Hosting Moodle

3.7.2

10 September - 330MBBug Fixes

Unoconv doesn't work after the scheduled task conversion_cleanup_task has run

Broken link in messages contact request notification

Regrading a quiz in progress causes student to lose data

Cannot update user profile with non-internal auth method such as LDAP

Do not display "Send a message" option in course participants list if messaging is disabled site-wide

Export of questions with lots of images as Moodle XML runs out of memory

Online text assignment error when attempting to submit an image only (with no text)

'Delete and then restore' doesn't delete when using asynchronous restore

Emojis are very big in forum notification emails

Quiz page title does not tell the user where they are in the quiz

Course restore excluding groups still restores quiz overrides resulting in extra calendar events

Manually completed course activities showing in Timeline

Grade page is broken if submission other than PDF was deleted

Error reading from database after upgrade to 3.7.1 (MySQL 8.0.2)

Expanding/collapsing PDF comments causes other annotations to change position

"Is this your first time here?" shows when self registration disabled and no message in auth_instructions

Exporting table data to PDF places entries in wrong columns

Assignment due date does not update for group selection

Blog-like format forum no longer shows unread messages count

Annotated PDF - Comments can't be added and viewed in RTL user interface

Upgrade PHPMailer

Maintenance Mode messages don't appear with Force Login enabled

File picker error messages are not read out in assignment to screen reader users

Custom theme favicon on LTI provider site breaks LTI authentication

Deleting a user tour causes error in privacy data export

Some Dashboard elements are following browser language, not page language

Remove community finder block - as part of Sunsetting moodle.net

Remove course-sharing functionality - as part of Sunsetting moodle.net

Multiple choice question text not wrapped in Lesson

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.7.2_release_notes






3.7.1
 (Sicherheitsupdate)
8 Juli - 330MBSecurity

Details of any security issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. 



Bug Fixes

Calendar export no longer limited to 40 events

Jump to dropdown menu no longer overlaps before / next activity links

Quiz with activity completion 'Or all available attempts completed' no longer possible with unlimited attempts

Users with capability moodle/site:messageanyuser can message any user regardless of their privacy settings

Guest users prompted to enrol in order to post in a forum

'Re' no longer duplicated in forum post subject line

Redis cache store correctly displays exception after failed connections

Recently accessed items block checks for whether a course is deleted before showing items from it

Ampersand in site title no longer breaks LTI provider cartridge XML

Forum mailings and maintenance jobs no longer fail with 'Suspended account' exception

Assignment individual grading when using rubric and workflow grade is displayed

PDF annotation comments no longer expand unexpectedly

Enrolled users list sort order no longer changes after adding or removing a user

Multi-lang filter no longer ignores 'en' parent language

Enrolments whose start date is after the analytics analysis start time are no longer discarded

Forum backup and restore retains any private replies as private

Child themes have base layouts loaded

Fix for 'error/usernotconfirmed' exception in forum mailings and maintenance jobs

Long course names in 'Recently accessed courses' block correctly displayed

Improved memory usage of analytics evaluation and initial training processes

SMTP debugging no longer displayed for lower debugging output levels

Badges from other sites which are displayed via a backpack no longer show date in the future

Restore process no longer displays an error if the capability doesn't exist

Quick reply now respects subscribe on reply user preference

Item counts for action events are now shown in the timeline block

Unread forum posts are once again highlighted

Quiz navigation buttons once again scroll to the correct question on the page

Forum advanced search form styling improvements

Students at risk models correctly discard user enrolments whose start and end dates do not fit into the analysed time interval

Atto 'Manage files' now detects filenames containing a hash symbol (#)

Language customisation page once again displays the correct buttons

Database activity unapproved entries are once again highlighted

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.7.1_release_notes






3.7
 (Hauptversion)
23 Mai - 330MBForum

MDL-22077 - Private reply option

MDL-65033 - Ability to star discussions

MDL-64956 - In-page forum post reply

MDL-65032 - Ability to lock discussions manually

MDL-65069 - Ability to create discussions without changing page

MDL-64820 - Forum display updated to use templates

MDL-65071 - List of discussions is sortable

MDL-65034 - Accessibility improvements to forum discussions

MDL-65394 - Forum rendering speed improvements

MDL-46881 - Forum scheduled task (cron) has been refactored into several smaller cron tasks



Messaging

MDL-65015 - HTML in messages is cleaned according to site/role "trusttext" configuration

MDL-64715 - Personal space in messaging drawer for draft messages etc.

