Release date: 25th March 2010

Here is the full list of fixed issues in 1.9.8.

Special notes

• If you are using an unusual authentication mechanism then you may experience problems with sessions, and be unable to log in. If this happens to you, add the following to your config.php to make login work:

$CFG->regenloginsession = false;

Highlights

• MDL-16658 - New capability moodle/restore:createuser to control whether a user can create users when restoring a course
• MDL-21174 - Bulk upload of user profile pictures now excludes deleted users
• MDL-20125 - New Section Links block settings
• MDL-21868 - Fix for bug affecting upgrade to 1.9.7+ on MS SQL
• MDL-21606 - Fix for Chameleon theme not working with Firefox 3.6 bug
• MDL-21343 - Fix for LDAP authentication settings not being shown
• MDL-19392 and MDL-21332 - Fixes for AICC objects
• MDL-21045 - Grade letters, outcomes, grade categories and grade items are now restored regardless of whether users are included in the course backup
• MDL-20122 - SCORM module restore now retains maxgrade, updatefreq, maxattempt, grademethod and options (popup window option checkboxes)
• MDL-20819 - Fix for statistics generation problem
• MDL-21029 - Global glossary auto linking fix
• MDL-20810 - Hotpot module import questions fix

Security issues

• MSA-10-0001 Vulnerability in KSES text cleaning
• MSA-10-0002 XSS vulnerabilty in the phpcas module
• MSA-10-0003 Disclosure of full user names
• MSA-10-0004 Improved access control in course restore
• MSA-10-0005 Incorrect validation of forms data
• MSA-10-0006 SQL injection in Wiki module
• MSA-10-0007 Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine
• MSA-10-0008 Persistent XSS when using Login-as feature
• MSA-10-0009 Session fixation prevention now turned on by default

New language packs

• Asturian - Xosé Nel Caldevilla Vega
• Zulu - iCyber E-Learning Solutions

(See Translation credits for additional details.)

See also

• Moodle 1.9.7 release notes