File moodle3_3.changes of Package moodle3_3
-------------------------------------------------------------------
Mon Mar 19 14:30:48 UTC 2018 - lars@linux-schulserver.de
- update to 3.3.5
Highlights
+ MDL-48501, MDL-61600 - Migrate to reCAPTCHA v2
+ MDL-51189 - Quiz: now possible to edit user overrides even if
quiz is not available to a student
+ MDL-60241 - Invisible default sections lead to unexpected visibility layout
+ MDL-61344 - Assignment: "additional files" are now shown in Edit Submission view
GDPR preparation:
Plugins will be available for Moodle 3.3 and 3.4 to help Moodle sites to
comply with GDPR. In Moodle 3.5 they will be included in the standard
distribution. Some necessary core changes were already included in this
release:
+ MDL-61307 - New Privacy subsystem
+ MDL-61477 - Allow plugins to handle site policies and
overwrite $CFG->sitepolicy
+ MDL-61423 - Signup process - add minimum age verification
Fixes and improvements
+ MDL-58006 - Assignment: reset 'Blind marking' status during 'Course reset'
+ MDL-58845 - Choice: hide "unanswered" column when it is set so
in choice settings
+ MDL-56688 - Single View & grades export should follow the same
order set in gradebook set up
+ MDL-61305 - Performance: Modinfo cache can get built in parallel
+ MDL-61242 - EQUELLA repository: fixed error "The source url does
not match the sourcekey."
+ MDL-61175 - Change "Remind me to grade by" date according to the
new course start date after course resto
- updated language packs
-------------------------------------------------------------------
Tue Jan 17 19:31:20 UTC 2018 - lars@linux-schulserver.de
- update to 3.3.4:
Highlights
+ MDL-34161 - LTI: backup and restore supports submissions and also course
and site tools. References to the site tools are restored only
on the same site (they are not included in course backup for
security reasons).
+ MDL-27886 - If general backup setting "Include users" is unchecked,
users with relevant capability can now backup user data
+ MDL-40613 - LDAP authentication method now can synchronise custom user
profile fields
Fixes and improvements
+ MDL-58887 - Accessibility: Gear icon is now properly defined for
screen readers
+ MDL-54106 - Fixed bug preventing deletion of incomplete users accounts
after specified period of time (setting "Delete not fully
setup users after")
+ MDL-59512 - Allow to connect to OAuth 2 services that only support
client authentication via Basic Auth
+ MDL-56197 - Lesson: Multiple Choice answers should appear on same line as radio button
+ MDL-45068 - Number of bug fixes in Import Groups from CSV tool
+ MDL-52100 - Folder resource: Fixed bug with big files being deleted
when editing teachers update resource with global maxbytes lower
+ MDL-37757 - Turning off Server Files Repository should not break courses that use it
+ MDL-58272 - Assignment: Fixed bug when converting images in submisisons
to pdf (unoconv)
+ MDL-54967 - IMS Common Cartridge import works correctly with HTML entities in URLs
+ MDL-27230 - Quiz: when group override is deleted the calendar event should also be deleted
+ MDL-57431 - Quiz: Clicking on help for "Shuffle" button no longer toggles shuffle itself
+ MDL-42676 - Assignment: Bug fix. The "This assignment is not accepting submissions"
message is displayed in the assignment when override the grade
+ MDL-34389 - Category manager with the 'moodle/course:changecategory' should
be able to move existing courses between categories
+ MDL-52538 - Lesson: Fixed bug with content pages displaying grade when they should not
+ MDL-45500 - Allow uninstalling grading methods plugins
+ MDL-58817 - LTI: display correct icons
+ MDL-43042 - Lession multichoice questions with multiple answers : more clear
indication for the user which answer was correct
+ MDL-40790 - Lesson: UI fix for content buttons running off the edge of the page
+ MDL-59999 - Lesson: Grade essays page does should show which essays have been graded
+ MDL-57564 - Respect setting "Sort my courses (navsortmycoursessort)" on the dashboard
Security issues
+ MSA-18-0001 Server Side Request Forgery in the filepicker
+ MSA-18-0002 Setting for blocked hosts list can be bypassed with multiple A record hostnames
+ MSA-18-0003 Privilege escalation in quiz web services
+ MSA-18-0004 XSS in calendar event name
- updated language packs
-------------------------------------------------------------------
Mon Nov 13 17:36:18 UTC 2017 - lars@linux-schulserver.de
- update to 3.3.3
Highlights
+ MDL-59798 - Assignment: Show Due Date in calendar for teachers and managers
+ MDL-36580 - External Tool: backup/restore consumer key and secret
(on the same site only)
+ MDL-57560 - Show file upload progress bar in Boost theme
+ MDL-37810 - List custom roles in the filter on Participants page
Security issues
+ A number of security related issues were resolved.
