Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 1.8.11 release notes

From MoodleDocs
Revision as of 10:14, 19 November 2009 by Helen Foster (talk | contribs) (MDL-20838, MDL-18807)

Release date: Not yet released

Security issues

This release contains a lot of security and privacy fixes related to the handling of user data and passwords in Moodle backups, MDL-20851. (Note that MDL-20851 and all the following security issues currently have a security level setting which restricts access).

  • MDL-20838 Hashed user passwords are no longer saved in backup files containing user data.
If anyone really needs passwords to be saved (in rare case of restoring a backup with user data to a different site) $CFG->includeuserpasswordsinbackups may be added to config.php.
  • MDL-18807 To greatly reduce the risk of password theft, a password salt is set in config.php when installing 1.8.11 and for upgrades, a notification message strongly recommends admins to set a password salt. In addition, the security overview report gives a warning if no password salt has been set.

More issues to be listed soon...

Retrieved from "https://docs.moodle.org/dev/index.php?title=Moodle_1.8.11_release_notes&oldid=25468"
Powered by MediaWiki