File moodle3_8.changes of Package moodle3_8
-------------------------------------------------------------------
Tue Jul 21 12:16:44 UTC 2020 - lars@linux-schulserver.de - 3.8.4
- update to 3.8.4
Security fixes
+ MSA-20-0007 Vulnerable JavaScript libraries: jQuery 1.9.1 (upstream)
+ MSA-20-0008 Reflected XSS in admin task logs filter
+ MSA-20-0009 Course enrolments allowed privilege escalation from
teacher role into manager role
+ MSA-20-0010 yui_combo should mitigate denial of service risk
General fixes and improvements
+ MDL-67700 - Messages displaying in incorrect conversations when
switching between conversations quickly
+ MDL-60827 - OAuth 2 still expecting email verification after
"Require email verification" has been disabled
+ MDL-52578 - Activity weight set to 0 on creation
+ MDL-68864 - Clear my choice for single answer multiple choice questions is erratic
+ MDL-67126 - In assignment activity the completion state is not set
reliably for all group members
+ MDL-68436 - Atto RecordRTC (record audio/video) plugin only works
in the first editor on a page
+ MDL-69106 - convert_submissions task with asynchronous document
conversion cannot be completed by cron
+ MDL-68203 - Error duplicating quiz when there is a course view link in the answer
+ MDL-69109 - Theme icons are lost after web upgrade in 3.9 or theme change in other versions
+ MDL-66917 - No validation that uploaded (from zip) plugin has higher version than installed
+ MDL-68992 - Update minimal age of digital consent according to current legislation
+ MDL-68253 - On the first page of a book, no previous arrow should be shown in navigation
+ MDL-67172 - Allow multiple H5P content displayed properly when
accessing the first time (backport of MDL-67095 )
+ MDL-67497 - Capability "backuptargetimport" should have captype "read"
+ MDL-64175 - 'Advanced settings' for media resources in Atto are not loaded properly when editing
+ MDL-68215 - Make the Activity results block styling consistent with other blocks
+ MDL-69002 - Backpack authenticate check called too regularly for admin
+ MDL-68847 - Fix missing variable bug with link dnd code
+ MDL-68733 - quiz random question tags are deleted accidentally on entire site
+ MDL-68723 - Filemanager File tree view does not list all files.
+ MDL-68576 - Filepicker is not working when using the file details view
+ MDL-68270 - Compact logo on Nav Bar is blurred with Boost related themes
+ MDL-68054 - Capability "viewhiddenactivities" and "viewhiddensections" should have captype "read"
+ MDL-57240 - For an overdue quiz attempt, the summary page has links
that just redirect back to the same page
+ MDL-66899 - Regrading quiz attempts should be logged
+ MDL-69077 - The capabilities moodle/question:tag* are not visible in the
"Check permissions" page in the activity context
+ MDL-66601 - Usability issue trying to uploading images wider than browser width, in RTL mode
+ MDL-52138 - Gradebook floating headers are incorrectly styled
+ MDL-68099 - Warning in grader report in separate groups mode
+ MDL-68828 - Theme classic mobile issues
+ MDL-68899 - Dashboard course cards don't render well in theme classic
+ MDL-67903 - UI for grades import using spreadsheet is broken in theme_boost and theme_classic
+ MDL-68738 - YouTube video displayed twice in wiki
+ MDL-63812 - Question type Drag and drop into text undefined notice
for gap in question and answer slot
+ MDL-68425 - Participants page shows option to send messages without capability check
+ MDL-68772 - In edit quiz (Boost / Classic) navigation overlaps
+ MDL-69021 - Alert links hard to distinguish
+ MDL-67294 - Choosing bulk removal of empty submissions causes an error
+ MDL-68137 - "Download All Submissions as a zip" can remove file extension
Accessibility improvements
+ MDL-68312 - Gradebook: Grader report: Accessibility issues
+ MDL-69008 - Accessibility issues in the pagination bar template
+ MDL-68353 - Course management: Create new course: Accessibility issues
+ MDL-68343 - Gradebook: Single view: Accessibility issues
+ MDL-68200 - Forum: Discussion list: Accessibility issues
-------------------------------------------------------------------
Wed Jun 10 18:35:54 UTC 2020 - lars@linux-schulserver.de - 3.8.3
- update to 3.8.3
Security fixes
+ MSA-20-0005 MathJax URL upgraded to later version to remove XSS risk (upstream)
+ MSA-20-0006 Remote code execution possible via SCORM packages
General fixes and improvements
+ MDL-67442 - Assignment online text and feedback comments don't expand using Safari
+ MDL-66245 - GDPR data request export not usable when using
special characters (invalid file paths)
+ MDL-52319 - Failed environment.xml check does not prevent plugin from being installed
+ MDL-58964 - Add existing class attributes to Boost flat navigation nodes
+ MDL-67995 - Single activity format dropdown from types of activity empty
+ MDL-68047 - TCPDF lib change results in deleted .jpg images in
plugins such as mod_certificate
+ MDL-68116 - Prepare Moodle to be ready when h5p.org down completely
so that only the author can see the test content
+ MDL-68277 - Essay question type review: answer box should be the right size
+ MDL-66200 - Gradebook CSV import deletes existing feedback comments
if set to be ignored
+ MDL-68183 - Searching for user by email (case-insensitive + accent-sensitive)
