Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 2.0.5 release notes: Difference between revisions

From MoodleDocs
m (French link)
(Adding security issues)
Line 14: Line 14:
===Security issues===
===Security issues===


A number of security vulnerabilities have been resolved by this release. Details of these vulnerabilities will be exposed approximately one week after this version release. This period is intended to allow sites to be upgraded.
* MDL-28726 - XSS in Wiki comments
* MDL-28724 - CSRF in instancecomments.php, restore version and several other places
* MDL-27586 - Server files shows all categories and courses even if a user don't have access to them
* MDL-27289 - Box.net repository has security flaws
* MDL-29148 - Incorrect handling of openssl_verify() return code
* MDL-23872 - $mform->setConstant() does not work as expected
* MDL-27635 - Column registration_hubs.secret gets different default value for upgrade versus install
* MDL-22232 - Teacher can turn off all of a student's notifications
* MDL-27219 - Chat disclosed full names of all system users including deleted users
* MDL-29312 - Prevent $CFG->usesid because hackers try to exploit it


===Fixes and improvements===
===Fixes and improvements===

Revision as of 05:11, 18 October 2011

Release date: 10th October, 2011

Here is the full list of fixed issues in 2.0.5.

Highlights

  • MDL-28729 - Numerous multi-lang fixes and improvements

Functional changes

  • MDL-28410 - Allow a single option in a Choice activity
  • MDL-23520 - Option added to allow deleting of a wiki page

Security issues

  • MDL-28726 - XSS in Wiki comments
  • MDL-28724 - CSRF in instancecomments.php, restore version and several other places
  • MDL-27586 - Server files shows all categories and courses even if a user don't have access to them
  • MDL-27289 - Box.net repository has security flaws
  • MDL-29148 - Incorrect handling of openssl_verify() return code
  • MDL-23872 - $mform->setConstant() does not work as expected
  • MDL-27635 - Column registration_hubs.secret gets different default value for upgrade versus install
  • MDL-22232 - Teacher can turn off all of a student's notifications
  • MDL-27219 - Chat disclosed full names of all system users including deleted users
  • MDL-29312 - Prevent $CFG->usesid because hackers try to exploit it

Fixes and improvements

  • MDL-28931 - Updated timezone info to latest version available
  • MDL-27122 - The Settings block appears once on the Front Page
  • MDL-28569 - RSS feed autodiscovery works with ampersands in URLs
  • MDL-26890 - Forum file size limit is used if a file is added from private files
  • MDL-28402 - LDAP configuration allows values stored in lower case
  • MDL-25872 - Teacher listed in assignment grading and in gradebook

See also

Retrieved from "https://docs.moodle.org/dev/index.php?title=Moodle_2.0.5_release_notes&oldid=30029"
Powered by MediaWiki