Moodle 2.9.3
Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 9 November 2015
Here is the full list of fixed issues in 2.9.3.
Highlights
- MDL-42639 - Web service core_user_get_users_by_field should return username or idnumber to all managers
- MDL-48861 - Assignment: "Need grading" filter is not working properly within grading overview
- MDL-51552 - "Single View" bulk insert for empty grades no longer overwrites non-empty grades
- MDL-51083 - Fixed undesired browser password autofilling in several forms (majority of forms were fixed in MDL-45772 in previous release)
- MDL-36606 - AJAX Grader report now works correctly when uneditable cells are present
Functional changes
- MDL-49545 - Teachers without capability to change course full or short name should not be able to do it during restore as well
- MDL-50917 - Allow manager to access another user's preferences
- MDL-50811 - Forum email replies update completion tracking information
- MDL-51834 - Lock custom profile fields that are set to by synchronised with various auth plugins
- MDL-44707 - Copy embedded files in HTML block when duplicating block (mostly affects adding HTML block with files to default Dashboard)
- MDL-51467 - Changing course start date when resetting course now correctly adjusts Date Restrictions
- MDL-43594 - Assignment: Resetting course start date now updates calendar events respectfully
UI changes
- MDL-40710 - Better visualization of badges backpack icon
- MDL-51290 - Make adding a photo to a profile more obvious
- MDL-50207 - Fixed activity results block CSS not to overwrite table caption and work correctly with RTL
Security issues
- MSA-15-0037 Possible to send a message to a user who blocked messages from non contacts
- MSA-15-0038 DDoS possibility in Atto
- MSA-15-0039 CSRF in site registration form
- MSA-15-0040 Student XSS in survey
- MSA-15-0041 XSS in flash video player
- MSA-15-0042 CSRF in lesson login form
- MSA-15-0043 Web service core_enrol_get_enrolled_users does not respect course group mode
- MSA-15-0044 Capability to view available badges is not respected
- MSA-15-0045 SCORM module allows to bypass access restrictions based on date
- MSA-15-0046 Choice module closing date can be bypassed
Fixes and improvements
- MDL-51514 - Performance improvement in one of regrading queries on MySQL
- MDL-51498 - Improve performance for regrading gradebook
- MDL-50805 - Performance improvement in cron Messaging Cleanup Task
- MDL-50790 - Fixed problem with removing content of Reply to email feature in gmail
- MDL-26429 - Added missing criteria icons to completion report
- MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF
- MDL-46710 - LTI module correctly tracks completion when opened in a new window
- MDL-46497 - Atto: clicking RTL button and then LTR button should not add additional HTML tags
- MDL-49032 - RFC2445_WSP defined incorrectly for Bennu iCal.
- MDL-50892 - Fixed errors appearing when resource or activity was named '0' (zero)
- MDL-51390 - Badges: fixed connection to external backpack
- MDL-50079 - Atto: Fixed bug when user was unable to select "open in new window" when linking to the file from repository
- MDL-48881 - Fixed bug with lesson not always showing student attempts
API changes, for developers
- MDL-51756 - Please can someone explain this. It leads to debugging messages relating to web services that don't make it clear how to fix ones code.