Upstream changes:
Major features
Highlights
MDL-29801 - Allow users to delete personal messages
MDL-27177 - Allow students to see each other's contact details in full profile without global permission if they are able to see each other's course profile
MDL-46455 - Backup/restore functionality with new logging system
MDL-46878 - Reset Dashboard for all users after changing the default Dashboard
Quiz
MDL-47494 - New question types from the UK Open University - Select missing words, Drag and drop into text, Drag and drop onto image and Drag and drop markers
MDL-38214 - New Cloze subquestion types with shuffling of answers - MCS, MCVS, MCHS
MDL-50217 - Question types sorted with common ones at the top
MDL-29771 - Interactive behaviour should show number of tries left in the Try again state
Forum
MDL-49682 - Make forum email template editable
MDL-46321 - Uninformative error when moving forum without first selecting destination
MDL-50993 - Timed discussions are now displayed to students in a logical order
MDL-50430 - Number of subscribers specified in forum subscriber list
Assignment
MDL-49176 - Assignment marking guide 'flattens' instructions for markers and students
MDL-49515 - Upgrade FPDI library in assignfeedback_editpdf to 1.5.4 to fix problems with PDF annotator on some files
MDL-50283 - Improve Rubric interface to include the ability to duplicate rows
Other activity modules
MDL-49028 - Wiki: Option to delete pages during course reset
MDL-40836 - File resource: New file resource setting option to display upload/modified date
MDL-26501 - Glossary: Do not allow to browse by author if author is never displayed
MDL-50673 - Workshop: display all participants on "Submission phase" page in a table
MDL-50664 - Database activity: add setting to disallow managing of own entries after approval
MDL-50658 - LTI: Add support for LTI Memberships service
MDL-49581 - Lesson: Remove high scores list feature
MDL-49882 - Lesson: Essay questions are not imported into the lesson Module
MDL-50720 - Database activity: Highlight database entries that are not yet approved.
User interface and usability improvements
MDL-51051 - Rename 'Categories and items' to 'Gradebook setup' and add link
MDL-51250 - Show default section name when editing section details with default checkbox being checked
MDL-49984 - Add visual blocks outlines to My profile page to help separate information
MDL-48947 - Collect all course section editing buttons under one "Edit" dropdown
MDL-51087 - Use client-side validation in the signup form
MDL-50113 - Improve display of long user and course names in Messaging
MDL-50919 - Simplify the Manage tags page, allow to quickly change name, flag and official status of the tags
MDL-51013 - Navbar button should appear for smaller screens only when the custom menu or language menu is not empty
MDL-51260 - Use the new autocomplete form field for tags
MDL-51296 - Add title to page when adding blog post
MDL-38763 - Permission override UI should use JS confirmation
MDL-29763 - Add description to Portfolio settings page
Atto editor
MDL-45515 - New table editing features in Atto editor
MDL-49732 - Keyboard interaction for hyperlink in Atto (Ctrl+K)
MDL-50936 - More Atto editor Maths equation buttons (sum, sqrt, int, etc.)
MDL-50142 - Text editor preferences help pop-up
Enrolments
MDL-30674 - Set guest access key from enrolment methods page
MDL-30157 - Allow users to start manual enrolments right now
MDL-49746 - Allow to sort enrolled users page by last course access
MDL-48074 - Group filter in enrolments list should have option "not in any group"
Administration
MDL-49329 - Multiple improvements in the plugins installation/update system including ability to install several plugins at the same time
MDL-49280 - New configuration setting to allow duplicate email addresses
MDL-51330 - Show scheduled tasks component in the cron log
MDL-51261 - Upgrade key - mechanism to protect anonymous web access to upgrade screens
MDL-50602 - New settings in Automated backup setup for deleting older backups and keeping a minimum number of backups
MDL-48438 - Add real name to email about login failures
MDL-30960 - New option in email settings to specify SSL or TLS (SMTPSecure property of PHPMailer)
MDL-46623, MDL-51824 - CAS and LDAP: Replace CLI script to synchronise users with a scheduled tasks
MDL-39319 - Allow administrator to uninstall several languages in one single action
MDL-50155 - Move and rename "Common activities settings" link to be under "Manage activities" for consistency
MDL-50631 - Display Moodle ASCII logo in CLI installer
MDL-46167 - New option for CLI installation: skip database
MDL-50572 - Disable YouTube repository by default since it requires setting up
MDL-51739 - Lock theme selector UI when $CFG->theme is hardcoded in config.php
MDL-51478 - Enable Mobile services by default for sites with https
MDL-19748 - Do not allow to edit tags in the default authenticated user role
MDL-46398 - Make HTML5 video the default player for capable videos
Other improvements
MDL-51132 - Introduce course tagging as a replacement for user-course-tagging in the "Tags" block. See upgrade documentation
MDL-41042 - Course contacts shown in course listings no longer lag by an hour
MDL-44273 - Back-off strategy for RSS feeds
MDL-45981 - CAS Auth Config needs way to specify that curl should use SSLv3.
MDL-49891 - Add description meta to frontpage
MDL-25451 - Go straight to "Permissions" from block context menu instead of "Assign roles" if they are not available
MDL-50647 - Add 'not in group' section to group overview page
MDL-50956 - Allow main menu block to be displayed "throughout the entire site"
MDL-28954 - Allow images and embedded files in the cohort descriptions
MDL-50371 - Use $CFG->gradepointdefault for new manual gradeitems and grade categories
Security issues
There are no new security issues since the Moodle 2.9.3 release on 9 November 2015.