is too expensive on MySQL with many users
+ MDL-66671 - Missing LTI resource crashes sync_grades task
+ MDL-68223 - When grading assignments unable to select annotation
comment using the mouse
+ MDL-67886 - admin/cli/check_database_schema.php does not check indexes
+ MDL-66849 - Appearance of tooltip title attributes in custom menu is incorrect
+ MDL-68146 - help and advanced icons are shown twice for checkboxes in forms
+ MDL-68049 - Link-level LTI memberships service not working
+ MDL-65539 - Keyboard drag and drop ordering of sections in courses is
broken and confusing
+ MDL-68427 - paging_bar previous/next buttons have wrong page numbers
+ MDL-67930 - Forum discussions with hidden group picture display as broken links
+ MDL-68189 - Names of sections renamed inline do not change in the
keyboard drag and drop menu
+ MDL-68509 - Deleting a temporary table forces a reload of the
databasemeta cache (Backport of MDL-58584)
+ MDL-67499 - Cannot delete user if email is over 89 characters long
+ MDL-67751 - Folders don't get listed in course resources
+ MDL-67672 - As soon as fullnamedisplay and alternativefullnameformat differ,
names in profile title and user menu differ
Accessibility improvements
+ MDL-67663 - Forum grading submit grade form does not conform
to accessibility guidelines
+ MDL-64494 - Contrast of colours for success, info, error and
warnings text is not accessible
+ MDL-67968 - Calendar: New event: Accessibility issues
+ MDL-67970 - Course homepage: Editing mode on: Accessibility issues
+ MDL-68148 - Course participants: Main: Accessibility issues
+ MDL-67902 - Calendar month view accessibility issues
+ MDL-68135 - Course homepage: View mode: Accessibility issues
+ MDL-67901 - No label for clear my choice option on multiple-choice questions
+ MDL-68196 - Course participants: Enrol user: Accessibility issues
+ MDL-68266 - Course management: insufficient colour contrast
Security improvements
+ MDL-68193 - db_replace() doesn't emit any audit trail, should emit a Moodle event
+ MDL-68443 - Improve XMLDB path validation of included files
- language packs updated
-------------------------------------------------------------------
Fri May 8 11:44:56 UTC 2020 - lars@linux-schulserver.de - 3.8.2
- remove php-imap dependency on newer distributions: php imap is
marked as deprecated and not available any longer on openSUSE
-------------------------------------------------------------------
Mon Apr 6 21:25:04 UTC 2020 - lars@linux-schulserver.de - 3.8.2
- update to 3.8.2
General fixes and improvements
+ MDL-67175 - Chrome 80 support
+ MDL-57755 - Notifications automatically marked as read when messaging deactivated
+ MDL-67132 - LTI Adv grades do not roll up in course total
+ MDL-67414 - PostgreSQL 12.x support
+ MDL-67894 - Database error when sorting responses by "Groups"
+ MDL-67204 - Assignment calendar events with "alwaysshowdescription" get
updated on every task run because of not updated "lastcron" field
+ MDL-65952 - mod_scorm automatically checks "passed" and "completed" completion options
+ MDL-67690 - Course Overview doesn't remember Starred filter state
+ MDL-63316 - Give back the default sort behaviour (lastname) in the participant table
+ MDL-49103 - Badge baking uses tEXt instead of iTXt
+ MDL-64531 - Delete quiz JSON error if question category deleted
+ MDL-67532 - Create Badge Page -- language defaults to 'Afar'
+ MDL-67817 - Update time zones listed in the language strings
+ MDL-67675 - Cannot cut and paste if H5P button is added to the Atto toolbar
+ MDL-60126 - Competency user data is not being erased when user gets deleted
+ MDL-67842 - Cannot remove the idnumber from a question
+ MDL-67674 - Performance: Course category tree cache can get built in parallel
+ MDL-66024 - tool_uploadcourse: fullname/shortname fields don't get length checked while uploading
+ MDL-51225 - Q&A forum recent activity reveals posts
+ MDL-67486 - Minimize how long we hold the global cron lock for
+ MDL-67721 - No 'View grade' button for single simple discussion forum
+ MDL-65884 - "Activity names auto-linking" filter and activity name
like "-" (hyphen) breaks course content visualization
+ MDL-67471 - mark_notification_read fails if messaging disabled
+ MDL-66721 - Add an activity or resource menu "add" button appears below the fold
+ MDL-67364 - TinyMCE editor font sizes are too small in Classic theme (and other child themes)
+ MDL-67891 - Uninstalling Cohort roles tool can break site upgrade
+ MDL-67511 - Toast wrapper can interfere with Forum grading buttons
+ MDL-63424 - Required field indicator missing from Assign submission page
+ MDL-66875 - Calendar - Navigating months - URL doesn't work
+ MDL-66858 - <header> HTML5 tag is filtered out by Atto editor
+ MDL-66220 - Q&A forum allows students to reply to posts they cannot see
+ MDL-67830 - Error being logged when navigating from gradebook to quiz
+ MDL-67746 - Cleanup of task logs fails with big number of records to be deleted
+ MDL-66897 - 'The grades were not saved...' should not be displayed as a success message
+ MDL-67142 - Long quiz names break deletion ad hoc task when questions are backed up
+ MDL-67312 - Events without subscriptions can lock users out of their sites
+ MDL-66108 - Error "You cannot make a category of one of its own subcategories."
