Moodle 1.9.4 release notes

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Important:

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

Release date: 28th January 2009

Here is the full list of fixed issues in 1.9.4.

Highlights

MDL-17205 New options to allow Moodle to be configured to comply with European and US privacy regulations, like FERPA.
- MDL-17472 New Site policies setting for disabling Notes completely
- MDL-17472 New Internal enrolment settings for enforcing enrolment key usage and complexity
- MDL-17222 New Security overview report
- Separate capabilities for each report and other parts with sensitive information
Fix multiple bugs relating to creating and editing course categories. Previously, giving admin permissions in a category and its subcategories did not work reliably. In the process, the separate create, update and delete category capabilities were replaced with moodle/category:manage, and moodle/category:visibility was renamed to moodle/category:viewhiddencategories.
MDL-8648 Essay questions can now be randomised by random questions. This must be enabled under Administration > Miscellaneous > Experimental.
MDL-14926 A new capability mod/quiz:reviewmyattempts, separate from mod/quiz:attempt. This let's you create a read-only role that lets students see what they have done on a course in the past, without being able to change anything any more.
MDL-16651 A new capability mod/scorm:deleteresponses allowing deletion of SCORM attempts
MDL-6160 Email notification of course requests, and a new capability moodle/course:request to control who can request courses.
MDL-17364 New Forum setting for enabling AJAX forum ratings
MDL-10021 New option, "Yes, without frame", for the file resource "Keep page navigation visible on the same page" setting. This option displays a resource in a XHTML strict page. Other options have been kept.
MDL-16999 Some database module settings have been fixed ('Required Entries' and ' Required Entries before viewing). If the fix has an impact on your Moodle installation, you will be warned during upgrade.

Security issues

MSA-09-0001 No way easy to remove pictures of deleted users
MSA-09-0002 User pix disclosure
MSA-09-0003 Vulnerability in Snoopy 1.2.3
MSA-09-0004 XSS vulnerabilities in HTML blocks if "Login as" used
MSA-09-0005 Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
MSA-09-0006 Calendar export may allow brute force attacks
MSA-09-0007 Missing input validation in logs allows potential XSS attacks
MSA-09-0008 CSRF vulnerability in forum code

New language strings file

report_security.php

New language pack

Kazakh - Калима Туенбаева

(See Translation credits for additional details.)

Known problems and regressions

New Security overview report on large sites extremely slow and overloading database server MDL-18040 - update to latest weekly or copy /admin/report/security/* files from latest weekly

Documentation