Moodle 1.9.7 release notes: Difference between revisions
From MoodleDocs
Helen Foster (talk | contribs) (full list of fixed issues link) |
|||
| Line 18: | Line 18: | ||
* To reduce the risk of password theft, a [[Password salting|password salt]] is set in ''config.php'' in new installs and for upgrades, admins are sent an email recommending that they do so. | * To reduce the risk of password theft, a [[Password salting|password salt]] is set in ''config.php'' in new installs and for upgrades, admins are sent an email recommending that they do so. | ||
* Teachers lose | * Teachers lose permission to include ANY user data in a course backup or restore a course including user data due to new capabilities [[Capabilities/moodle/backup:userinfo|moodle/backup:userinfo]] and [[Capabilities/moodle/restore:userinfo|moodle/restore:userinfo]] which are not set for the default role of teacher. Sites with custom roles should check permissions carefully. Admins can restore those permissions but are informed of the risks in doing so. | ||
* Hashed user passwords are no longer saved in backup files containing user data. If a backup is restored to a new site, users will be asked to go through the "forgot my password" routine the first time they log in. | * Hashed user passwords are no longer saved in backup files containing user data. If a backup is restored to a new site, users will be asked to go through the "forgot my password" routine the first time they log in. | ||
Revision as of 08:33, 25 November 2009
Release date: Not yet released
Here is the full list of fixed issues in 1.9.7.
Highlights
- MDL-20591 - IMS Common Cartridge import (requires enabling in Site Administration > Miscellaneous > Experimental)
- MDL-13049 - Workshop module finally pushes grades into Gradebook during Synchronize legacy grades procedure
- Miscellaneous Workshop module fixes (MDL-20668, MDL-7218, MDL-20827)
Functional changes
- To force users to use stronger passwords that are less susceptible to being cracked the password policy is enabled by default in new installs, and switched on when upgrading to 1.9.7.
- Admins can review their password policy in Administration > Security > Site policies. The default policy requires passwords of at least 8 characters long and containing at least 1 digit, 1 lower case letter, 1 upper case letter and 1 non-alphanumeric character.
- After upgrading to 1.9.7, admins will be asked to change their passwords next time they log in (manual or email based self-registration accounts only).
- To reduce the risk of password theft, a password salt is set in config.php in new installs and for upgrades, admins are sent an email recommending that they do so.
- Teachers lose permission to include ANY user data in a course backup or restore a course including user data due to new capabilities moodle/backup:userinfo and moodle/restore:userinfo which are not set for the default role of teacher. Sites with custom roles should check permissions carefully. Admins can restore those permissions but are informed of the risks in doing so.
- Hashed user passwords are no longer saved in backup files containing user data. If a backup is restored to a new site, users will be asked to go through the "forgot my password" routine the first time they log in.
Security issues
- Multiple password related issues - password policy enabled by default, password salt in config.php, forced admin password change, force password change option in Bulk user actions
- Multiple backup/restore related issues - new capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, passwords no longer saved in backups
Additional issues to follow.
New language pack
- Dhivehi - Ahmed Shareef, Moosa Ali, Amir Hussein
(See Translation credits for additional details.)
