Moodle 2.7.3 release notes: Difference between revisions
From MoodleDocs
No edit summary |
|||
| Line 20: | Line 20: | ||
===Security issues=== | ===Security issues=== | ||
* [https://moodle.org/mod/forum/discuss.php?d=275146 MSA-14-0035] Headers not added to some AJAX scripts | |||
* [https://moodle.org/mod/forum/discuss.php?d=275147 MSA-14-0036] XSS in mapcourse script in Feedback module | |||
* [https://moodle.org/mod/forum/discuss.php?d=275152 MSA-14-0037] Weak temporary password generation | |||
* [https://moodle.org/mod/forum/discuss.php?d=275153 MSA-14-0038] Hidden grade information exposed by web services | |||
* [https://moodle.org/mod/forum/discuss.php?d=275154 MSA-14-0039] Insufficient access check in LTI module | |||
* [https://moodle.org/mod/forum/discuss.php?d=275155 MSA-14-0040] Information leak in Database activity module | |||
* [https://moodle.org/mod/forum/discuss.php?d=275157 MSA-14-0041] Lack of capability check in tags list access | |||
* [https://moodle.org/mod/forum/discuss.php?d=275158 MSA-14-0042] Lack of access check in IP lookup functionality | |||
* [https://moodle.org/mod/forum/discuss.php?d=275159 MSA-14-0043] Lack of group check in web service for Forum | |||
* [https://moodle.org/mod/forum/discuss.php?d=275160 MSA-14-0044] Hardware path disclosed in the error message | |||
* [https://moodle.org/mod/forum/discuss.php?d=275161 MSA-14-0045] XSS file upload possible through web service | |||
* [https://moodle.org/mod/forum/discuss.php?d=275162 MSA-14-0046] CSRF in LTI module | |||
* [https://moodle.org/mod/forum/discuss.php?d=275163 MSA-14-0047] Possible data loss in Wiki activity | |||
* [https://moodle.org/mod/forum/discuss.php?d=275164 MSA-14-0048] CSRF in forum tracking toggle | |||
* [https://moodle.org/mod/forum/discuss.php?d=275165 MSA-14-0049] Possible to print arbitrary message to user by modifying URL | |||
===Fixes and improvements=== | ===Fixes and improvements=== | ||
Revision as of 04:44, 17 November 2014
Releases > Moodle 2.7.3 release notes
Release date: 10 November, 2014
Here is the full list of fixed issues in 2.7.3.
Highlights
- MDL-38732 - Grading a course activity, while editing Gradebook, no longer causes unintentional overrides
- MDL-47208 - Hiding an activity with calendar events no longer breaks the calendar for non-admins
- MDL-48008, MDL-46546 - Grade import gives useful information when an error occurs
- MDL-47316 - Course overview block performance has been improved
Functional changes
- MDL-46818 - Form-change checking added to Gradebook setup page
- MDL-46821 - Category identification in the Gradebook User report is now clearer
- MDL-40343 - Deeply nested Forum posts display clearly
Security issues
- MSA-14-0035 Headers not added to some AJAX scripts
- MSA-14-0036 XSS in mapcourse script in Feedback module
- MSA-14-0037 Weak temporary password generation
- MSA-14-0038 Hidden grade information exposed by web services
- MSA-14-0039 Insufficient access check in LTI module
- MSA-14-0040 Information leak in Database activity module
- MSA-14-0041 Lack of capability check in tags list access
- MSA-14-0042 Lack of access check in IP lookup functionality
- MSA-14-0043 Lack of group check in web service for Forum
- MSA-14-0044 Hardware path disclosed in the error message
- MSA-14-0045 XSS file upload possible through web service
- MSA-14-0046 CSRF in LTI module
- MSA-14-0047 Possible data loss in Wiki activity
- MSA-14-0048 CSRF in forum tracking toggle
- MSA-14-0049 Possible to print arbitrary message to user by modifying URL
Fixes and improvements
- MDL-44536 - Workshop completion report no longer produces errors
- MDL-48010 - XML grade import from URL is fixed
- MDL-47835 - Upgrade no longer results in problems with the Recent activity block
- MDL-46151 - String filter caching no longer resulting in bad string values
- MDL-42974 - Modal dialogues now work in IE8
- MDL-46088 - Text editors shown correctly in secure quiz windows
- MDL-36987 - Users no longer able to edit locked profile fields
