Moodle 1.9.4 release notes: Difference between revisions
From MoodleDocs
Dev Docs Bot (talk | contribs) m (Protected "Moodle 1.9.4 release notes": Developer Docs Migration ([Edit=Allow only administrators] (indefinite))) |
|||
(40 intermediate revisions by 10 users not shown) | |||
Line 1: | Line 1: | ||
Release date: | {{Template:Migrated|newDocId=/general/releases/1.9/1.9.4}} | ||
Release date: 28th January 2009 | |||
Here is [http://tracker.moodle.org/secure/IssueNavigator.jspa?reset=true&pid=10011&fixfor=10300&sorter/field=priority&sorter/order=DESC the full list of fixed issues in 1.9.4]. | |||
===Highlights=== | ===Highlights=== | ||
* New options to allow Moodle to be configured to comply with European and US privacy regulations, like FERPA. | * MDL-17205 New options to allow Moodle to be configured to comply with European and US privacy regulations, like FERPA. | ||
* Fix bugs relating to creating and editing course categories. Previously, giving admin permissions in a category and its subcategories did not work reliably. In the process, the separate create, update and delete category capabilities were replaced with [[Capabilities/moodle/category:manage|moodle/category:manage]], and moodle/category:visibility was renamed to [[Capabilities/moodle/category:viewhiddencategories|moodle/category:viewhiddencategories]]. | ** MDL-17472 New [[:en:Site policies|Site policies]] setting for disabling [[:en:Notes|Notes]] completely | ||
* Essay questions can now be randomised by random questions. This must be enabled under ''Administration > Miscellaneous > Experimental''. | ** MDL-17472 New [[:en:Internal enrolment|Internal enrolment]] settings for enforcing [[:en:Enrolment key|enrolment key]] usage and complexity | ||
** MDL-17222 New [[:en:Security overview|Security overview]] report | |||
* | ** Separate capabilities for each report and other parts with sensitive information | ||
* [http://tracker.moodle.org/secure/IssueNavigator.jspa?reset=true&pid=10011&query=categor*+-question&summary=true&description=true&resolution=1&fixfor=10300&assigneeSelect=specificuser&assignee=timhunt Fix multiple bugs] relating to creating and editing course categories. Previously, giving admin permissions in a category and its subcategories did not work reliably. In the process, the separate create, update and delete category capabilities were replaced with [[:en:Capabilities/moodle/category:manage|moodle/category:manage]], and moodle/category:visibility was renamed to [[:en:Capabilities/moodle/category:viewhiddencategories|moodle/category:viewhiddencategories]]. | |||
* Email notification of [[Course request|course requests]], and a new capability [[Capabilities/moodle/course:request|moodle/course:request]] to control who can request courses. | * MDL-8648 Essay questions can now be randomised by random questions. This must be enabled under ''Administration > Miscellaneous > Experimental''. | ||
* New [[Forum settings|Forum setting]] for enabling [[Forum ratings|AJAX forum ratings]] | * MDL-14926 A new capability [[:en:Capabilities/mod/quiz:reviewmyattempts|mod/quiz:reviewmyattempts]], separate from [[:en:Capabilities/mod/quiz:attempt|mod/quiz:attempt]]. This let's you create a read-only role that lets students see what they have done on a course in the past, without being able to change anything any more. | ||
* New option | * MDL-16651 A new capability [[:en:Capabilities/mod/scorm:deleteresponses|mod/scorm:deleteresponses]] allowing deletion of SCORM attempts | ||
* Some database module settings have been fixed ('Required Entries' and ' Required Entries before viewing). If the fix has an impact | * MDL-6160 Email notification of [[:en:Course request|course requests]], and a new capability [[:en:Capabilities/moodle/course:request|moodle/course:request]] to control who can request courses. | ||
* MDL-17364 New [[:en:Forum settings|Forum setting]] for enabling [[:en:Forum ratings|AJAX forum ratings]] | |||
* MDL-10021 New option, "Yes, without frame", for the [[:en:File or website link|file resource]] "Keep page navigation visible on the same page" setting. This option displays a resource in a XHTML strict page. Other options have been kept. | |||
* MDL-16999 Some [[:en:Adding/editing a database|database module settings]] have been fixed ('Required Entries' and ' Required Entries before viewing). If the fix has an impact on your Moodle installation, you will be warned during upgrade. | |||
===Security issues=== | |||
* [http://moodle.org/mod/forum/discuss.php?d=115523 MSA-09-0001] No way easy to remove pictures of deleted users | |||
* [http://moodle.org/mod/forum/discuss.php?d=115524 MSA-09-0002] User pix disclosure | |||
