Releases > Moodle 2.9.3 release notes

Release date: 9 November 2015

Here is the full list of fixed issues in 2.9.3.

Highlights

• MDL-42639 - Web service core_user_get_users_by_field should return username or idnumber to all managers
• MDL-48861 - Assignment: "Need grading" filter is not working properly within grading overview
• MDL-51552 - "Single View" bulk insert for empty grades no longer overwrites non-empty grades
• MDL-51083 - Fixed undesired browser password autofilling in several forms (majority of forms were fixed in MDL-45772 in previous release)
• MDL-36606 - AJAX Grader report now works correctly when uneditable cells are present

Functional changes

• MDL-49545 - Teachers without capability to change course full or short name should not be able to do it during restore as well
• MDL-50917 - Allow manager to access another user's preferences
• MDL-50811 - Forum email replies update completion tracking information
• MDL-51834 - Lock custom profile fields that are set to by synchronised with various auth plugins
• MDL-44707 - Copy embedded files in HTML block when duplicating block (mostly affects adding HTML block with files to default Dashboard)
• MDL-51467 - Changing course start date when resetting course now correctly adjusts Date Restrictions
• MDL-43594 - Assignment: Resetting course start date now updates calendar events respectfully

UI changes

• MDL-40710 - Better visualization of badges backpack icon
• MDL-51290 - Make adding a photo to a profile more obvious
• MDL-50207 - Fixed activity results block CSS not to overwrite table caption and work correctly with RTL

Security issues

• MSA-15-0037 Possible to send a message to a user who blocked messages from non contacts
• MSA-15-0038 DDoS possibility in Atto
• MSA-15-0039 CSRF in site registration form
• MSA-15-0040 Student XSS in survey
• MSA-15-0041 XSS in flash video player
• MSA-15-0042 CSRF in lesson login form
• MSA-15-0043 Web service core_enrol_get_enrolled_users does not respect course group mode
• MSA-15-0044 Capability to view available badges is not respected
• MSA-15-0045 SCORM module allows to bypass access restrictions based on date
• MSA-15-0046 Choice module closing date can be bypassed

Fixes and improvements

• MDL-51514 - Performance improvement in one of regrading queries on MySQL
• MDL-51498 - Improve performance for regrading gradebook
• MDL-50805 - Performance improvement in cron Messaging Cleanup Task
• MDL-50790 - Fixed problem with removing content of Reply to email feature in gmail
• MDL-26429 - Added missing criteria icons to completion report
• MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF
• MDL-46710 - LTI module correctly tracks completion when opened in a new window
• MDL-46497 - Atto: clicking RTL button and then LTR button should not add additional HTML tags
• MDL-49032 - RFC2445_WSP defined incorrectly for Bennu iCal.
• MDL-50892 - Fixed errors appearing when resource or activity was named '0' (zero)
• MDL-51390 - Badges: fixed connection to external backpack
• MDL-50079 - Atto: Fixed bug when user was unable to select "open in new window" when linking to the file from repository
• MDL-48881 - Fixed bug with lesson not always showing student attempts

API changes, for developers

• MDL-51756 - Please can someone explain this. It leads to debugging messages relating to web services that don't make it clear how to fix ones code.

See also

• Moodle 2.9.2 release notes