Moodle 2.8.9 release notes: Difference between revisions

Revision as of 04:35, 16 November 2015

Releases > Moodle 2.8.9 release notes

Release date: 9 November 2015

MDL-42639 - Web service core_user_get_users_by_field should return username or idnumber to all managers
MDL-48861 - Assignment: "Need grading" filter is not working properly within grading overview
MDL-51552 - "Single View" bulk insert for empty grades no longer overwrites non-empty grades
MDL-46239 - Scheduled task manager handles timezones more properly
MDL-51083 - Fixed undesired browser password autofilling in several forms (majority of forms were fixed in MDL-45772 in previous release)
MDL-36606 - AJAX Grader report now works correctly when uneditable cells are present

MDL-49545 - Teachers without capability to change course full or short name should not be able to do it during restore as well
MDL-50811 - Forum email replies update completion tracking information
MDL-51834 - Lock custom profile fields that are set to by synchronised with various auth plugins
MDL-44707 - Copy embedded files in HTML block when duplicating block (mostly affects adding HTML block with files to default Dashboard)
MDL-51467 - Changing course start date when resetting course now correctly adjusts Date Restrictions
MDL-43594 - Assignment: Resetting course start date now updates calendar events respectfully

MSA-15-0038 DDoS possibility in Atto
MSA-15-0039 CSRF in site registration form
MSA-15-0040 Student XSS in survey
MSA-15-0041 XSS in flash video player
MSA-15-0042 CSRF in lesson login form
MSA-15-0043 Web service core_enrol_get_enrolled_users does not respect course group mode
MSA-15-0044 Capability to view available badges is not respected
MSA-15-0045 SCORM module allows to bypass access restrictions based on date
MSA-15-0046 Choice module closing date can be bypassed

MDL-51514 - Performance improvement in one of regrading queries on MySQL
MDL-51498 - Improve performance for regrading gradebook
MDL-50805 - Performance improvement in cron Messaging Cleanup Task
MDL-26429 - Added missing criteria icons to completion report
MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF
MDL-46710 - LTI module correctly tracks completion when opened in a new window
MDL-46497 - Atto: clicking RTL button and then LTR button should not add additional HTML tags
MDL-49032 - RFC2445_WSP defined incorrectly for Bennu iCal.
MDL-50892 - Fixed errors appearing when resource or activity was named '0' (zero)
MDL-51390 - Badges: fixed connection to external backpack
MDL-50079 - Atto: Fixed bug when user was unable to select "open in new window" when linking to the file from repository

@@ Line 30: / Line 30: @@
 ===Security issues===
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+* [https://moodle.org/mod/forum/discuss.php?d=323229 MSA-15-0038] DDoS possibility in Atto
+* [https://moodle.org/mod/forum/discuss.php?d=323230 MSA-15-0039] CSRF in site registration form
+* [https://moodle.org/mod/forum/discuss.php?d=323231 MSA-15-0040] Student XSS in survey
+* [https://moodle.org/mod/forum/discuss.php?d=323232 MSA-15-0041] XSS in flash video player
+* [https://moodle.org/mod/forum/discuss.php?d=323233 MSA-15-0042] CSRF in lesson login form
+* [https://moodle.org/mod/forum/discuss.php?d=323234 MSA-15-0043] Web service core_enrol_get_enrolled_users does not respect course group mode
+* [https://moodle.org/mod/forum/discuss.php?d=323235 MSA-15-0044] Capability to view available badges is not respected
+* [https://moodle.org/mod/forum/discuss.php?d=323236 MSA-15-0045] SCORM module allows to bypass access restrictions based on date
+* [https://moodle.org/mod/forum/discuss.php?d=323237 MSA-15-0046] Choice module closing date can be bypassed
 ===Fixes and improvements===