge works consistently when creating directories.
MDL-31487 - Grade items remain hidden if explicitly hidden via Gradebook (regardless of activity state).
Upstream changes:
2.5.1
Highlights
MDL-39824 - Simplification of themes
MDL-38434 - Functional tests added for the Chat activity
MDL-39723 - Two unnecessary course queries were removed from most pages
Functional changes
MDL-39790 - My Latest badges block appears on the course page
API changes
MDL-40137 - Correct naming of functions in theme/clean/lib.php
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-39778 - Course deletion now functions with badges.
MDL-40120 - Issue when recent PostgreSQL versions retrieve the number of records from course table fixed.
MDL-39697 - Bootstrap layouts now have 'Maintenance' layout and related options.
MDL-40065 - Bootstrap Theme only sends content to "side-pre" if necessary.
MDL-40088 - Can now edit course settings if course is in a hidden category.
MDL-39979 - Teachers no longer see errors when Show Activity Reports is set to yes.
MDL-39363 - SCORM pass/fail status is set for a grade of 0.
MDL-39227 - SCORM navigation panel is no longer hidden when a Bootstrap theme is active.
MDL-39177 - Overwriting files always observes the "alias" attribute.
MDL-33719 - When overwriting a copy of a file with an alias/shortcut of a file, the file thumbnail is refreshed.
MDL-40142 - No JavaScript error is caused by the navigation block in relation to course categories.
MDL-40289 - Badges capabilities now have correct risks, levels and archetypes. Note for sites which are upgrading from 2.5: See the section 'Upgrading from Moodle 2.5 to 2.5.1' in Upgrading for details of how to correctly set badge permissions for each role archetype.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
Upstream changes(since 2.4.0):
2.4.3
Regression fix
MDL-38474 - Teachers unable to access server files
Note: Moodle 2.4.3 is being released just one week after 2.4.2 in response to a serious regression being discovered in 2.4.2.
Other fixes
MDL-38303 - MUC: Session cache is adjusted accordingly when user logs in or out
MDL-38386 - Upgrade step for 24 and master adjusted
MDL-38332 - Browsing users paginates properly for multiples of 30 users
MDL-33424 - Images correctly restored from a 1.9 course quiz
MDL-34011 - Display of student attempts for Short Answer questions in Lessons is now correct
2.4.2
Highlights
MDL-32975 - There is an option to sort My Courses list alphabetically
MDL-36297 - HTML purifier strings are now cached
MDL-35074 - More students can now appear per page in the Grader Report
MDL-34435 - Actions in categories are now logged
Functional changes
MDL-30669 - Admins are warned before deleting 'Sticky' site-wide blocks in 2.2 accidentally through a course page
MDL-37894 - Not yet opened quizzes show close date as well as open date
MDL-35336 - Process for enabling statistics is now clearer
API changes
MDL-36363 - Removing a file store cache instance removes its folder too
MDL-31636 - Comments API allows plugins to set the date format
Security issues
MSA-13-0011 Calendar subscription capability issue
MSA-13-0012 Information leak in course profiles
MSA-13-0013 Server information revealed through exception messages
MSA-13-0014 Password revealed in WebDav repository
MSA-13-0015 Cross-site scripting issue in Filepicker
MSA-13-0016 External Entity Injection through Zend library
MSA-13-0017 Form manipulation issue in notes
MSA-13-0018 Personal information leak through repositories
MSA-13-0019 Unauthorised settings editing through WebDav repository
Fixes and improvements
Fixes for MUC - MDL-37683 MDL-37545 MDL-38110 MDL-38165
MDL-37792 - Conditional Resource based on a profile interest field now works when fields are empty
MDL-38173 - Adding modules to courses where completion is enabled no longer causes corruption
MDL-37847 - Plain text essays now show HTML special characters appropriately
MDL-37774 - Moodle 1.9 to 2.x course restore now works with directory resources
MDL-37563 - Assignment upgrade now includes conditional access settings
MDL-36757 - Editing an activity no longer reveals hidden grades
MDL-35780 - Participants page disclosure of email addresses is now consistent
MDL-35175 - Lesson now shows attempts if associated with a grouping
MDL-37710 - Students can access their own submitted files in a team submission assignment
MDL-38352 - Improved language strings added to the English language pack, the most noticeable being 'My Moodle' in the site admin settings renamed as My home
2.4.1
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
MSA-13-0010 - Failure to check capabilities in calendar
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-37165 - Assignment summary displays on Oracle
MDL-36963 - Automatic updates deployer needs checks directory permissions
Upstream changes:
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
Functional changes
MDL-35422 - To start writing their Workshop submissions, students now click a button labelled 'Start preparing your submission' instead of 'Submit'
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
MDL-36795 - In the default course settings, numsections is not limited to maxsections
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-35717 - Quiz cron not closing old attempts after quiz close date (also MDL-36842)
MDL-37165 - Assignment summary displays on Oracle
MDL-36668 - Performance issue resolved in viewing pages in Database activity
MDL-36760 - Numerical type quiz questions now work with frozen elements changes
MDL-36551 - Database presets retain advanced search template
MDL-33863 - Importing quiz questions into new course happens without error
MDL-36683 - It is now possible to duplicate a quiz when course question bank contains matching questions
Upstream changes:
Moodle 2.3.3 release notes
Highlights
MDL-35297 - Upgrading books from earlier versions now works correctly
MDL-21801 - References to the non-functional Powerpoint import option have been removed from the Lesson module
MDL-33166 - A capability has been introduced to consistently exempt specific users from forum auto-subscriptions and forced subscriptions
MDL-34607 - Folder resources now show files in sorted order
MDL-33646 - Viewing an empty book shows a friendly notice rather than an error messsage
Functional changes
MDL-34794 - Course reset now works with the new Assignment module
MDL-35370 - Blank answers in Cloze type quiz questions are treated accordingly, when an answer of zero is expected
MDL-33374 - When adding or updating a user profile, the action button displays 'Create user' and 'Update user' relatively
MDL-27786 - The title field of a new calendar event is now labelled "Event title" instead of "Name"
MDL-28235 - The close button on help dialogues have changed to provide greater accessibility. (Note: if debugging is turned on, a string error will appear during the upgrade process. This is expected and will be resolved once the upgrade process is complete.)
