Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 2.7.7 release notes: Difference between revisions

From MoodleDocs
No edit summary
Line 28: Line 28:
===Security issues===
===Security issues===


A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
* [https://moodle.org/mod/forum/discuss.php?d=307380 MSA-15-0010] Personal contacts and number of unread messages can be revealed
* [https://moodle.org/mod/forum/discuss.php?d=307381 MSA-15-0011] Authentication in mdeploy can be bypassed
* [https://moodle.org/mod/forum/discuss.php?d=307382 MSA-15-0012] ReDoS Possible with Convert links to URLs filter
* [https://moodle.org/mod/forum/discuss.php?d=307383 MSA-15-0013] Block title not properly escaped and may cause HTML injection
* [https://moodle.org/mod/forum/discuss.php?d=307384 MSA-15-0014] Potential information disclosure for the inaccessible courses
* [https://moodle.org/mod/forum/discuss.php?d=307385 MSA-15-0015] User without proper permission is able to mark the tag as inappropriate
* [https://moodle.org/mod/forum/discuss.php?d=307386 MSA-15-0016] Web services token can be created for user with temporary password
* [https://moodle.org/mod/forum/discuss.php?d=307387 MSA-15-0017] XSS in quiz statistics report


===Fixes and improvements===
===Fixes and improvements===

Revision as of 03:11, 16 March 2015

Releases > Moodle 2.7.7 release notes

2.7.7 release date: Tuesday, 10 March 2015

This page also covers issues resolved in 2.7.6, released on Monday, 9 March 2015

Here is the full list of fixed issues in 2.7.6 and 2.7.7.

Highlights

  • MDL-35392 - Feedback from module assign is now always shown in the gradebook
  • MDL-31036 - No more truncating characters in assignment quick grading
  • MDL-46626 - Log report export no longer contains html
  • MDL-23273 - Limit of responses in choice module is respected in case of synchronous submissions

Functional changes

  • MDL-31578 - Shibboleth can map attributes for all Moodle fields including custom attributes
  • MDL-49240 - Webservice core_get_string now functions correctly
  • MDL-45621 - It is possible to uninstall portfolio plugins
  • MDL-48670 - Standard behat tests now work properly regardless of user timezone

UI changes

  • MDL-48533 - Backup report now links to the individual course backup summaries
  • MDL-49064 - leftalign css class now has an RTL equivilent in bootstrap base

Security issues

  • MSA-15-0010 Personal contacts and number of unread messages can be revealed
  • MSA-15-0011 Authentication in mdeploy can be bypassed
  • MSA-15-0012 ReDoS Possible with Convert links to URLs filter
  • MSA-15-0013 Block title not properly escaped and may cause HTML injection
  • MSA-15-0014 Potential information disclosure for the inaccessible courses
  • MSA-15-0015 User without proper permission is able to mark the tag as inappropriate
  • MSA-15-0016 Web services token can be created for user with temporary password
  • MSA-15-0017 XSS in quiz statistics report

Fixes and improvements

  • MDL-42138 - Required custom profile fields are always required on signup form even when user has logged in as guest
  • MDL-49059 - Possible to embed YouTube videos with start time or playlist info
  • MDL-48544 - Block region no longer disappears if all blocks in it were hidden
  • MDL-48841 - Fixed bug with not being able to reset scheduled task to defaults
  • MDL-49167 - Fixed regression with $CFG->yuislasharguments introduced by previous minor release
  • MDL-47953 - Grader report shows correct number of students per page when suspended users are present
  • MDL-48294 - enablemobilewebservice is no longer duplicated in Site Admin

See also