Fixes and improvements
+ MDL-52131 - Respect comment format in questions manual comments
when Plain text area editor is used
+ MDL-55849 - Assignment: Reopening a group assignment should not create
additional attempts for each group member
+ MDL-59909 - Fixed error in ad-hoc refresh_mod_calendar_events_task that
caused exceptions and very long cron run time
+ MDL-59780 - Restore MathJax filter settings that were lost in previous upgrades
+ MDL-54540 - External tool: Allow to switch to full screen mode
+ MDL-51892 - Better explaination of the reason for failed logins in the logs report
+ MDL-57055 - Label resource: allow to access "Label administration" without
Administration block on the "Edit label" page
+ MDL-53244 - Show error message when incorrect CAPTCHA is entered on sign-up page
+ MDL-57477 - Fixed configuration of PHP 7 sessions using memcached (3.x.x)
+ MDL-59854 - Forum: Avoid creating duplicate subscriptions due to race conditions
+ MDL-60366 - Feedback: fixed upgrade script (introduced in 3.1.6 and 3.2.3)
that deleted valid multiple anonymous attempts. If your site was
affected, please follow MDL-60592 for the script that restores
accidentally deleted data.
- updated language packs
-------------------------------------------------------------------
Wed Oct 18 07:17:06 UTC 2017 - lars@linux-schulserver.de
- update to 3.3.2:
Highlights
+ MDL-59492 - Gray out hidden courses in the new course overview block
+ MDL-57412 - Setting "Always link course sections" should apply consistently in Boost and Clean/More
+ MDL-58196 - "Require passing grade" in the Quiz activity completion settings can only
be checked if "Student must receive a grade" is also checked
+ MDL-57698 - Bug fix: Backup and restore cause deadlock with sqlsrv driver
Fixes and improvements
+ MDL-55912 - Assignment: when blind marking is enabled, students should receive teacher
participant number in the email and not their own
+ MDL-54607 - Calendar export should not export events without duration as full-day events,
i.e. assignment due dates have time component that was lost during export
+ MDL-59490 - Bug fix: LTI does not work when activity has a long name
+ MDL-55937 - Assignment: fixed error when viewing attachments of team submission
+ MDL-59511, MDL-59746, MDL-59539, MDL-59869 - Multiple fixes in OAuth 2 services
(Google, OwnCloud, Nextcloud, etc)
+ MDL-35290 - My private files should continue working even if some files in filesystem
are currently unreadable
+ MDL-57259 - Fixed bug that caused multiple debugging messages in error.log when teachers
use assignment grading
+ MDL-56646 - Assignment: changing maximum grade of the module could result in negative grades
in assignment which were pushed as "0" to the gradebook. This bug was fixed and will not happen
in the future. However, according to Moodle policy, no existing grades were changed. Teachers will
see the warning that there are erroneous grades and will be able to fix all of them with one click
+ MDL-54965 - Database module: fixed SQL error when you edit an entry after having added a new
picture/file field
+ MDL-46495 - When uploading courses the setting "Completion tracking" should be set to
the site default
+ MDL-59262 - Courses made via course request or "Upload course" tool should respect
default course sections
+ MDL-59442 - Some third party modules had very big icons in the Default activity completion page
+ MDL-38129 - Grade export of user profile fields can now work with uppercase letters in the fields names
+ MDL-59317 - Performance improvements on the messages page
+ MDL-57246 - Trying to view a forum without the capability may lead you to a broken page.