API changes
MDL-30667 - Maximum upload limits are enforced consistently in relation to various system variables
MDL-35395 - A method has been added so forms can work around form change checking when necessary
MDL-35442 - Local plugins now have settings and uninstall links on the plugins overview page
Security issues
MSA-12-0057 Access issue through repository
MSA-12-0058 Possible form data manipulation issue
MSA-12-0059 Information leak in Database activity module
MSA-12-0060 Cross-site scripting vulnerability in YUI2
MSA-12-0061 Remote code execution through Portfolio API
MSA-12-0062 Information leak in Database activity module
MSA-12-0063 Information leak in Check Permissions page
Fixes and improvements
MDL-35411 - Submissions and feedback are now saved with imported/restored assignments
MDL-35397 - Notifications page 'many other contributors' link leads to appropriate credits page
MDL-35726 - Feedback forms work correctly when grading a series of assignments
MDL-35754 - Quizzes in pop-up windows now work correctly
Approved by: obache@
Upstream changes:
Highlights
MDL-28557 Group event now appears to teachers, managers and administrators
MDL-33398 MDL-27368 Cron works when course completion is enabled
Functional changes
MDL-24401 Lesson string changes
MDL-33401 Managers can add blocks at the site level
Security issues
MSA-12-0042 File access issue in blocks
MSA-12-0043 Early information access issue in forum
MSA-12-0044 Capability check issue in forum subscriptions
MSA-12-0045 Injection potential in admin for repositories
MSA-12-0046 Insecure protocol redirection in LDAP authentication
MSA-12-0047 SQL injection potential in Feedback module
MSA-12-0048 Possible XSS in cohort administration
MSA-12-0049 Group restricted activity displayed to all users
MSA-12-0050 Potential DOS attack through database activity
Fixes and improvements
MDL-32866 Filemanager in private files now saves changes
MDL-33583 "Keep all" automated backups now works
MDL-33607 Add new wiki page no longer reports error writing to database
MDL-33603 Database activity entries are linked correctly
MDL-26892 Question images not lost during upgrade
MDL-29924 Glossary attachments appear in filter popups
Based on maintainer update request by PR 46498.
Upstream changes:
Highlights
* MDL-32431 Calendar events can be backed-up and restored
* MDL-29262 Moodle 2 backup_controllers table is no longer needlessly massive
Functional changes
* MDL-27862 Ability to unset a theme
* MDL-31835 Recent conversations link added when viewing a message
* MDL-27427 Option added to delete external blog entries
Security issues
* MSA-12-0024 Hidden information access issue
* MSA-12-0025 Personal communication access issue
* MSA-12-0026 Quiz capability issue
* MSA-12-0027 Question bank capability issues
* MSA-12-0028 Insecure authentication issue
* MSA-12-0029 Information editing access issue
* MSA-12-0030 Capability manipulation issue
* MSA-12-0031 Cross-site scripting vulnerability in Wiki
* MSA-12-0032 Cross-site scripting vulnerability in Web services
* MSA-12-0035 Cross-site scripting vulnerability in "download all"
* MSA-12-0036 Cross-site scripting vulnerability in category identifier
* MSA-12-0037 Write access issue in Database activity module
* MSA-12-0038 Calendar event write permission issue
Fixes and improvements
* MDL-32061 Backup fixed when there is a lesson with attempts in the course
* MDL-31008 CSS fixed to display dimmed objects
* MDL-30867 Lesson essay question formatting fixed
* MDL-31528 Breadcrumbs appearing consistently when editing is off
* MDL-31631 Caching fixed so deleted activities do not remain listed
* MDL-26674 Wiki Module activity logs activity fully
* MDL-31510 Students in groups see only assignments in the Gradebook according to their group allocation
* MDL-32141 Custom TinyMCE additions now work in Firefox 11
Upstream changes:
Highlights
MDL-27891 Tag flagging is now logged
Functional changes
MDL-31095 Quiz max grade maintained when adding and removing questions
MDL-30031 Quiz Adaptive mode ignores invalid answers without penalty
Security issues
MSA-12-0013 - Database activity export permission issue
MSA-12-0014 - Password and Web services issue
MSA-12-0015 - Backup and private files issue
MSA-12-0016 - Default repository capabilities issue
MSA-12-0017 - Personal information leak issue
MSA-12-0018 - Course information leak in Gradebook export
MSA-12-0019 - Overview report and hidden course issue
MSA-12-0020 - Forum subscription permission issue
MSA-12-0021 - Course information leak through tags
MSA-12-0022 - Security conflict in Web services
Fixes and improvements
MDL-31248 Change to RC4 encryption is now backwards compatible
- Note: all users will need to log in to set a new cookie after this update
MDL-31213 Problem with new password form was fixed
MDL-29254 Problem adding blog entries after an update from 1.9 was resolved
MDL-22896 Forum messages with ampersands are now sent correctly by email
MDL-27793 Login names now appear consistently in all themes across all languages
MDL-26037 When importing in a site with lots of courses, all courses are checked
MDL-30484 Regrading quiz causes essay attachments to disappear
MDL-28364 Correct import formats accepted when importing questions
MDL-31407 Quiz grades are saved properly when the submitter is not the user taking the quiz
MDL-31876, MDL-31495 Quiz performance improvements have been made
Fixes many security advisories, see below in the changelog.
