Skip to main content

Moodle 2.7.4

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 12 January, 2015

Here is the full list of fixed issues in 2.7.4.


  • MDL-40241 - Default Manager and Teacher role are able to manually mark course as completed
  • MDL-46442 - Notifications about assignment re-submissions are sent
  • MDL-43462 - EditPDF correctly shows landscape PDFs
  • MDL-43679 - Clicking link to Moodle in MS Word no longer results "You are already logged in" message

Functional changes

  • MDL-42717 - Ensure automated backup files are deleted when an error occurs because of directory permissions
  • MDL-47601 - Ensure old automated backups are deleted including the case when file name is renamed from language string
  • MDL-48023 - Changed "Cache-control: private" to "public" on public static files to increase performance
  • MDL-48224 - Forum cron uses SMTP buffering
  • MDL-33606 - Make distinction between all section course view and a single section course view log entry

API changes

  • MDL-44657 - No more JavaScript error when the form class is namespaced
  • MDL-48697 - Completion directory is recognized by Moodle as a valid component directory
  • MDL-48495 - Limit protocols supported by curl by default

UI changes

  • MDL-35078 - End date for self enrolment on the bulk enrolment form now also contains time
  • MDL-48570 - Course search form is displayed above the course list
  • MDL-42501 - Added help about deleting grades in the course reset form
  • MDL-48206 - Wider textarea for the comments in the comments block

Security issues

  • MSA-15-0001 Insufficient access check in LTI module
  • MSA-15-0002 XSS vulnerability in course request pending approval page
  • MSA-15-0003 CSRF possible in Glossary module
  • MSA-15-0004 Information leak through messaging functions in web-services
  • MSA-15-0005 Insufficient access check in calendar functions in web-services
  • MSA-15-0007 ReDoS possible in the multimedia filter
  • MSA-15-0008 Forced logout through Shibboleth authentication plugin

Fixes and improvements

  • MDL-40097 - Course completion role criteria no longer causes fatal error
  • MDL-35494 - User is able to restore an activity even when they own only one course
  • MDL-20304 - Practice lesson does not appear in Gradebook (Patch)
  • MDL-45324 - Grading notifications are not sent before the grades are released to students
  • MDL-47133 - Keyboard shortcuts in Atto do not interfere with regional keyboard settings
  • MDL-37704 - Possible to lock Description field in users' profiles
  • MDL-36240 - Calendar events from activities are restored even without user data
  • MDL-14908 - Parent Role can view courses for students that are in groups
  • MDL-46472 - Fixed upgrade loop caused by undeletable themes
  • MDL-31822 - Non-default section name is shown at the site level
  • MDL-47475 - PDF annotation is visible by all students in the team and not only by the one who made a submission
  • MDL-47993, MDL-48088 - Correctly parse dates with timezones when importing from Microsoft calendar
  • MDL-48179 - Backup progress no longer times out when compressing large backup