Skip to main content

Moodle 2.8.2

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 12 January, 2015

Here is the full list of fixed issues in 2.8.2.


  • MDL-40241 - Default Manager and Teacher role are able to manually mark course as completed
  • MDL-46442 - Notifications about assignment re-submissions are sent
  • MDL-43462 - EditPDF correctly shows landscape PDFs
  • MDL-43679 - Clicking link to Moodle in MS Word no longer results "You are already logged in" message

Functional changes

  • MDL-42717 - Ensure automated backup files are deleted when an error occurs because of directory permissions
  • MDL-47601 - Ensure old automated backups are deleted including the case when file name is renamed from language string
  • MDL-48023 - Changed "Cache-control: private" to "public" on public static files to increase performance
  • MDL-48224 - In the Task API, each adhoc and scheduled task now has it's own SMTP buffer, and the legacy cron has one buffer for all tasks. Previously scheduled tasks had no buffer, and the legacy cron had a buffer only for tasks of activity modules.
  • MDL-33606 - Make distinction between all section course view and a single section course view log entry

API changes

  • MDL-44657 - No more JavaScript error when the form class is namespaced
  • MDL-22309 - get_role_users() works correctly when a user is assigned more than one role
  • MDL-48697 - Completion directory is recognized by Moodle as a valid component directory
  • MDL-48495 - Limit protocols supported by curl by default

UI changes

  • MDL-35078 - End date for self enrolment on the bulk enrolment form now also contains time
  • MDL-42501 - Added help about deleting grades in the course reset form
  • MDL-48206 - Wider textarea for the comments in the comments block

Security issues

  • MSA-15-0001 Insufficient access check in LTI module
  • MSA-15-0002 XSS vulnerability in course request pending approval page
  • MSA-15-0003 CSRF possible in Glossary module
  • MSA-15-0004 Information leak through messaging functions in web-services
  • MSA-15-0005 Insufficient access check in calendar functions in web-services
  • MSA-15-0006 Capability to grade Lesson module is missing XSS bitmask
  • MSA-15-0007 ReDoS possible in the multimedia filter
  • MSA-15-0008 Forced logout through Shibboleth authentication plugin

Fixes and improvements

  • MDL-40097 - Course completion role criteria no longer causes fatal error
  • MDL-35494 - User is able to restore an activity even when they own only one course
  • MDL-20304 - Practice lesson does not appear in Gradebook (Patch)
  • MDL-45324 - Grading notifications are not sent before the grades are released to students
  • MDL-47133 - Keyboard shortcuts in Atto do not interfere with regional keyboard settings
  • MDL-37704 - Possible to lock Description field in users' profiles
  • MDL-36240 - Calendar events from activities are restored even without user data
  • MDL-14908 - Parent Role can view courses for students that are in groups
  • MDL-46472 - Fixed upgrade loop caused by undeletable themes
  • MDL-31822 - Non-default section name is shown at the site level
  • MDL-47475 - PDF annotation is visible by all students in the team and not only by the one who made a submission
  • MDL-47993, MDL-48088 - Correctly parse dates with timezones when importing from Microsoft calendar
  • MDL-48150 - Fixed a bug whereby only the first post in a forum was sent with the correct headers on each run of cron
  • MDL-48288, MDL-48191 - Grader report's floating headers work correctly when email or average row is hidden
  • MDL-48179 - Backup progress no longer times out when compressing large backup
  • MDL-48164 - 'Reply to email' does not result in out-of-office replies posted in forum