Moodle 1.9.7 release notes: Difference between revisions
From MoodleDocs
Helen Foster (talk | contribs) (→Security issues: info on saving passwords in backups moved to Configuration file) |
Helen Foster (talk | contribs) (content reorganisation) |
||
Line 6: | Line 6: | ||
* MDL-13049 - [[Workshop module]] finally pushes grades into Gradebook during [[grade/edit/simple_tree/index#Synchronize_legacy_grades|Synchronize legacy grades]] procedure | * MDL-13049 - [[Workshop module]] finally pushes grades into Gradebook during [[grade/edit/simple_tree/index#Synchronize_legacy_grades|Synchronize legacy grades]] procedure | ||
* Miscellaneous Workshop module fixes (MDL-20668, MDL-7218, MDL-20827) | * Miscellaneous Workshop module fixes (MDL-20668, MDL-7218, MDL-20827) | ||
===Functional changes=== | |||
* To force users to use stronger passwords that are less susceptible to being cracked the [[Password policy|password policy]] is enabled by default in new installs, and switched on when upgrading to 1.9.7. | |||
:Admins can review their password policy in ''Administration > Security > [[Site policies]]''. The default policy requires passwords of at least 8 characters long and containing at least 1 digit, 1 lower case letter, 1 upper case letter and 1 non-alphanumeric character. | |||
* After upgrading to 1.9.7, admins will be asked to change their passwords next time they log in (manual or email based self-registration accounts only). | |||
* To reduce the risk of password theft, a [[Password salting|password salt]] is set in ''config.php'' in new installs and for upgrades, admins are sent an email recommending that they do so. | |||
* Teachers lose the ability to include user data in a course backup or restore a course including user data due to new capabilities [[Capabilities/moodle/backup:userinfo|moodle/backup:userinfo]] and [[Capabilities/moodle/restore:userinfo|moodle/restore:userinfo]] which are not set for the default role of teacher. Sites with custom roles should check permissions carefully. | |||
* Hashed user passwords are no longer saved in backup files containing user data. If a backup is restored to a new site, users will be asked to go through the "forgot my password" routine the first time they log in. | |||
===Security issues=== | ===Security issues=== | ||
* Multiple password related issues | |||
* Multiple backup/restore related issues | |||
* | |||
* | |||
''Additional issues to follow.'' | |||
===New language pack=== | ===New language pack=== |
Revision as of 19:11, 24 November 2009
Release date: Not yet released
Highlights
- MDL-20591 - IMS Common Cartridge import (requires enabling in Site Administration > Miscellaneous > Experimental)
- MDL-13049 - Workshop module finally pushes grades into Gradebook during Synchronize legacy grades procedure
- Miscellaneous Workshop module fixes (MDL-20668, MDL-7218, MDL-20827)
Functional changes
- To force users to use stronger passwords that are less susceptible to being cracked the password policy is enabled by default in new installs, and switched on when upgrading to 1.9.7.
- Admins can review their password policy in Administration > Security > Site policies. The default policy requires passwords of at least 8 characters long and containing at least 1 digit, 1 lower case letter, 1 upper case letter and 1 non-alphanumeric character.
- After upgrading to 1.9.7, admins will be asked to change their passwords next time they log in (manual or email based self-registration accounts only).
- To reduce the risk of password theft, a password salt is set in config.php in new installs and for upgrades, admins are sent an email recommending that they do so.
- Teachers lose the ability to include user data in a course backup or restore a course including user data due to new capabilities moodle/backup:userinfo and moodle/restore:userinfo which are not set for the default role of teacher. Sites with custom roles should check permissions carefully.
- Hashed user passwords are no longer saved in backup files containing user data. If a backup is restored to a new site, users will be asked to go through the "forgot my password" routine the first time they log in.
Security issues
- Multiple password related issues
- Multiple backup/restore related issues
Additional issues to follow.
New language pack
- Dhivehi - Ahmed Shareef, Moosa Ali, Amir Hussein
(See Translation credits for additional details.)