Moodle 2.0.5 release notes: Difference between revisions

Revision as of 06:45, 18 October 2011

Release date: 10th October, 2011

Here is the full list of fixed issues in 2.0.5.

Highlights

MDL-28729 - Numerous multi-lang fixes and improvements

Functional changes

MDL-28410 - Allow a single option in a Choice activity
MDL-23520 - Option added to allow deleting of a wiki page

Security issues

MSA-11-0027 - Wiki pages reference forgery issue
MSA-11-0028 - Wiki comments cross site scripting issue
MSA-11-0029 - File visibility issue
MSA-11-0030 - Box.net repository integration authentication issue
MSA-11-0031 - Forms API constant issue
MSA-11-0032 - MNET SSL validation issue
MSA-11-0033 - Site-hub registration identity issue
MSA-11-0034 - Chat module information leak
MSA-11-0035 - Cookie-less session vulnerability
MSA-11-0039 - Wiki section vulnerability
MSA-11-0040 - Potential personal information leak
MSA-11-0041 - Global search authentication issue

Fixes and improvements

MDL-28931 - Updated timezone info to latest version available
MDL-27122 - The Settings block appears once on the Front Page
MDL-28569 - RSS feed autodiscovery works with ampersands in URLs
MDL-26890 - Forum file size limit is used if a file is added from private files
MDL-28402 - LDAP configuration allows values stored in lower case
MDL-25872 - Teacher listed in assignment grading and in gradebook

@@ Line 14: / Line 14: @@
 ===Security issues===
-* MDL-28726 - XSS in Wiki comments
+* [http://moodle.org/mod/forum/discuss.php?d=188309 MSA-11-0027] - Wiki pages reference forgery issue
-* MDL-28724 - CSRF in instancecomments.php, restore version and several other places
+* [http://moodle.org/mod/forum/discuss.php?d=188310 MSA-11-0028] - Wiki comments cross site scripting issue
-* MDL-27586 - Server files shows all categories and courses even if a user don't have access to them
+* [http://moodle.org/mod/forum/discuss.php?d=188311 MSA-11-0029] - File visibility issue
-* MDL-27289 - Box.net repository has security flaws
+* [http://moodle.org/mod/forum/discuss.php?d=188312 MSA-11-0030] - Box.net repository integration authentication issue
-* MDL-29148 - Incorrect handling of openssl_verify() return code
+* [http://moodle.org/mod/forum/discuss.php?d=188313 MSA-11-0031] - Forms API constant issue
-* MDL-23872 - $mform->setConstant() does not work as expected
+* [http://moodle.org/mod/forum/discuss.php?d=188314 MSA-11-0032] - MNET SSL validation issue
-* MDL-27635 - Column registration_hubs.secret gets different default value for upgrade versus install
+* [http://moodle.org/mod/forum/discuss.php?d=188315 MSA-11-0033] - Site-hub registration identity issue
-* MDL-22232 - Teacher can turn off all of a student's notifications
+* [http://moodle.org/mod/forum/discuss.php?d=188316 MSA-11-0034] - Chat module information leak
-* MDL-27219 - Chat disclosed full names of all system users including deleted users
+* [http://moodle.org/mod/forum/discuss.php?d=188317 MSA-11-0035] - Cookie-less session vulnerability
-* MDL-29312 - Prevent $CFG->usesid because hackers try to exploit it
+* [http://moodle.org/mod/forum/discuss.php?d=188321 MSA-11-0039] - Wiki section vulnerability
+* [http://moodle.org/mod/forum/discuss.php?d=188322 MSA-11-0040] - Potential personal information leak
+* [http://moodle.org/mod/forum/discuss.php?d=188323 MSA-11-0041] - Global search authentication issue
 ===Fixes and improvements===

Documentation

Moodle 2.0.5 release notes: Difference between revisions

Revision as of 06:45, 18 October 2011

Contents

Highlights

Functional changes

Security issues

Fixes and improvements

See also