Highlights
MDL-28710 - CSS class names have been added for rating div/span elements
enabling theming
MDL-29579 - Question text included in export of quiz statistics report in
Moodle 2.1
Functional changes
MDL-19147 - Single Simple forums are no longer targets for moving (and losing)
discussions
MDL-30273 - Students and teachers can add additional topics to a simple forum
discussion
Security issues
MSA-12-0001 - Recaptcha transmission consistency issue
MSA-12-0003 - Added password protection
MSA-12-0004 - Added profile image security
MSA-12-0005 - Encryption enhancement
MSA-12-0006 - Additional email address validation
MSA-12-0007 - Email injection prevention
MSA-12-0008 - Unsynchronised access via tokens
MSA-12-0009 - Role access issue
MSA-12-0010 - Unauthorised access to session key
MSA-12-0011 - Browser autofill password issue
MSA-12-0012 - Form validation issue
Fixes and improvements
MDL-30376 - Glossary RSS feed no longer generates error
MDL-30378 - Site page links fixed in Navigation blocks
MDL-30460 - Wiki image dropdown includes files with upper case suffixes
MDL-30466 - Writing to database fixed for restoring a course with uses course
completion
MDL-30569 - Editing the front page when defaulthomepage = mymoodle now works as
expected
MDL-28180 - Duplicating an assignment that has course completion enabled no
longer breaks course completion for the course
MDL-27314 - It is now possible to delete or regrade quiz attempts in separate
groups mode
MDL-29730 - Fixed Lesson question shortanswer with regexp option
MDL-30260 - Emailstop option fixed
Upstream highlights:
--------------------
Highlights
MDL-27037 - Wiki 2.0 respects 'visible groups' functionality
MDL-29960 - Dropbox repository now functioning with new API
Functional changes
MDL-27516 - RTL Theme fixes for Moodle 2
Security issues
MSA-11-0042 - Information leak in Wiki
MSA-11-0043 - Possible link redirect in Calendar
MSA-11-0044 - Expired identification information shown in Web services
MSA-11-0045 - Potential to masquerade through MNet
MSA-11-0047 - Possible injection attack in Calendar
MSA-11-0048 - Password loss issue
MSA-11-0050 - Backup capability issue
MSA-11-0051 - Authentication issue with Web services
MSA-11-0052 - Potential to exploit developer debugging scripts
MSA-11-0053 - Security and system administration conflict
MSA-11-0054 - Personal information leak
Fixes and improvements
MDL-28292 - Removed possibility to 'lose' a block by docking it
MDL-29542 - Lesson no longer gets corrupted after creating a new question
MDL-30010 - Core themes which have pagelayout problems when moving blocks have been fixed
MDL-27790 - Temporary course remains after restore
MDL-29529 - Fixed database error when assignments were sorted by status
MDL-30375 - Comments block no longer disappears when cancel is clicked
MDL-30398 - Lesson no longer accepts blank password
Upstream changes:
Highlights
MDL-28729 - Numerous multi-lang fixes and improvements
Functional changes
MDL-28410 - Allow a single option in a Choice activity
MDL-29394 - HTML editor format option selector hidden when there is only one option
MDL-23520 - Option added to allow deleting of a wiki page
Security issues:
MSA-11-0027 to MSA-11-0035, MSA-11-0039 to MSA-11-0041.
Fixes SA46427
See http://docs.moodle.org/dev/Moodle_2.1.2_release_notes for complete
release notes.
* Some general minor bugs fixed in different areas.
* Four security fixes (see below).
Some of these vulnerabilities are potentially serious so we strongly
recommend you upgrade.
Full details to be released soon.
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators
create effective online learning communities. You can use it on any
computer you have handy (including webhosts), yet it can scale from a
single-teacher site to a 40,000-student University.