MDL-64495 - New settings page for messaging-related settings

MDL-63620 - Group conversations can be created from both the auto-create groups edit page and the import groups tool

MDL-63915 - Old messaging user interface removed and replaced with a new widget

MDL-64773 - Messaging conversations can be muted

MDL-65132 - New capability for deleting messages for all users within group conversations

MDL-64017 - Message processors can identify and handle group messages

MDL-64703 - Updated interface on the messaging index page

MDL-64137 - Searches highlight text that matches the search term

MDL-65114 - Timestamps in the main conversation list include days and years

MDL-64093 - New admin setting to set the site default for using enter key to send messages

MDL-60680 - Improved push notifications



Themes

MDL-58428 - All Boost templates moved to core

MDL-64505 - Classic theme introduced to core

MDL-64506 - Bootstrapbase and related themes (Clean/More) removed from core

MDL-65449 - Themes can override the course pattern used on the dashboard



LTI

MDL-62599 - LTI 1.3 support introduced



Open Badges

MDL-63262 - Support added for Open Badges 2.0 platforms

MDL-63876 - Moodle competencies can be linked to criteria for badges in Open Badges 2.0



Dashboard and Course Overview

MDL-63794 - Course categories can be displayed on courses in the course overview block

MDL-64855 - New admin setting to control the output of the course category in the myoverview block

MDL-64376 - Scrolling improved in the recently accessed courses block

MDL-64903 - Course filters are logically grouped in the myoverview block

MDL-64898 - The completion progress bar is no longer displayed for teachers in the myoverview block



Learning Analytics

MDL-61667 - Improvements to the install/uninstall procedure the Analytics API offers to plugins

MDL-64783 - New "upcoming activities due" model added

MDL-65582 - The "upcoming activities due" model is enabled by default

MDL-64786 - Users can overwrite default model names

MDL-64693 - New target added for course competencies achievement

MDL-64636 - New target added for course completion

MDL-65176 - New target added for students at risk of not getting the minimum grade to pass a course

MDL-64954 - A "More info" link provides more information about different core analytics elements

MDL-64777 - Default models can be restored

MDL-64787 - Analytics models can be evaluated using a trained machine learning backend

MDL-60944 - Models can be created, deleted, imported and exported

MDL-64779 - Ability to choose whether to include trained model weights in an export

MDL-65175 - When evaluating a model, the time-splitting method can be set using the web interface

MDL-65177 - It is possible to set the frequency of insight generation for models based on assumptions (e.g. the "upcoming activities due" model)

MDL-60936 - "Enabled time-splitting methods" analytics setting converted to a list of default time-splitting methods for a model's evaluation



Usability improvements

MDL-5311 - Choices can be cleared for single-answer multiple-choice questions

MDL-43385 - Print output of books has been improved

MDL-28505 - Course backup and restore can be performed asynchronously

MDL-61537 - Ability to rotate pages when annotating PDFs in assignment feedback

MDL-63773 - Assignment settings form hides irrelevant options instead of disabling them

MDL-64552 - Moodle forms inside the admin top level directory hide irrelevant options instead of disabling them

MDL-64557 - Moodle forms inside the course directory hide irrelevant options instead of disabling them

MDL-60474 - The student selection tool in the grading interface reflects the sorting order of the grading table

MDL-39261 - File support added to lesson essay questions

MDL-60913 - Global search results can be split into tabs by category

MDL-50793 - Teachers can see hidden pages in book activities

MDL-60059 - Workshop activity action events support drag and drop in the calendar