For developers
MDL-46455 - Events must define fields mappings in order to be correctly restored (documentation)
MDL-50125 - Allow all plugins to inject links in the preferences page (documentation)
MDL-51247 - Revive / refresh / rebuild the autocomplete mform element.
MDL-50839 - Allow themes to set User menu avatar size (documentation)
MDL-48494 - Make $plugin->component required for all plugins
MDL-43896 - Drop support for $module in version.php files for Moodle 3.0
MDL-50645 - Cache the list of available callbacks per plugin
MDL-33564 - rss_error() should return a proper HTTP response code
MDL-37864 - New method to add help icons to the sortable table headers (documentation)
MDL-51737 - Add ability to detect MS Edge in our browser sniffing code
MDL-51213 - external_format_text should be safe to call from web or webservice (documentation)
MDL-51413 - Add an additional return field in get_forums_by_courses in order to specify if the current user can create discussions
MDL-51217 - Using recaptcha is not possible outside auth_email plugin.
MDL-51107 - Add a callback to inject nodes in the category settings navigation (documentation)
MDL-50891 - is_web_crawler should be moved to useragent class
MDL-50453 - Replace reserved word usage from \core\progress\null (PHP7)
MDL-50009 - Prevent scheduled tasks from leaving unfinished db transactions
MDL-49821 - Some Web Services miss checks for guest and deleted users
MDL-50926 - Upgrade to phpunit 4.x
MDL-50491 - New format_text option to exclude particular filters
MDL-50783 - Allow some ajax external functions to be called without a session
MDL-50150 - Add "Blocks" feature to JS and PHP mustache engines (documentation)
Upstream changes:
Highlights
MDL-42639 - Web service core_user_get_users_by_field should return username or idnumber to all managers
MDL-48861 - Assignment: "Need grading" filter is not working properly within grading overview
MDL-51552 - "Single View" bulk insert for empty grades no longer overwrites non-empty grades
MDL-51083 - Fixed undesired browser password autofilling in several forms (majority of forms were fixed in MDL-45772 in previous release)
MDL-36606 - AJAX Grader report now works correctly when uneditable cells are present
Functional changes
MDL-49545 - Teachers without capability to change course full or short name should not be able to do it during restore as well
MDL-50917 - Allow manager to access another user's preferences
MDL-50811 - Forum email replies update completion tracking information
MDL-51834 - Lock custom profile fields that are set to by synchronised with various auth plugins
MDL-44707 - Copy embedded files in HTML block when duplicating block (mostly affects adding HTML block with files to default Dashboard)
MDL-51467 - Changing course start date when resetting course now correctly adjusts Date Restrictions
MDL-43594 - Assignment: Resetting course start date now updates calendar events respectfully
UI changes
MDL-40710 - Better visualization of badges backpack icon
MDL-51290 - Make adding a photo to a profile more obvious
MDL-50207 - Fixed activity results block CSS not to overwrite table caption and work correctly with RTL
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-51514 - Performance improvement in one of regrading queries on MySQL
MDL-51498 - Improve performance for regrading gradebook
MDL-50805 - Performance improvement in cron Messaging Cleanup Task
MDL-50790 - Fixed problem with removing content of Reply to email feature in gmail
MDL-26429 - Added missing criteria icons to completion report
MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF
MDL-46710 - LTI module correctly tracks completion when opened in a new window
MDL-46497 - Atto: clicking RTL button and then LTR button should not add additional HTML tags
MDL-49032 - RFC2445_WSP defined incorrectly for Bennu iCal.
MDL-50892 - Fixed errors appearing when resource or activity was named '0' (zero)
MDL-51390 - Badges: fixed connection to external backpack
MDL-50079 - Atto: Fixed bug when user was unable to select "open in new window" when linking to the file from repository
MDL-48881 - Fixed bug with lesson not always showing student attempts
Oked by wiz@
Upstream changes:
Moodle 2.9.2
Highlights
MDL-50062 - Changing grading category aggregation method no longer results in unexpected "Extra credit" items
MDL-34938 - Enrolment expiration dates are now respected in meta course enrolments
MDL-35148 - Course/Category themes are respected when viewing website on tablets or mobile devices
MDL-45772 - Forms such as "Create new group" are no longer populated with passwords and usernames by the browsers
UI changes
MDL-37832 - Course overview block on "My" ("Dashboard") page indicates that activities are expandable/collapsible
MDL-46860 - Filepicker is displayed correctly inside Manage Files popup in Atto
MDL-49536 - "Clean" and "More" theme's logo removes all header information.