+ MDL-67644 - Allow to disable identity providers via Moodle app feature settings
+ MDL-67806 - Allow to disable Dark Mode via Moodle app feature settings
+ MDL-67237 - Option to disable "H5P Offline" feature in the app
+ MDL-67980 - Sort ad-hoc tasks by "nextruntime"
+ MDL-65573 - Splitting a discussion creates discussion record with an incorrect first post author
+ MDL-67732 - Respect the capability for displaying the fullname
+ MDL-64686 - "Search courses" layout should look good on all screen sizes
+ MDL-67942 - Quiz: report delete_selected_attempts notice when a user has multiple enrolments
+ MDL-67424 - Errors showing for Forums in Complete Report for students
+ MDL-67327 - Switching "JavaScript Cache" on crashes first.js
+ MDL-48024 - Plugins should be able to provide data generators for Behat
+ MDL-65956 - A teacher trying to remove a submission without having
the relevant capability encounters an error
+ MDL-67410 - Ajax call to enroll potential users is too slow
+ MDL-66581 - Password reset email doesn't fill in $a->link when auth_method is LDAP
+ MDL-67392 - Forum information about timed discussion doesn't handle
correctly "displaystartdate" and "displayenddate" containing quotes
+ MDL-67285 - Filepicker does not work in the modal forms - unable to click on input texts
+ MDL-66503 - Scorm player is really narrow in new window on classic theme
+ MDL-66871 - Moodle calendar is not able to import .ics files with repeated events anymore
+ MDL-67042 - Block overview course filter displays hidden custom fields
+ MDL-65735 - Activity completion report - clicking initial should reset page number
+ MDL-67152 - Current day not displayed by default when using the calendar day view
+ MDL-67458 - Fatal error if cohort_role_sync task is run when an assigned role no longer exists
+ MDL-67359 - Relocate the Notifications area in the grader interface
+ MDL-67300 - Calendar: Inconsistent behaviour of managegroupentries capability
+ MDL-67277 - Discussion list shows subjects in bold
+ MDL-67154 - Quiz print version should not split questions over two pages
+ MDL-66708 - LTI 1.3 private key reset on each tool edit
+ MDL-64695 - tool_dataprivacy doesn't filter multilang tags within $SITE->fullname
+ MDL-67233 - Choices with only open dates in the future do not appear on timeline
+ MDL-67336 - Forum inline reply option is applying filters before saving content in the DB
+ MDL-67596 - Cron / adhoc task runners ramp up slowly for no reason
Accessibility improvements
+ MDL-67969 - Calendar: View event details: Accessibility issues
+ MDL-67899 - Emoji picker button does not have a description
+ MDL-67876 - Forms with client-side validation should always scroll
to the invalid element when you try to submit
+ MDL-67865 - Broken ARIA reference in the user menu
+ MDL-67863 - Ensure keyboard focus order is efficient and logical
+ MDL-67862 - Empty h3 tag in message deletion dialogue
+ MDL-67684 - Cache data contained in nested ul
+ MDL-67577 - Accessibility: Wrong tabindex order in top navbar (message+notification)
+ MDL-61390 - Forum: Heading structure on Search results page
+ MDL-61389 - Forum: "Discuss this topic" accessibility
+ MDL-59817 - Atto Accessibility Checker not catching accessibility issues in Firefox
+ MDL-35971 - Forum discussion table has no summary
Security fixes
+ MSA-20-0002 Grade history report does not respect Separate
groups mode in the course settings
+ MSA-20-0003 IP addresses can be spoofed using X-Forwarded-For
+ MSA-20-0004 Admin PHP unit webrunner tool requires additional input escaping
+ MSA-20-0001 Stored XSS in message conversation overview
- updated language packs
-------------------------------------------------------------------
Wed Dec 18 16:02:53 UTC 2019 - Lars Vogdt <lars@linux-schulserver.de>
- new package moodle3_8 based on moodle3_6
