Moodle 2.0.2 release notes: Difference between revisions
From MoodleDocs
Helen Foster (talk | contribs) (more issues listed) |
Helen Foster (talk | contribs) (→Security issues: details added) |
||
Line 34: | Line 34: | ||
===Security issues=== | ===Security issues=== | ||
* [http://moodle.org/mod/forum/discuss.php?d=170003 MSA-11-0003] Cross-site scripting vulnerability in tag autocomplete | |||
* [http://moodle.org/mod/forum/discuss.php?d=170004 MSA-11-0004] $CFG->forceloginforprofiles setting ignored in course profiles | |||
* [http://moodle.org/mod/forum/discuss.php?d=170005 MSA-11-0005] Cross-site scripting vulnerability in spikephpcoverage | |||
* [http://moodle.org/mod/forum/discuss.php?d=170006 MSA-11-0006] Cross-site request forgery and missing access control in course completion | |||
* [http://moodle.org/mod/forum/discuss.php?d=170008 MSA-11-0007] Cross-site scripting vulnerability in course tags | |||
* [http://moodle.org/mod/forum/discuss.php?d=170009 MSA-11-0008] IMS enterprise enrolment file may disclose sensitive information | |||
* [http://moodle.org/mod/forum/discuss.php?d=170010 MSA-11-0009] My profile block may disclose private information if used in user context | |||
* [http://moodle.org/mod/forum/discuss.php?d=170011 MSA-11-0010] Incorrect default for mod:course/delete capability in teacher role | |||
* [http://moodle.org/mod/forum/discuss.php?d=170012 MSA-11-0011] Multiple cross-site scripting problems in media filter | |||
<noinclude>==See also== | <noinclude>==See also== | ||
*[[Moodle 2.0.1 release notes]] | *[[Moodle 2.0.1 release notes]] |
Revision as of 15:25, 1 March 2011
Release date: 21st February 2011
Highlights
- MDL-20617 - Options to show feedback, averages, range and other data in the user report
- MDL-26109 - All standard blocks have option to dock
- MDL-25616 - Recent messages and recent notifications interfaces
Performance improvements
- MDL-17201 - Add index on user_info_data
- MDL-25669 - fix_course_sortorder() does way too many UPDATE queries
- MDL-25837 - disasterous caching bug in course_overview block
- MDL-22970 - Glossary import displays too many items in recent activity
- MDL-25677 - Differences between upgraded and installed sites detected in blocks subsystem
- MDL-24125 - Add in-memory cache of admin_category child objects
Fixes
- MDL-25501 - Wikis with pages with the same title now upgrade from 1.9
- MDL-25932 - Upgrade fails for wikis with the same title
- MDL-25850 - Scorm score not checking for mod/scorm:viewscores
- MDL-25215 - File extension lost when using "Save As" field
- MDL-26071 - Upgrade fails when adding fields to tag_instance table
- MDL-26236 - Random essay questions give error
- MDL-25321 - sqlsrv_native's limit_to_top_n function destroys queries
- MDL-25626 - Error in "Course completion status" block
- MDL-25863 - Automated course backup function duplicates old versions when saved to non-default location
- MDL-26098 - Manual grading pop-up is confused between id and uniqueid
- MDL-25841 - Cloze question feedback appears in the wrong place
- MDL-26299 - Numerical questions units handling setting reverts to default upon editing
And many more ... see the full list of bug fixes and improvements in 2.0.2.
Security issues
- MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete
- MSA-11-0004 $CFG->forceloginforprofiles setting ignored in course profiles
- MSA-11-0005 Cross-site scripting vulnerability in spikephpcoverage
- MSA-11-0006 Cross-site request forgery and missing access control in course completion
- MSA-11-0007 Cross-site scripting vulnerability in course tags
- MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information
- MSA-11-0009 My profile block may disclose private information if used in user context
- MSA-11-0010 Incorrect default for mod:course/delete capability in teacher role
- MSA-11-0011 Multiple cross-site scripting problems in media filter