MDL-45841 - Blog-style forums better indicate unread posts
MDL-50293 - File name wraps properly in the Navigation block
MDL-50323 - Unordered lists are styled in course sections properly
MDL-50869 - Increased contract of warning colours for AA accessibility
MDL-50801 - Allow to set the caption side in Atto table
MDL-50525 - Improve placement of preventsubmissionnotingroup on settings page
Functional changes
MDL-49826 - Single view now requires capability moodle/grade:edit and not moodle/grade:manage
MDL-35027 - Forum's subscribers list shows participants with no access to forum
MDL-51179 - Atto autosave restore is disabled if the content is modified by somebody else
MDL-49629 - Possible to specify icon URL for a named external tool
MDL-50868 - Allow to use ruby tags
API changes
MDL-49085 - Block tag_youtube is converted to the new YouTube API
MDL-49360 - Function get_local_referer() should be used rather than HTTP_REFERER directly
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-46232 - Fixed "Only lowercase letters allowed" error on deleting users with empty email
MDL-30315 - Uploading feedback from CSV no longer overrides local assigned grades
MDL-50446 - Main menu block no longer throws error if there is a resource to be opened in a new window
MDL-49440 - Date picker correctly displays names for week days in all locales
MDL-42670 - Recent activity block no longer shows student name when assignment blind marking is on
MDL-49864 - Assignment PDF Pen annotations are always visible even if there are draft pen annotations
MDL-43785 - Corrected error message text about expired sessions when clicking on AJAX elements such as expanding admin menu
MDL-44962 - Fixed error when using HTML tags inside wiki headers
MDL-50649 - Optimised database query for Course Participation report
MDL-50714 - Posting in a forum does not unnecessarily require capability 'mod/forum:movediscussions'
MDL-50799 - Improve question bank "questions per page" string behaviou
Upstream changes:
Moodle-2.9.1
Highlights
A lot of work has been done in dealing with unexpected grade changes in the gradebook which some users have experienced when upgrading from Moodle 2.7 to 2.8 or 2.9. See the user documentation Grades min max and Gradebook calculation changes for details.
MDL-48618 - Dealing with unexpected changes to grades after upgrading to Moodle 2.8
MDL-49257 - Adjusting weights when extra credit item is present causes unexpected behaviour
MDL-48239 - Changing the maximum grade of items with calculation to the value different from 100
Another release highlight is the introduction of the authorised access to the YouTube repository. After upgrading you will need to enter an API key from YouTube into your site's YouTube repository settings.
MDL-50176 - Authenticated access to the YouTube repository
Functional changes
MDL-50089 - Gradebook export now respects aggregate only non-empty grades for percentage and letter
MDL-48467 - Atto: Clean the html even if submitting the form when Atto is in html view mode
API changes
MDL-49022 - sync_users must trigger event core\event\user_updated
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-50177 - Upgrading assignments in 2.7/2.8 works even when conditional access is used
MDL-39353 - Connection to a hub from behind a proxy server
MDL-49742 - Enrolled users page no longer displays sorting by fields that are not used in user identity
MDL-47787 - After deleting a quiz, its question categories and questions remain in the database
MDL-49764 - Fixed gradebook UI inconsistencies in Internet Explorer
MDL-49885 - The course overview block can now be added to Dashboard
MDL-50675 - Display Wikimedia repository thumbnails (caused by the change in Wikimedia API)
MDL-50091 - Fixed fatal error in gradebook singleview after a module has been uninstalled
MDL-48664 - Messaging contacts paging bar no longer expands and overlaps other text
MDL-50092 - User unenrollment is now working with IMS Enterprise
MDL-49560 - SOAP web service now works with token
MDL-50004 - Fix coursename and enrolment icons in category combo on Frontpage
MDL-50646 - Site default language should be set as the language for new users
MDL-50394 - Grade to pass no longer throws an error when a decimal point separator is used
MDL-50276 - Added missing new line separator in plain text e-mails from the forum
MDL-49061 - The activity completion report in a course correctly shortens headers when multi language filter is used
MDL-50275 - Added missing version bump after risk bitmap change in MDL-49941
MDL-50380 - Fixed missing parameter error when editing files in wiki
Upstream changes:
Highlights
MDL-35392 - Feedback from module assign is now always shown in the gradebook
MDL-31036 - No more truncating characters in assignment quick grading
MDL-46626 - Log report export no longer contains html
MDL-23273 - Limit of responses in choice module is respected in case of synchronous submissions
Functional changes
MDL-31578 - Shibboleth can map attributes for all Moodle fields including custom attributes
MDL-47911 - Performance improvement on gradebook operations
MDL-49240 - Web service core_get_string now functions correctly
MDL-45621 - It is possible to uninstall portfolio plugins
MDL-48670 - Standard behat tests now work properly regardless of user timezone
UI changes
MDL-48533 - Backup report now links to the individual course backup summaries
MDL-49064 - left-align css class now has an RTL equivalent in bootstrap base
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-42138 - Required custom profile fields are always required on signup form even when user has logged in as guest
MDL-49059 - Possible to embed YouTube videos with start time or playlist info
MDL-48544 - Block region no longer disappears if all blocks in it were hidden
MDL-48841 - Fixed bug with not being able to reset scheduled task to defaults
MDL-49167 - Fixed regression with $CFG->yuislasharguments introduced by previous minor release
MDL-47953 - Grader report shows correct number of students per page when suspended users are present
MDL-48294 - enablemobilewebservice is no longer duplicated in Site admin
MDL-48679 - Fixed bug with missing grade export URL when using grade publishing
Upstream changes:
Moodle-2.8.3
Highlights
MDL-47935 - Atto Autosave message no longer covers text you are editing
MDL-44560 - Pagination in glossary category works correctly when entries have multiple categories
MDL-47792 - Course and Activity Completion Reports display vertical text without truncating
Functional changes
MDL-43386 - Lesson grade essay responses preserve HTML formatting
MDL-14730 - Allow linking to pages inside a lesson
MDL-47761 - Explanation is given to the users why they are unable to enrol in the course
MDL-47871 - Event monitor: Teacher can duplicate System rule
UI changes
MDL-44907 - Better styling of admin setting validation messages in bootstrapbase
MDL-48596 - Lesson editing page has correct layout used by other editing pages and does not obstruct page with blocks
MDL-47166 - Atto: outdent button is shown first followed by indent button
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-48765 - Improved icon alignment on course enrolment methods page
MDL-40285 - When assignment is submitted by one team member it is shown as submitted for all team members
MDL-38142 - User forum posts page no longer displays error for the hidden course
MDL-36877 - Final lesson page is displayed when course setting "Show gradebook to students" is set to "No"
MDL-48073 - Group filter is preserved when moving to next page of enrolled users
MDL-40326 - Course reset also resets lesson progress bar
MDL-48383 - Cron no longer warns about disabled enrol_imsenterprise after each scheduled task
MDL-48914 - Roles assignment page does not display user select if there are too many users preventing from php memory error
Upstream changes:
Release date: 12 January, 2015
Here is the full list of fixed issues in 2.8.2.