* [http://moodle.org/mod/forum/discuss.php?d=115525 MSA-09-0003] Vulnerability in Snoopy 1.2.3 | |||
* [http://moodle.org/mod/forum/discuss.php?d=115526 MSA-09-0004] XSS vulnerabilities in HTML blocks if "Login as" used | |||
* [http://moodle.org/mod/forum/discuss.php?d=115527 MSA-09-0005] Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability | |||
* [http://moodle.org/mod/forum/discuss.php?d=115528 MSA-09-0006] Calendar export may allow brute force attacks | |||
* [http://moodle.org/mod/forum/discuss.php?d=115529 MSA-09-0007] Missing input validation in logs allows potential XSS attacks | |||
* [http://moodle.org/mod/forum/discuss.php?d=115532 MSA-09-0008] CSRF vulnerability in forum code | |||
===New language strings file=== | |||
* report_security.php | |||
===New language pack=== | ===New language pack=== | ||
Line 18: | Line 38: | ||
* Kazakh - Калима Туенбаева | * Kazakh - Калима Туенбаева | ||
(See [[Translation credits]] for additional details.) | (See [[:en:Translation credits|Translation credits]] for additional details.) | ||
===Known problems and regressions=== | |||
* New ''Security overview report'' on large sites extremely slow and overloading database server MDL-18040 - update to latest weekly or copy /admin/report/security/* files from latest weekly | |||
<noinclude>==See also== | |||
*[[Moodle 1.9.3 release notes]] | |||
*[[Moodle 1.9.5 release notes]] | |||
* [https://docs.moodle.org/19/fr/Notes_de_mise_à_jour_de_Moodle_1.9.4 French version of this page] | |||
[[Category:Release notes]] | [[Category:Release notes]] | ||
[[Category:Moodle 1.9]] | [[Category:Moodle 1.9]] | ||
</noinclude> |
Latest revision as of 09:07, 25 May 2022
Important:
This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date. Why not view this page on the new site and help us to migrate more content to the new site! |
Release date: 28th January 2009
Here is the full list of fixed issues in 1.9.4.
Highlights
- MDL-17205 New options to allow Moodle to be configured to comply with European and US privacy regulations, like FERPA.
- MDL-17472 New Site policies setting for disabling Notes completely
- MDL-17472 New Internal enrolment settings for enforcing enrolment key usage and complexity
- MDL-17222 New Security overview report
- Separate capabilities for each report and other parts with sensitive information
- Fix multiple bugs relating to creating and editing course categories. Previously, giving admin permissions in a category and its subcategories did not work reliably. In the process, the separate create, update and delete category capabilities were replaced with moodle/category:manage, and moodle/category:visibility was renamed to moodle/category:viewhiddencategories.
- MDL-8648 Essay questions can now be randomised by random questions. This must be enabled under Administration > Miscellaneous > Experimental.
- MDL-14926 A new capability mod/quiz:reviewmyattempts, separate from mod/quiz:attempt. This let's you create a read-only role that lets students see what they have done on a course in the past, without being able to change anything any more.
- MDL-16651 A new capability mod/scorm:deleteresponses allowing deletion of SCORM attempts
- MDL-6160 Email notification of course requests, and a new capability moodle/course:request to control who can request courses.
- MDL-17364 New Forum setting for enabling AJAX forum ratings
- MDL-10021 New option, "Yes, without frame", for the file resource "Keep page navigation visible on the same page" setting. This option displays a resource in a XHTML strict page. Other options have been kept.
- MDL-16999 Some database module settings have been fixed ('Required Entries' and ' Required Entries before viewing). If the fix has an impact on your Moodle installation, you will be warned during upgrade.
Security issues
- MSA-09-0001 No way easy to remove pictures of deleted users
- MSA-09-0002 User pix disclosure
- MSA-09-0003 Vulnerability in Snoopy 1.2.3
- MSA-09-0004 XSS vulnerabilities in HTML blocks if "Login as" used
- MSA-09-0005 Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
- MSA-09-0006 Calendar export may allow brute force attacks
- MSA-09-0007 Missing input validation in logs allows potential XSS attacks
- MSA-09-0008 CSRF vulnerability in forum code
New language strings file
- report_security.php
New language pack
- Kazakh - Калима Туенбаева
(See Translation credits for additional details.)
Known problems and regressions
- New Security overview report on large sites extremely slow and overloading database server MDL-18040 - update to latest weekly or copy /admin/report/security/* files from latest weekly