Moodle 3.5.7 release notes: Difference between revisions
From MoodleDocs
No edit summary |
|||
Line 13: | Line 13: | ||
===Security fixes and improvements=== | ===Security fixes and improvements=== | ||
====Security fixes==== | ====Security fixes==== | ||
* [https://moodle.org/mod/forum/discuss.php?d=388567 MSA-19-0013] Missing sesskey (CSRF) token in loading/unloading XML files | |||
* [https://moodle.org/mod/forum/discuss.php?d=388568 MSA-19-0014] Ability to delete glossary entries that belong to another glossary | |||
* [https://moodle.org/mod/forum/discuss.php?d=388569 MSA-19-0015] Quiz group overrides did not observe groups membership or accessallgroups | |||
* [https://moodle.org/mod/forum/discuss.php?d=388570 MSA-19-0016] Assignment group overrides did not observe separate groups mode | |||
* [https://moodle.org/mod/forum/discuss.php?d=388571 MSA-19-0017] Upgrade TCPDF library for PHP 7.3 and bug fixes (upstream) | |||
====Security improvements==== | ====Security improvements==== |
Revision as of 04:06, 16 July 2019
Releases > Moodle 3.5.7 release notes
Release date: 8 July 2019
Here is the full list of fixed issues in 3.5.7.
Fixes and improvements
- MDL-58315 - Boost theme no longer ignores HTML block custom classes
- MDL-65581 - Hidden blocks can once again be unhidden
- MDL-65249 - Redis cache store correctly displays exception after failed connections
Security fixes and improvements
Security fixes
- MSA-19-0013 Missing sesskey (CSRF) token in loading/unloading XML files
- MSA-19-0014 Ability to delete glossary entries that belong to another glossary
- MSA-19-0015 Quiz group overrides did not observe groups membership or accessallgroups
- MSA-19-0016 Assignment group overrides did not observe separate groups mode
- MSA-19-0017 Upgrade TCPDF library for PHP 7.3 and bug fixes (upstream)
Security improvements
The following bug fixes or improvements were made, which contribute to improving security or privacy best practices:
- MDL-60347 - SMTP debugging now also requires developer level debugging messages to be enabled before being displayed. Although SMTP debugging is not intended for production site use, this provides an additional fallback measure to prevent verbose debugging from being unintentionally being visible to users.