CONTENTS [hide]
1 Highlights
2 Functional changes
3 API changes
4 UI changes
5 Security issues
6 Fixes and improvements
7 See also
Highlights
MDL-40241 - Default Manager and Teacher role are able to manually mark course as completed
MDL-46442 - Notifications about assignment re-submissions are sent
MDL-43462 - EditPDF correctly shows landscape PDFs
MDL-43679 - Clicking link to Moodle in MS Word no longer results "You are already logged in" message
Functional changes
MDL-42717 - Ensure automated backup files are deleted when an error occurs because of directory permissions
MDL-47601 - Ensure old automated backups are deleted including the case when file name is renamed from language string
MDL-48023 - Changed "Cache-control: private" to "public" on public static files to increase performance
MDL-48224 - In the Task API, each adhoc and scheduled task now has it's own SMTP buffer, and the legacy cron has one buffer for all tasks. Previously scheduled tasks had no buffer, and the legacy cron had a buffer only for tasks of activity modules.
MDL-33606 - Make distinction between all section course view and a single section course view log entry
API changes
MDL-44657 - No more Javascript error when the form class is namespaced
MDL-22309 - get_role_users() works correctly when a user is assigned more than one role
MDL-48697 - Completion directory is recognized by Moodle as a valid component directory
MDL-48495 - Limit protocols supported by curl by default
UI changes
MDL-35078 - End date for self enrolment on the bulk enrolment form now also contains time
MDL-42501 - Added help about deleting grades in the course reset form
MDL-48206 - Wider textarea for the comments in the comments block
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-40097 - Course completion role criteria no longer causes fatal error
MDL-35494 - User is able to restore an activity even when they own only one course
MDL-20304 - Practice lesson does not appear in Gradebook [Patch]
MDL-45324 - Grading notifications are not sent before the grades are released to students
MDL-47133 - Keyboard shortcuts in Atto do not interfere with regional keyboard settings
MDL-37704 - Possible to lock Description field in users' profiles
MDL-36240 - Calendar events from activities are restored even without user data
MDL-14908 - Parent Role can view courses for students that are in groups
MDL-46472 - Fixed upgrade loop caused by undeletable themes
MDL-31822 - Non-default section name is shown at the site level
MDL-47475 - PDF annotation is visible by all students in the team and not only by the one who made a submission
MDL-47993, MDL-48088 - Correctly parse dates with timezones when importing from Microsoft calendar
MDL-48150 - Fixed a bug whereby only the first post in a forum was sent with the correct headers on each run of cron
MDL-48288, MDL-48191 - Grader report's floating headers work correctly when email or average row is hidden
MDL-48179 - Backup progress no longer times out when compressing large backup
MDL-48164 - 'Reply to email' does not result in out-of-office replies posted in forum
Upstream changes:
Moodle 2.8.1 release notes
Release date: 13 November 2014
Here is the full list of fixed issues in 2.8.1.
Regression fixes
MDL-48204 - Syntax error in mod/wiki/admin.php -- Note: this is the regression that lead to Moodle 2.8.1 being released a few days after 2.8.
MDL-48168 - It should be possible to edit the overall max grade after a quiz has been attempted
MDL-48156 - Schedule task manager misinterprets core\plugininfo\base::is_enabled()
Other fixes
MDL-48093 - HTML 5 video: Firefox now supports .mp4
MDL-47391 - Default profile page uses page-layout "mydashboard" instead of "mypublic"
MDL-39692 - Letter boundary cannot be deleted
MDL-39376 - performance problem while calling admin setting page in case of large amount of categories
MDL-30968 - Group hyper-link in Forum view links to list of all participants
Upstream changes:
Highlights
MDL-45780 - Atto now working with form change checker and quiz autosave
MDL-46748 - Mathjax address that changed, that caused Atto to fail to load, has been updated in Moodle
MDL-35984 - Gradebook Sum of grades shows correct total if items are hidden
Functional changes
MDL-45724 - Warning given when the same memcached instance is used for both sessions and MUC
MDL-46681 - For Multiple choices questions in the quiz / question bank, the options "Clear incorrect responses" and "Show the number of correct responses" did not make sense for "One answer only" questions. It is now impossible to select that combination of options on the form.
Security issues
MSA-14-0033 URL parameter injection in CAS authentication
MSA-14-0034 Identity information revealed early in Q&A forum
Fixes and improvements
MDL-37509 - Description of assignment hidden in calendar if "always show description" = NO
MDL-46545 - Weekly stats now working again
MDL-46589 - Automatic emails now sent after users import from CSV
MDL-43197 - Parent role only sees course total and no longer individual grades
MDL-46236 - Start New Attempt option is now followed if SCORM is set to appear in a popup
Approved by: wiz@
Upstream changes:
2.7.1
Highlights
MDL-41383 - File picker works when zooming in and out of browser
MDL-45580 - PDF Annotations working with multiple attempts
Functional changes
MDL-43274 - Course logs can no longer be deleted when course is reset
API changes
MDL-44871 - Behat tests written for Atto functionalities
MDL-43669 - Configuration option added so that mail can be sent from noreply address exclusively
UI changes
MDL-45599 - The term 'add-on' is changed to 'plugin'
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-44124 - iCal import recurrence rules working consistently
MDL-45579 - Duplicate group enrolment keys for the same course are no longer allowed
MDL-45682 - Can now insert images using Chrome
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
Upstream changes:
Moodle 2.5.6 release notes
Release date: 12 May, 2014
Here is the full list of fixed issues in 2.5.6.