MDL-62142 - Accessibility improvements for Boost course landing page

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.7_release_notes






3.6.6

10 September - 330MBBug Fixes

Unoconv doesn't work after the scheduled task conversion_cleanup_task has run

Broken link in messages contact request notification

Regrading a quiz in progress causes student to lose data

Cannot update user profile with non-internal auth method such as LDAP

Do not display "Send a message" option in course participants list if messaging is disabled site-wide

Export of questions with lots of images as Moodle XML runs out of memory

Online text assignment error when attempting to submit an image only (with no text)

Emojis are very big in forum notification emails

Quiz page title does not tell the user where they are in the quiz

Course restore excluding groups still restores quiz overrides resulting in extra calendar events

Manually completed course activities showing in Timeline

Grade page is broken if submission other than PDF was deleted

Error reading from database after upgrade to 3.7.1 (MySQL 8.0.2)

Expanding/collapsing PDF comments causes other annotations to change position

"Is this your first time here?" shows when self registration disabled and no message in auth_instructions

Assignment due date does not update for group selection

Annotated PDF - Comments can't be added and viewed in RTL user interface

Upgrade PHPMailer

Maintenance Mode messages don't appear with Force Login enabled

File picker error messages are not read out in assignment to screen reader users

Custom theme favicon on LTI provider site breaks LTI authentication

Deleting a user tour causes error in privacy data export

Mobile features should reflect new features supported by Moodle App version 3.7 (backport of MDL-61199)

Remove community finder block - as part of Sunsetting moodle.net

Remove course-sharing functionality - as part of Sunsetting moodle.net

Multiple choice question text not wrapped in Lesson

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.6.6_release_notes



Zeige mehr Versionen




3.6.5
 (Sicherheitsupdate)
8 Juli - 330MBSecurity

Details of any security issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. 



Bug Fixes

Calendar export no longer limited to 40 events

Jump to dropdown menu no longer overlaps before / next activity links

Boost theme no longer ignores HTML block custom classes

Quiz with activity completion 'Or all available attempts completed' no longer possible with unlimited attempts

Users with capability moodle/site:messageanyuser can message any user regardless of their privacy settings

Hidden blocks can once again be unhidden

Redis cache store correctly displays exception after failed connections

Recently accessed items block checks for whether a course is deleted before showing items from it

Ampersand in site title no longer breaks LTI provider cartridge XML

Assignment individual grading when using rubric and workflow grade is displayed

PDF annotation comments no longer expand unexpectedly

Enrolled users list sort order no longer changes after adding or removing a user

Multi-lang filter no longer ignores 'en' parent language

Enrolments whose start date is after the analytics analysis start time are no longer discarded

Texts in Moodle format remain in the same format when edited

Improved memory usage of analytics evaluation and initial training processes

SMTP debugging no longer displayed for lower debugging output levels

Restore process no longer displays an error if the capability doesn't exist

Quick reply now respects subscribe on reply user preference

Item counts for action events are now shown in the timeline block

Forum advanced search form styling improvements

Students at risk models correctly discard user enrolments whose start and end dates do not fit into the analysed time interval

Atto 'Manage files' now detects filenames containing a hash symbol (#)

Database activity unapproved entries are once again highlighted

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.6.5_release_notes






3.6.4
 (Sicherheitsupdate)
14 Mai - 330MBFixes and improvements

MDL-62872 - Atto editor RecordRTC Video no longer erroneously reports the maximum upload size limit has been reached

MDL-64151 - Courses can be unchecked from course completion in the Boost theme

MDL-64678 - Assignment grading page scrollable on mobile

MDL-64267 - Double scrollbar removed from messaging conversations when using the Clean theme

MDL-65206 - Repeated calendar events include the location from the original event

MDL-64331 - Clicking outside of modal popups containing forms no longer closes the modal, so user input is retained

MDL-64988 - Adding a quiz question in a chosen position no longer affected by section headings

MDL-65169 - User searches within messaging when site-wide messaging is enabled are correctly filtered

MDL-65170 - User searches within messaging with separate groups mode enabled are correctly filtered

