Moodle 1.9.4

Release date: 28th January 2009

Here is the full list of fixed issues in 1.9.4.

Highlights

• MDL-17205 New options to allow Moodle to be configured to comply with European and US privacy regulations, like FERPA.
  • MDL-17472 New Site policies setting for disabling Notes completely
  • MDL-17472 New Internal enrolment settings for enforcing enrolment key usage and complexity
  • MDL-17222 New Security overview report
  • Separate capabilities for each report and other parts with sensitive information
• Fix multiple bugs relating to creating and editing course categories. Previously, giving admin permissions in a category and its subcategories did not work reliably. In the process, the separate create, update and delete category capabilities were replaced with moodle/category:manage, and moodle/category:visibility was renamed to moodle/category:viewhiddencategories.
• MDL-8648 Essay questions can now be randomised by random questions. This must be enabled under Administration > Miscellaneous > Experimental.
• MDL-14926 A new capability mod/quiz:reviewmyattempts, separate from mod/quiz:attempt. This let's you create a read-only role that lets students see what they have done on a course in the past, without being able to change anything any more.
• MDL-16651 A new capability mod/scorm:deleteresponses allowing deletion of SCORM attempts
• MDL-6160 Email notification of course requests, and a new capability moodle/course:request to control who can request courses.
• MDL-17364 New Forum setting for enabling AJAX forum ratings
• MDL-10021 New option, "Yes, without frame", for the file resource "Keep page navigation visible on the same page" setting. This option displays a resource in a XHTML strict page. Other options have been kept.
• MDL-16999 Some database module settings have been fixed ('Required Entries' and ' Required Entries before viewing). If the fix has an impact on your Moodle installation, you will be warned during upgrade.

Security issues

• MSA-09-0001 No way easy to remove pictures of deleted users
• MSA-09-0002 User pix disclosure
• MSA-09-0003 Vulnerability in Snoopy 1.2.3
• MSA-09-0004 XSS vulnerabilities in HTML blocks if "Login as" used
• MSA-09-0005 Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
• MSA-09-0006 Calendar export may allow brute force attacks
• MSA-09-0007 Missing input validation in logs allows potential XSS attacks
• MSA-09-0008 CSRF vulnerability in forum code

New language strings file

• report_security.php

New language pack

• Kazakh - Калима Туенбаева

(See Translation credits for additional details.)

Known problems and regressions

• New Security overview report on large sites extremely slow and overloading database server MDL-18040 - update to latest weekly or copy /admin/report/security/* files from latest weekly

Moodle 1.9.3

Release date: 15th October 2008

Here is the full list of fixed issues in 1.9.3.

Highlights

• Major SCORM module improvements
  • Passes all SCORM 1.2 Conformance tests
  • Improved Visualisation of SCORM objects
  • New Debug tool
  • Improved handling of AICC objects
  • Better cross-platform compatible javascript
  • Improved the interaction of SCO completion and Gradebook interaction
  • TOC fixes - structure, expand/collapse, and prerequisites
  • Corrected element behaviour for cmi.objectives, cmi.comments_from_learner, cmi.interactions, cmi.launch_data
• New capabilities: moodle/role:safeoverride, moodle/course:changefullname, moodle/course:changeidnumber and moodle/course:changeshortname
• New option in HTML settings to allow HTML tags in activity and resource names
• Improved detection of misconfigured dataroot directory
• New Manage authentication setting for relaxing email domain restrictions when changing email
• New Enrolments setting for disabling the email welcome message which users receive when they self-enrol in a course
• New Internal enrolment setting for disabling the enrolment key hint
• New Gradebook report setting to show/hide percentages in the user report
• New statistics setting for specifying the maximum number of days processed in each stats execution
• Checkbox user profile field
• Indication for administrators when a site is in Maintenance mode
• Fix for major groups upgrade problem
• Fix for Firefox password manager problem
• Fixes for course category edit and add capabilities problems
• Multiple choice questions in quizzes. Following feedback, we have reversed the change in Moodle 1.9 that showed students feedback to all option, not just the ones they had selected. (MDL-14643)
• The regression in 1.9.2 that broke images in quiz questions has been fixed.
• Starting in October 2008, authorize.net codes need true 10cc integers. (MDL-16715)

Security issues

• MSA-08-0019: customised PhpMyAdmin package upgraded to 2.11.9.2
• MSA-08-0020: quiz/questions capabilities lack some risk flags in access.php files
• MSA-08-0021: design deficiency combined with incorrect use of format_string() allowing XSS
• MSA-08-0022: XSS through Wiki page titles
• MSA-08-0023: CSRF in messaging setting
• MSA-08-0024: Overriding of frozen values in Moodle forms
• MSA-08-0025: SQL injection in tags code
• MSA-08-0026: customised HTML Purifier upgraded to 2.1.5

New language pack

• Bangla - Razib Mustafiz

(See Translation credits for additional details.)

Moodle 1.8.7

Release date: 15th October 2008

Here is the full list of fixed issues in 1.8.7.

Security issues

• MSA-08-0020: quiz/questions capabilities lack some risk flags in access.php files
• MSA-08-0021: design deficiency combined with incorrect use of format_string() allowing XSS
• MSA-08-0022: XSS through Wiki page titles
• MSA-08-0023: CSRF in messaging setting
• MSA-08-0024: Overriding of frozen values in Moodle forms

See also

• Category:Release notes for release notes for earlier versions
• Release dates

pt:Versões do Moodle ru:Примечания к версиям