Functional changes
MDL-43985 - Checkbox added to control sending of feedback when grading Assignment (backport of MDL-33600)
Security issues
MSA-14-0014 Cross-site request forgery possible in Assignment
MSA-14-0015 Web service token expiry issue for MoodleMobile
MSA-14-0016 Anonymous student identity revealed in Assignment
MSA-14-0017 File access issue in HTML block
MSA-14-0019 Reflected XSS in URL downloader repository
Fixes and improvements
MDL-45119 - When student opens assignment feedback PDF no error messages are shown
MDL-41551 - Block drag-drop fixed for Clean theme on My Home page
MDL-44936 - CSS chunking is now more reliable on IE
MDL-45154 - Warnings and errors in user profile page fixed
MDL-43721 - Poor performance on Assignment grading page fixed
Approved by: wiz@
Upstream changes:
2.5.5
Highlights
MDL-43733 - Auto-saved responses are used when a quiz attempt is submitted automatically
MDL-27414 - Random short answer matching question type now works again (with thanks to Jean-Michel Védrine)
Functional changes
MDL-40821 - Language menu in Clean shows language used
API changes
MDL-43882 - "Time spent waiting for the database" value added to performance info
UI changes
MDL-44425 - Skydrive, Box.net and Google Docs are renamed OneDrive, Box and Google Drive respectively to reflect these remote service name changes.
Security issues
MSA-14-0004 Incorrect filtering in Quiz
MSA-14-0005 Access issue in Feedback activity
MSA-14-0006 Capability issue in Chat
MSA-14-0007 Access issue in Wiki
MSA-14-0008 Cross site scripting potential in Flowplayer
MSA-14-0009 Identity information leak in Forum and Quiz
MSA-14-0010 Identity information leak in Alfresco Repository
MSA-14-0011 Cross site request forgery potential in IMS enrolments
MSA-14-0012 Access issue in Badges
Fixes and improvements
MDL-40705 - Long course names are truncated in navigation menu
MDL-40205 - Long block titles are truncated in Clean
MDL-42882 - Performance improvement to missing root directory upgrade step
MDL-40849 - Assignment marking guide screen fixed in Clean
MDL-44217 - The link colour in Bootstrapbase (and Clean) is now WCAG compliant
MDL-44029 - Quiz user overrides no longer deleted by group event handler
MDL-44018 - Variant field of question_attempts is backed up by Moodle backup
MDL-43941 - Activity show/hide toggle fixed in hidden and orphaned sections
MDL-43306 - Backup no longer introduces duplicate gradeitem sortorders when restoring
2.5.4
Highlights
MDL-41819 - Able to edit a larger number of grades in the grader report
Functional changes
MDL-42504 - Quiz auto-save detects that the connection to the server has been lost and warns students
API changes
MDL-40741 - Behat tests adapted to Clean theme
MDL-42942 - Environmental information shown at the beginning of every Behat run
Security issues
MSA-14-0001 Config passwords visibility issue
MSA-14-0002 Group constraints lacking in "login as"
MSA-14-0003 Cross-site request forgery vulnerability in profile fields
Fixes and improvements
MDL-34182 - Invalid JSON no longer output on filepicker when repository plugins output invalid content
MDL-43367 - get_child_contexts() returns correct contexts when context path missing
MDL-42913 - Group cache works as expected
MDL-40003 - Assignment submission comments are restored
MDL-42085 - Default enrolment duration is now applied when manually enrolling a user
Upstream changes:
Highlights
MDL-41252 - Accessibility improvements to course page.
MDL-34209 - Moving sections by drag and drop reorders sections correctly.
MDL-29987 - Embedded PDF files behave correctly.
Functional changes
MDL-42069 - Option to sort by last name in Quiz grading report.
MDL-38267 - Submit button is not shown after cut-off date in Assignment.
MDL-22669 - When restoring a larger course over a smaller one, the number of sections is maintained.
MDL-42666 and MDL-42668 - The Box.net repository and Box.net portfolio have been updated to use Box.net API v2. Moodle sites which have used the Box.net repository previously need to run the Box.net-alias-to-copy-conversion tool as soon as possible. Also, HTTPS is now required for sites to access Box.net. See Box.net APIv1 migration for details.
API changes
MDL-41861, MDL-41882, MDL-41853,... - Generator tools have been backported.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-32862 - Links to 1.9 resource types work after upgrade to 2.2 followed by backup and restore.
MDL-40903 - Persistent cache is now split into logical parts.
MDL-41942 - Courses in categories no longer become invisible due to caching problem.
MDL-41352 - Mymobile theme no longer producing JavaScript error on course pages.
MDL-37528 - Block drag-and-drop issue resolved.
MDL-42542 - The Portfolio cron job is now working.
MDL-42619 - Error deleting a course link from the community block is fixed.
MDL-37877 - Automated backup failure is now reported.
* APACHE_USER and APACHE_GROUP are defined somewhere else; don't redefine these here.
* Don't depend on php-zlib as Moodle does not require this module.
