Difference between revisions of "Moodle 2.7.3 release notes"

From MoodleDocs
 
Line 20: Line 20:
 
===Security issues===
 
===Security issues===
 
   
 
   
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+
* [https://moodle.org/mod/forum/discuss.php?d=275146 MSA-14-0035] Headers not added to some AJAX scripts
 +
* [https://moodle.org/mod/forum/discuss.php?d=275147 MSA-14-0036] XSS in mapcourse script in Feedback module
 +
* [https://moodle.org/mod/forum/discuss.php?d=275152 MSA-14-0037] Weak temporary password generation
 +
* [https://moodle.org/mod/forum/discuss.php?d=275153 MSA-14-0038] Hidden grade information exposed by web services
 +
* [https://moodle.org/mod/forum/discuss.php?d=275154 MSA-14-0039] Insufficient access check in LTI module
 +
* [https://moodle.org/mod/forum/discuss.php?d=275155 MSA-14-0040] Information leak in Database activity module
 +
* [https://moodle.org/mod/forum/discuss.php?d=275157 MSA-14-0041] Lack of capability check in tags list access
 +
* [https://moodle.org/mod/forum/discuss.php?d=275158 MSA-14-0042] Lack of access check in IP lookup functionality
 +
* [https://moodle.org/mod/forum/discuss.php?d=275159 MSA-14-0043] Lack of group check in web service for Forum
 +
* [https://moodle.org/mod/forum/discuss.php?d=275160 MSA-14-0044] Hardware path disclosed in the error message
 +
* [https://moodle.org/mod/forum/discuss.php?d=275161 MSA-14-0045] XSS file upload possible through web service
 +
* [https://moodle.org/mod/forum/discuss.php?d=275162 MSA-14-0046] CSRF in LTI module
 +
* [https://moodle.org/mod/forum/discuss.php?d=275163 MSA-14-0047] Possible data loss in Wiki activity
 +
* [https://moodle.org/mod/forum/discuss.php?d=275164 MSA-14-0048] CSRF in forum tracking toggle
 +
* [https://moodle.org/mod/forum/discuss.php?d=275165 MSA-14-0049] Possible to print arbitrary message to user by modifying URL
 
   
 
   
 
===Fixes and improvements===
 
===Fixes and improvements===

Latest revision as of 04:44, 17 November 2014

Releases > Moodle 2.7.3 release notes

Release date: 10 November, 2014

Here is the full list of fixed issues in 2.7.3.

Highlights

  • MDL-38732 - Grading a course activity, while editing Gradebook, no longer causes unintentional overrides
  • MDL-47208 - Hiding an activity with calendar events no longer breaks the calendar for non-admins
  • MDL-48008, MDL-46546 - Grade import gives useful information when an error occurs
  • MDL-47316 - Course overview block performance has been improved

Functional changes

  • MDL-46818 - Form-change checking added to Gradebook setup page
  • MDL-46821 - Category identification in the Gradebook User report is now clearer
  • MDL-40343 - Deeply nested Forum posts display clearly

Security issues

Fixes and improvements

  • MDL-44536 - Workshop completion report no longer produces errors
  • MDL-48010 - XML grade import from URL is fixed
  • MDL-47835 - Upgrade no longer results in problems with the Recent activity block
  • MDL-46151 - String filter caching no longer resulting in bad string values
  • MDL-42974 - Modal dialogues now work in IE8
  • MDL-46088 - Text editors shown correctly in secure quiz windows
  • MDL-36987 - Users no longer able to edit locked profile fields

See also