Moodle 2.0.5 release notes: Difference between revisions
From MoodleDocs
m (French link) |
(Adding security issues) |
||
Line 14: | Line 14: | ||
===Security issues=== | ===Security issues=== | ||
* MDL-28726 - XSS in Wiki comments | |||
* MDL-28724 - CSRF in instancecomments.php, restore version and several other places | |||
* MDL-27586 - Server files shows all categories and courses even if a user don't have access to them | |||
* MDL-27289 - Box.net repository has security flaws | |||
* MDL-29148 - Incorrect handling of openssl_verify() return code | |||
* MDL-23872 - $mform->setConstant() does not work as expected | |||
* MDL-27635 - Column registration_hubs.secret gets different default value for upgrade versus install | |||
* MDL-22232 - Teacher can turn off all of a student's notifications | |||
* MDL-27219 - Chat disclosed full names of all system users including deleted users | |||
* MDL-29312 - Prevent $CFG->usesid because hackers try to exploit it | |||
===Fixes and improvements=== | ===Fixes and improvements=== |
Revision as of 05:11, 18 October 2011
Release date: 10th October, 2011
Here is the full list of fixed issues in 2.0.5.
Highlights
- MDL-28729 - Numerous multi-lang fixes and improvements
Functional changes
- MDL-28410 - Allow a single option in a Choice activity
- MDL-23520 - Option added to allow deleting of a wiki page
Security issues
- MDL-28726 - XSS in Wiki comments
- MDL-28724 - CSRF in instancecomments.php, restore version and several other places
- MDL-27586 - Server files shows all categories and courses even if a user don't have access to them
- MDL-27289 - Box.net repository has security flaws
- MDL-29148 - Incorrect handling of openssl_verify() return code
- MDL-23872 - $mform->setConstant() does not work as expected
- MDL-27635 - Column registration_hubs.secret gets different default value for upgrade versus install
- MDL-22232 - Teacher can turn off all of a student's notifications
- MDL-27219 - Chat disclosed full names of all system users including deleted users
- MDL-29312 - Prevent $CFG->usesid because hackers try to exploit it
Fixes and improvements
- MDL-28931 - Updated timezone info to latest version available
- MDL-27122 - The Settings block appears once on the Front Page
- MDL-28569 - RSS feed autodiscovery works with ampersands in URLs
- MDL-26890 - Forum file size limit is used if a file is added from private files
- MDL-28402 - LDAP configuration allows values stored in lower case
- MDL-25872 - Teacher listed in assignment grading and in gradebook