* Faster installation using 'pax'.
* Auto-generare PLIST.
* Don't change owner/group of Moodle files; web-server should only be able to read them, and nothing more.
Upstream changes:
Releases > Moodle 2.5.2 release notes
Release date: 9 September 2013
Here is the full list of fixed issues in 2.5.2.
Contents [hide]
1 Highlights
2 Functional changes
3 API changes
4 Security issues
5 Fixes and improvements
6 See also
Highlights
MDL-30839 - Form validation and error recovery draws the user to where focus is needed.
MDL-27953 - Uploaded users can be added with authentication options other than Manual account or No login.
MDL-38707 - Folders displayed on course pages show their name.
Functional changes
MDL-40854 - Links to course activities/resources do not appear to users without appropriate view capabilities.
MDL-35981 - Confirmation is no longer needed after deleting a comment.
MDL-38707 - Folders displayed on course pages show their name.
MDL-41036 - Question category info is now edited using the HTML editor.
API changes
MDL-40176 - Mock form submission introduced for testing.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-37333 - Clicking "Clear theme caches" in Default theme selector redirects page to "Select theme for tablet device".
MDL-41106 - MUC session cache fixes were made.
MDL-36803 - TinyMCE editor now works better with iOS.
MDL-40891 - MUC cache purge works consistently when creating directories.
MDL-31487 - Grade items remain hidden if explicitly hidden via Gradebook (regardless of activity state).
Upstream changes:
2.5.1
Highlights
MDL-39824 - Simplification of themes
MDL-38434 - Functional tests added for the Chat activity
MDL-39723 - Two unnecessary course queries were removed from most pages
Functional changes
MDL-39790 - My Latest badges block appears on the course page
API changes
MDL-40137 - Correct naming of functions in theme/clean/lib.php
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-39778 - Course deletion now functions with badges.
MDL-40120 - Issue when recent PostgreSQL versions retrieve the number of records from course table fixed.
MDL-39697 - Bootstrap layouts now have 'Maintenance' layout and related options.
MDL-40065 - Bootstrap Theme only sends content to "side-pre" if necessary.
MDL-40088 - Can now edit course settings if course is in a hidden category.
MDL-39979 - Teachers no longer see errors when Show Activity Reports is set to yes.
MDL-39363 - SCORM pass/fail status is set for a grade of 0.
MDL-39227 - SCORM navigation panel is no longer hidden when a Bootstrap theme is active.
MDL-39177 - Overwriting files always observes the "alias" attribute.
MDL-33719 - When overwriting a copy of a file with an alias/shortcut of a file, the file thumbnail is refreshed.
MDL-40142 - No JavaScript error is caused by the navigation block in relation to course categories.
MDL-40289 - Badges capabilities now have correct risks, levels and archetypes. Note for sites which are upgrading from 2.5: See the section 'Upgrading from Moodle 2.5 to 2.5.1' in Upgrading for details of how to correctly set badge permissions for each role archetype.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
Upstream changes(since 2.4.0):
2.4.3
Regression fix
MDL-38474 - Teachers unable to access server files
Note: Moodle 2.4.3 is being released just one week after 2.4.2 in response to a serious regression being discovered in 2.4.2.
Other fixes
MDL-38303 - MUC: Session cache is adjusted accordingly when user logs in or out
MDL-38386 - Upgrade step for 24 and master adjusted
MDL-38332 - Browsing users paginates properly for multiples of 30 users
MDL-33424 - Images correctly restored from a 1.9 course quiz
MDL-34011 - Display of student attempts for Short Answer questions in Lessons is now correct
2.4.2
Highlights
MDL-32975 - There is an option to sort My Courses list alphabetically
MDL-36297 - HTML purifier strings are now cached
MDL-35074 - More students can now appear per page in the Grader Report
MDL-34435 - Actions in categories are now logged
Functional changes
MDL-30669 - Admins are warned before deleting 'Sticky' site-wide blocks in 2.2 accidentally through a course page
MDL-37894 - Not yet opened quizzes show close date as well as open date
MDL-35336 - Process for enabling statistics is now clearer
API changes
MDL-36363 - Removing a file store cache instance removes its folder too
MDL-31636 - Comments API allows plugins to set the date format
Security issues
MSA-13-0011 Calendar subscription capability issue
MSA-13-0012 Information leak in course profiles
MSA-13-0013 Server information revealed through exception messages
MSA-13-0014 Password revealed in WebDav repository
MSA-13-0015 Cross-site scripting issue in Filepicker
MSA-13-0016 External Entity Injection through Zend library
MSA-13-0017 Form manipulation issue in notes
MSA-13-0018 Personal information leak through repositories
MSA-13-0019 Unauthorised settings editing through WebDav repository
Fixes and improvements
Fixes for MUC - MDL-37683 MDL-37545 MDL-38110 MDL-38165
MDL-37792 - Conditional Resource based on a profile interest field now works when fields are empty
MDL-38173 - Adding modules to courses where completion is enabled no longer causes corruption
MDL-37847 - Plain text essays now show HTML special characters appropriately
