Moodle 2.9.3 release notes

From MoodleDocs

Releases > Moodle 2.9.3 release notes

Release date: 9 November 2015

Here is the full list of fixed issues in 2.9.3.


  • MDL-42639 - Web service core_user_get_users_by_field should return username or idnumber to all managers
  • MDL-48861 - Assignment: "Need grading" filter is not working properly within grading overview
  • MDL-51552 - "Single View" bulk insert for empty grades no longer overwrites non-empty grades
  • MDL-51083 - Fixed undesired browser password autofilling in several forms (majority of forms were fixed in MDL-45772 in previous release)
  • MDL-36606 - AJAX Grader report now works correctly when uneditable cells are present

Functional changes

  • MDL-49545 - Teachers without capability to change course full or short name should not be able to do it during restore as well
  • MDL-50917 - Allow manager to access another user's preferences
  • MDL-50811 - Forum email replies update completion tracking information
  • MDL-51834 - Lock custom profile fields that are set to by synchronised with various auth plugins
  • MDL-44707 - Copy embedded files in HTML block when duplicating block (mostly affects adding HTML block with files to default Dashboard)
  • MDL-51467 - Changing course start date when resetting course now correctly adjusts Date Restrictions
  • MDL-43594 - Assignment: Resetting course start date now updates calendar events respectfully

UI changes

  • MDL-40710 - Better visualization of badges backpack icon
  • MDL-51290 - Make adding a photo to a profile more obvious
  • MDL-50207 - Fixed activity results block CSS not to overwrite table caption and work correctly with RTL

Security issues

  • MSA-15-0037 Possible to send a message to a user who blocked messages from non contacts
  • MSA-15-0038 DDoS possibility in Atto
  • MSA-15-0039 CSRF in site registration form
  • MSA-15-0040 Student XSS in survey
  • MSA-15-0041 XSS in flash video player
  • MSA-15-0042 CSRF in lesson login form
  • MSA-15-0043 Web service core_enrol_get_enrolled_users does not respect course group mode
  • MSA-15-0044 Capability to view available badges is not respected
  • MSA-15-0045 SCORM module allows to bypass access restrictions based on date
  • MSA-15-0046 Choice module closing date can be bypassed

Fixes and improvements

  • MDL-51514 - Performance improvement in one of regrading queries on MySQL
  • MDL-51498 - Improve performance for regrading gradebook
  • MDL-50805 - Performance improvement in cron Messaging Cleanup Task
  • MDL-50790 - Fixed problem with removing content of Reply to email feature in gmail
  • MDL-26429 - Added missing criteria icons to completion report
  • MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF
  • MDL-46710 - LTI module correctly tracks completion when opened in a new window
  • MDL-46497 - Atto: clicking RTL button and then LTR button should not add additional HTML tags
  • MDL-49032 - RFC2445_WSP defined incorrectly for Bennu iCal.
  • MDL-50892 - Fixed errors appearing when resource or activity was named '0' (zero)
  • MDL-51390 - Badges: fixed connection to external backpack
  • MDL-50079 - Atto: Fixed bug when user was unable to select "open in new window" when linking to the file from repository
  • MDL-48881 - Fixed bug with lesson not always showing student attempts

API changes, for developers

  • MDL-51756 - Please can someone explain this. It leads to debugging messages relating to web services that don't make it clear how to fix ones code.

See also