Moodle 1.8 release notes

From MoodleDocs
Revision as of 02:27, 23 June 2011 by Michael de Raadt (talk | contribs) (Updating links to User docs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Moodle 1.8

Release date: 31st March 2007

Here is the full list of fixed issues in 1.8.

Headline features

The Moodle interface is now compliant with XHTML Strict 1.0 and major accessibility standards.
We can now set up peer Moodle installations allowing users to roam from one site to another, using comprehensive SSO and transparent remote enrolments. Administrators at the originating Moodle install can see logs of remote activity. You can also run your Moodle in "Hub" mode where any Moodle install can connect and users roam across.
The Moodle Network code includes an XML-RPC call dispatcher that can expose the WHOLE Moodle API to trusted hosts. We will building on this in further versions but you can start using it now if you need to.
Majority of forms now use a single API for defining forms consistently and collecting data safely without using any HTML at all.
It is now easier to configure multiple sources of authentication at once. WARNING: the format for authentication plugins has changed, so custom plugins may be broken, however it's very easy to convert old code to the new format. More details can be found in /auth/README.txt.
Allow new arbitrary fields to be added to the user profile, with more control over what fields appear on what signup and profile editing screens.
  • Groups refactor - OU /
Groups code has been reorganised to make it more flexible for the future (see 1.9).
In addition to many Roles fixes and refinements, Moodle 1.8 has separated the SYSTEM context from the SITE context (which makes it more like 1.6 used to work). The SITE context is the "front page course" and its activities. This should make it easier for admins to set up permissions. Login as and switching of roles was rewritten. Administrators can view recommended permission settings of legacy roles and may reset legacy roles to defaults.
Open Document Format should solve majority of current problems with exports into proprietary Excel format. You may need to install special import plugin if you are using MS Office.

Known problems

  • CAS auth not working

Module improvements

Payment managers can obtain an authorization code over phone from customer's bank if the credit card of the user cannot be captured on the internet directly.

See also

Moodle 1.8.1

Release date: 14th June 2007

Here is the full list of fixed issues in 1.8.1.


  • The groups implementation has been cleaned up somewhat from the 1.8 release. The groupings GUI that appeared in 1.8 has been removed, because groupings are not complete and should not be used yet. Moodle 1.8 sites that have created groupings should upgrade to 1.8.1 to have groupings reset ... otherwise there could be problem when upgrading to the real groupings in 1.9 or later.

Moodle 1.8.2

Release date: 8th July 2007

Here is the full list of fixed issues in 1.8.2.


  • Two XSS security vulnerabilities (one reported in the wild) were fixed.

Moodle 1.8.3

Release date: 11th October 2007

Here is the full list of fixed issues in 1.8.3.


  • Some crucial performance fixes
  • Many little annoying bugs squashed

Moodle 1.8.4

Release date: 11 January 2008

Here is the full list of fixed issues in 1.8.4.

Moodle 1.8.5

Release date: 8th April 2008

Here is the full list of fixed issues in 1.8.5.


  • KSES related XSS security vulnerability fixed

Moodle 1.8.6

Release date: 11th July 2008

Here is the full list of fixed issues in 1.8.6.

Security issues

Moodle 1.8.7

Release date: 15th October 2008

Here is the full list of fixed issues in 1.8.7.

Security issues

  • MSA-08-0020: quiz/questions capabilities lack some risk flags in access.php files
  • MSA-08-0021: design deficiency combined with incorrect use of format_string() allowing XSS
  • MSA-08-0022: XSS through Wiki page titles
  • MSA-08-0023: CSRF in messaging setting
  • MSA-08-0024: Overriding of frozen values in Moodle forms

Moodle 1.8.8

Release date: 28th January 2009

Here is the full list of fixed issues in 1.8.8.


  • MDL-10021 New option, "Yes, without frame", for the file resource "Keep page navigation visible on the same page" setting. This option displays a resource in a XHTML strict page. Other options have been kept.
  • MDL-16999 Some database module settings have been fixed ('Required Entries' and ' Required Entries before viewing). If the fix has an impact on your Moodle installation, you will be warned during upgrade.

Moodle 1.8.9

Release date: 15th May 2009

Here is the full list of fixed issues in 1.8.9.


Security issues

  • MSA-09-0009 - TeX filter file disclosure
  • MSA-09-0010 - Unzip binary may create symbolic links pointing outside of dataroot on unix/linux servers
  • MSA-09-0011 - Glossary, database and forum ratings are not verified after submission
  • MSA-09-0013 - Customised PhpMyAdmin upgraded to

Known problems and regressions

  • MDL-19266 - Forum posts containing links are not sent on a PHP4 system (fixed in weekly build of 27th May)

Moodle 1.8.10

Release date: 26th October 2009

Here is the full list of fixed issues in 1.8.10.

Security issues

  • MSA-09-0018 - Incorrect escaping when updating first post in a single simple discussion forum type
  • MSA-09-0019 - SQL injection in update_record

Moodle 1.8.11

Release date: 25th November 2009

Important: Upgrading is very highly recommended!

Here is the full list of fixed issues in 1.8.11.

Functional changes

  • After upgrading, admins will be asked to change their passwords next time they log in (manual or email based self-registration accounts only).
  • To reduce the risk of password theft, a password salt is set in config.php in new installs and for upgrades, admins are sent an email recommending that they do so.
  • Teachers lose permission to include ANY user data in a course backup or restore a course including user data due to new capabilities moodle/backup:userinfo and moodle/restore:userinfo which are not set for the default role of teacher. Sites with custom roles should check permissions carefully.
  • Hashed user passwords are no longer saved in backup files containing user data. If a backup is restored to a new site, users will be asked to go through the "forgot my password" routine the first time they log in.
  • In Moodle 1.8.11+ weekly from 23/12/09 onwards: Moodle will no longer serve any uploaded Flash files to browsers with old Flash plugins. Admins can set the minimum required Flash player version in Site Administration > Security > HTTP Security.

Security issues

Moodle 1.8.12

Release date: 27th March 2010

Here is the full list of fixed issues in 1.8.12.

Functional changes

None, just bug fixes

Security issues

Moodle 1.8.13

Release date: 8th June 2010

Here is the full list of fixed issues in 1.8.13.

Functional changes

None, just bug fixes.

Security issues

Some of these vulnerabilities are potentially serious so we strongly recommend you upgrade.

  • MSA-10-0010 Persistent Cross Site Scripting vulnerability in the MNET access control interface
  • MSA-10-0011 Cross Site Scripting vulnerability in blog/index.php
  • MSA-10-0012 KSES Security Filter Bypassing vulnerability
  • MSA-10-0013 Potential Cross Site Scripting vulnerability in Quiz reports

Moodle 1.8.14

Release date: 3rd December, 2010

Here is the full list of fixed issues in 1.8.14.

Security issues

Also notice there was a security problem in the optional phpMyAdmin module:

Note: This is the last formal release of the 1.8 branch. Support for this branch has been discontinued. We highly recommend you upgrade!