MDL-37774 - Moodle 1.9 to 2.x course restore now works with directory resources
MDL-37563 - Assignment upgrade now includes conditional access settings
MDL-36757 - Editing an activity no longer reveals hidden grades
MDL-35780 - Participants page disclosure of email addresses is now consistent
MDL-35175 - Lesson now shows attempts if associated with a grouping
MDL-37710 - Students can access their own submitted files in a team submission assignment
MDL-38352 - Improved language strings added to the English language pack, the most noticeable being 'My Moodle' in the site admin settings renamed as My home
2.4.1
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
MSA-13-0010 - Failure to check capabilities in calendar
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-37165 - Assignment summary displays on Oracle
MDL-36963 - Automatic updates deployer needs checks directory permissions
Upstream changes:
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
Functional changes
MDL-35422 - To start writing their Workshop submissions, students now click a button labelled 'Start preparing your submission' instead of 'Submit'
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
MDL-36795 - In the default course settings, numsections is not limited to maxsections
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-35717 - Quiz cron not closing old attempts after quiz close date (also MDL-36842)
MDL-37165 - Assignment summary displays on Oracle
MDL-36668 - Performance issue resolved in viewing pages in Database activity
MDL-36760 - Numerical type quiz questions now work with frozen elements changes
MDL-36551 - Database presets retain advanced search template
MDL-33863 - Importing quiz questions into new course happens without error
MDL-36683 - It is now possible to duplicate a quiz when course question bank contains matching questions
Upstream changes:
Moodle 2.3.3 release notes
Highlights
MDL-35297 - Upgrading books from earlier versions now works correctly
MDL-21801 - References to the non-functional Powerpoint import option have been removed from the Lesson module
MDL-33166 - A capability has been introduced to consistently exempt specific users from forum auto-subscriptions and forced subscriptions
MDL-34607 - Folder resources now show files in sorted order
MDL-33646 - Viewing an empty book shows a friendly notice rather than an error messsage
Functional changes
MDL-34794 - Course reset now works with the new Assignment module
MDL-35370 - Blank answers in Cloze type quiz questions are treated accordingly, when an answer of zero is expected
MDL-33374 - When adding or updating a user profile, the action button displays 'Create user' and 'Update user' relatively
MDL-27786 - The title field of a new calendar event is now labelled "Event title" instead of "Name"
MDL-28235 - The close button on help dialogues have changed to provide greater accessibility. (Note: if debugging is turned on, a string error will appear during the upgrade process. This is expected and will be resolved once the upgrade process is complete.)
API changes
MDL-30667 - Maximum upload limits are enforced consistently in relation to various system variables
MDL-35395 - A method has been added so forms can work around form change checking when necessary
MDL-35442 - Local plugins now have settings and uninstall links on the plugins overview page
Security issues
MSA-12-0057 Access issue through repository
MSA-12-0058 Possible form data manipulation issue
MSA-12-0059 Information leak in Database activity module
MSA-12-0060 Cross-site scripting vulnerability in YUI2
MSA-12-0061 Remote code execution through Portfolio API
MSA-12-0062 Information leak in Database activity module
MSA-12-0063 Information leak in Check Permissions page
Fixes and improvements
MDL-35411 - Submissions and feedback are now saved with imported/restored assignments
MDL-35397 - Notifications page 'many other contributors' link leads to appropriate credits page
MDL-35726 - Feedback forms work correctly when grading a series of assignments
MDL-35754 - Quizzes in pop-up windows now work correctly
Approved by: obache@
Upstream changes:
Highlights
MDL-28557 Group event now appears to teachers, managers and administrators
MDL-33398 MDL-27368 Cron works when course completion is enabled
Functional changes
MDL-24401 Lesson string changes
MDL-33401 Managers can add blocks at the site level
Security issues
MSA-12-0042 File access issue in blocks
MSA-12-0043 Early information access issue in forum
MSA-12-0044 Capability check issue in forum subscriptions
MSA-12-0045 Injection potential in admin for repositories
MSA-12-0046 Insecure protocol redirection in LDAP authentication
MSA-12-0047 SQL injection potential in Feedback module
MSA-12-0048 Possible XSS in cohort administration
MSA-12-0049 Group restricted activity displayed to all users
MSA-12-0050 Potential DOS attack through database activity
Fixes and improvements
MDL-32866 Filemanager in private files now saves changes
MDL-33583 "Keep all" automated backups now works
MDL-33607 Add new wiki page no longer reports error writing to database
MDL-33603 Database activity entries are linked correctly
MDL-26892 Question images not lost during upgrade
MDL-29924 Glossary attachments appear in filter popups
Based on maintainer update request by PR 46498.