+ MDL-59287 - Generate calendar event for "Expected completed on" for all modules.
+ MDL-55364 - Forum headers alignment on narrow screens
+ MDL-57649 - Lesson: Fixed bug deleting files unrelated to the pages being deleted
+ MDL-59195 - Assignments: when switching role to student teacher should be able to view group submissions
+ MDL-59068 - Lesson: Restore the behaviour of "No, I just want to go on to the next question"
Security issues
+ MSA-17-0017 XSS in contact form on "non-respondents" page in non-anonymous feedback
+ MSA-17-0018 Course reports are not respecting group settings in courses
+ MSA-17-0019 user_can_view_profile() incorrectly assumes $course as shared course
+ MSA-17-0020 Admins may not know that exposing vendor directory is a security risk
For developers
+ MDL-59708 - Hooks into the file API (backport of MDL-57476)
- fixes the following bugs reported via openSUSE bugtracker:
+ boo#980317 : CVE-2016-3733, CVE-2016-3729, CVE-2016-3731, CVE-2016-3732,
CVE-2016-3733, CVE-2016-3734
+ boo#1012958 : CVE-2016-8642
+ boo#1012959 : CVE-2016-8643
+ boo#1021046 : CVE-2017-2576, CVE-2017-2578
+ boo#1021099 : CVE-2016-5012
+ boo#1039118 : CVE-2017-7489, CVE-2017-7490, CVE-2017-7491
+ boo#1049066 : CVE-2017-2642
+ boo#1049067 : CVE-2017-7531
- updated language files
-------------------------------------------------------------------
Tue Jul 11 09:17:55 UTC 2017 - lars@linux-schulserver.de
- update to 3.3.1:
Highlights
+ MDL-58136 - Show only "in progress" courses in the My courses
list in Booost flat navigation
+ MDL-56046 - Fixed bug when downloading Quiz statistics report
and other multiple-sheet reports
+ MDL-58646, MDL-59122 - Number of performance improvements in
Boost cache rebuilding
+ MDL-58310, MDL-59312, MDL-58103 - Correctly display AJAX errors
and ignore interrupted requests caused by page unload
(occasional "undefined" popup)
+ MDL-44961 - When restoring course with rolling start date
never change log dates
Security issues
+ MSA-17-0006 User fullname disclosure on user preferences page
+ MSA-17-0014 Course overview block reveals activities in hidden courses
+ MSA-17-0015 Course creators are able to change system default
settings for courses (CVE-2017-7532, bnc #1049068)
+ MSA-17-0016 Authentication bypass vulnerability with old CAS servers
Fixes and improvements
+ MDL-46322 - Assignment: Only enrolled users may be assigned as
markers, if admins/managers can view course but are not enrolled
they will not be assigned
+ MDL-58907 - Course overview: Remember last view mode
(Timeline/Courses), add a setting for a default mode
+ MDL-58729 - Performance impovement in MySQL collation change
script (follow up for Full UTF-8 Support in MySQL)
+ MDL-57957 - Assignment: Fixed bug with feedback files not being
shown to students if assignment has no grading
+ MDL-57021 - Use normal password form field during sign up,
adding new user and enrolling in a course
+ MDL-49988 - Wiki: line breaks in HTML source code should
not affect page layout
+ MDL-58811 - Quiz: fixed bug preventing quiz duplication if
questions have file links in their texts
For developers
+ MDL-58911 - Change of behavior when writing unittests for the dashboard
events - now callback from module are executed in unittests same
way they would be executed on the dashboard
- updated language packs
-------------------------------------------------------------------
Tue May 16 10:30:16 UTC 2017 - lars@linux-schulserver.de
- initial version 3_3 based on 3_2