Upstream changes:
Highlights
* MDL-32431 Calendar events can be backed-up and restored
* MDL-29262 Moodle 2 backup_controllers table is no longer needlessly massive
Functional changes
* MDL-27862 Ability to unset a theme
* MDL-31835 Recent conversations link added when viewing a message
* MDL-27427 Option added to delete external blog entries
Security issues
* MSA-12-0024 Hidden information access issue
* MSA-12-0025 Personal communication access issue
* MSA-12-0026 Quiz capability issue
* MSA-12-0027 Question bank capability issues
* MSA-12-0028 Insecure authentication issue
* MSA-12-0029 Information editing access issue
* MSA-12-0030 Capability manipulation issue
* MSA-12-0031 Cross-site scripting vulnerability in Wiki
* MSA-12-0032 Cross-site scripting vulnerability in Web services
* MSA-12-0035 Cross-site scripting vulnerability in "download all"
* MSA-12-0036 Cross-site scripting vulnerability in category identifier
* MSA-12-0037 Write access issue in Database activity module
* MSA-12-0038 Calendar event write permission issue
Fixes and improvements
* MDL-32061 Backup fixed when there is a lesson with attempts in the course
* MDL-31008 CSS fixed to display dimmed objects
* MDL-30867 Lesson essay question formatting fixed
* MDL-31528 Breadcrumbs appearing consistently when editing is off
* MDL-31631 Caching fixed so deleted activities do not remain listed
* MDL-26674 Wiki Module activity logs activity fully
* MDL-31510 Students in groups see only assignments in the Gradebook according to their group allocation
* MDL-32141 Custom TinyMCE additions now work in Firefox 11
Upstream changes:
Highlights
MDL-27891 Tag flagging is now logged
Functional changes
MDL-31095 Quiz max grade maintained when adding and removing questions
MDL-30031 Quiz Adaptive mode ignores invalid answers without penalty
Security issues
MSA-12-0013 - Database activity export permission issue
MSA-12-0014 - Password and Web services issue
MSA-12-0015 - Backup and private files issue
MSA-12-0016 - Default repository capabilities issue
MSA-12-0017 - Personal information leak issue
MSA-12-0018 - Course information leak in Gradebook export
MSA-12-0019 - Overview report and hidden course issue
MSA-12-0020 - Forum subscription permission issue
MSA-12-0021 - Course information leak through tags
MSA-12-0022 - Security conflict in Web services
Fixes and improvements
MDL-31248 Change to RC4 encryption is now backwards compatible
- Note: all users will need to log in to set a new cookie after this update
MDL-31213 Problem with new password form was fixed
MDL-29254 Problem adding blog entries after an update from 1.9 was resolved
MDL-22896 Forum messages with ampersands are now sent correctly by email
MDL-27793 Login names now appear consistently in all themes across all languages
MDL-26037 When importing in a site with lots of courses, all courses are checked
MDL-30484 Regrading quiz causes essay attachments to disappear
MDL-28364 Correct import formats accepted when importing questions
MDL-31407 Quiz grades are saved properly when the submitter is not the user taking the quiz
MDL-31876, MDL-31495 Quiz performance improvements have been made
Fixes many security advisories, see below in the changelog.
Highlights
MDL-28710 - CSS class names have been added for rating div/span elements
enabling theming
MDL-29579 - Question text included in export of quiz statistics report in
Moodle 2.1
Functional changes
MDL-19147 - Single Simple forums are no longer targets for moving (and losing)
discussions
MDL-30273 - Students and teachers can add additional topics to a simple forum
discussion
Security issues
MSA-12-0001 - Recaptcha transmission consistency issue
MSA-12-0003 - Added password protection
MSA-12-0004 - Added profile image security
MSA-12-0005 - Encryption enhancement
MSA-12-0006 - Additional email address validation
MSA-12-0007 - Email injection prevention
MSA-12-0008 - Unsynchronised access via tokens
MSA-12-0009 - Role access issue
MSA-12-0010 - Unauthorised access to session key
MSA-12-0011 - Browser autofill password issue
MSA-12-0012 - Form validation issue
Fixes and improvements
MDL-30376 - Glossary RSS feed no longer generates error
MDL-30378 - Site page links fixed in Navigation blocks
MDL-30460 - Wiki image dropdown includes files with upper case suffixes
MDL-30466 - Writing to database fixed for restoring a course with uses course
completion
MDL-30569 - Editing the front page when defaulthomepage = mymoodle now works as
expected
MDL-28180 - Duplicating an assignment that has course completion enabled no
longer breaks course completion for the course
MDL-27314 - It is now possible to delete or regrade quiz attempts in separate
groups mode
MDL-29730 - Fixed Lesson question shortanswer with regexp option
MDL-30260 - Emailstop option fixed
Upstream highlights:
--------------------
Highlights
MDL-27037 - Wiki 2.0 respects 'visible groups' functionality
MDL-29960 - Dropbox repository now functioning with new API
Functional changes
MDL-27516 - RTL Theme fixes for Moodle 2
Security issues
MSA-11-0042 - Information leak in Wiki
MSA-11-0043 - Possible link redirect in Calendar
MSA-11-0044 - Expired identification information shown in Web services
MSA-11-0045 - Potential to masquerade through MNet
MSA-11-0047 - Possible injection attack in Calendar
MSA-11-0048 - Password loss issue
MSA-11-0050 - Backup capability issue
MSA-11-0051 - Authentication issue with Web services
MSA-11-0052 - Potential to exploit developer debugging scripts
MSA-11-0053 - Security and system administration conflict
MSA-11-0054 - Personal information leak
Fixes and improvements
MDL-28292 - Removed possibility to 'lose' a block by docking it
MDL-29542 - Lesson no longer gets corrupted after creating a new question
MDL-30010 - Core themes which have pagelayout problems when moving blocks have been fixed
MDL-27790 - Temporary course remains after restore
MDL-29529 - Fixed database error when assignments were sorted by status
MDL-30375 - Comments block no longer disappears when cancel is clicked
MDL-30398 - Lesson no longer accepts blank password
Upstream changes:
Highlights
MDL-28729 - Numerous multi-lang fixes and improvements
Functional changes
MDL-28410 - Allow a single option in a Choice activity
MDL-29394 - HTML editor format option selector hidden when there is only one option
MDL-23520 - Option added to allow deleting of a wiki page
Security issues:
MSA-11-0027 to MSA-11-0035, MSA-11-0039 to MSA-11-0041.
Fixes SA46427
See http://docs.moodle.org/dev/Moodle_2.1.2_release_notes for complete
release notes.
* Some general minor bugs fixed in different areas.
* Four security fixes (see below).
Some of these vulnerabilities are potentially serious so we strongly
recommend you upgrade.
Full details to be released soon.
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators
create effective online learning communities. You can use it on any
computer you have handy (including webhosts), yet it can scale from a
single-teacher site to a 40,000-student University.