MDL-63196 - Calendar export includes category events

MDL-46803 - Resetting a course role retains other roles affected users are assigned in the course

MDL-63263 - Recycle bin includes user data/submissions within deleted course elements

MDL-64894 - Items above anchor targets (such as in collapsible topics) can be clicked in the Boost theme

MDL-65157 - The My overview block hides the completion progress bar for teachers

MDL-65112 - Lesson short answer pages can display iframes

MDL-65399 - Bulk quiz item deletion prevents deletion of the only question in a section (consistent with individual deletion functionality)

MDL-64996 - Static analytics models are no longer marked as not trained after changing the default predictions processor

MDL-65173 - Message notifications are no longer marked as read when a notification email is sent

MDL-65085 - Analytics insights are sent from a site's no reply account, instead of from an admin account

MDL-65179 - Web service token last access is updated less frequently

MDL-65262 - Imported calendar events with locations starting or ending in a space no longer cause an error

MDL-64568 - Deleting a group with group messaging removes that group from the conversation list

MDL-65313 - Deleting a group with group messaging removes that group from favourite conversations

MDL-65087 - Messaging drawer accessibility improved by assigning the 'button' role to relevant links in the interface

MDL-64985 - Messaging drawer accessibility improved by adding and improving ARIA labels

MDL-65127 - Messaging drawer accessibility improved by adding ARIA labels to explain numbers in the interface (such as unread message counts)

MDL-65005 - Timeline block menus accessibility improvements

MDL-64524 - Assignment frequently used comments popup can be scrolled

MDL-65153 - Course competencies page no longer needs to be refreshed before clicking on newly added competencies

MDL-64994 - Analytics can use the latest Python machine learning backend

MDL-65094 - Sites hosted on localhost no longer prompt site admins to register their site

MDL-29320 - Email case is properly handled during user profile updates

MDL-29320 - Email case is properly handled during sign-up

MDL-29317 - Email case is properly handled during grade imports

MDL-65411 - Descriptions in calendar event modals wrap text and resize images where necessary

MDL-65484 - Assignment PDF annotations are contained within the window boundaries

MDL-65299 - The default $theme-colors map used in Bootstrap 4 themes can be overridden

MDL-64979 - Improvements to Behat test reliability on slow machines

MDL-65439 - Improvements to messaging Behat test coverage (see also MDL-64672 and MDL-64670)



Security issues

Details of any security issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.6.4_release_notes






3.6.3
 (Sicherheitsupdate)
8 Mai - 330MBSecurity

"Log in as" functionality exposed to JavaScript risk on other users' Dashboards

Logged in users could view all calendar events

Users could elevate their role when accessing the LTI tool on a provider site

Stored HTML in assignment submission comments allowed links to be opened directly

Secure layout contained an insecure link in Boost theme

get_with_capability_join/get_users_by_capability not aware of context freezing



Highlights

Last post date and time shown correctly on forum page

Gradebook regrading no longer gets stuck

Quiz now displays the correct time left when quiz close date before time limit

Site home and Dashboard now have different data-key attributes when the home page is set to site

All assignment 'View annotated PDF' buttons work

Invalid response value detected messaging error fix

Server files performance improvement for sites with lots of activities and files

Activities can no longer be marked as complete when the context is frozen

Users no longer redirected back to a policy agreement when creating a new account

View competency framework no longer required for viewing competencies in a course

Numerical question units are displayed on the same line

Notifications table has index for the useridfrom column

Participants page performance improvement for courses with ~50k users and 10 groups

A single simple discussion forum now scrolls to new posts

Deleting course sections now also delete files used in the section description

Data export performance improvement

RTL languages correctly aligned in messaging interface

Course image scaled down when no course summary

Forum post word count correctly reflects the size of posts

Accessibility improvement for quiz question feedback

Option to clear prediction for analytics trained models

Clearer button background in Boost

Deleting of feedback question and deleting of user tour step no longer give a 404 error

Glossary 'Actions menu' icon no longer disappears when browsing

External tool 0 points score now correctly recorded as zero in the gradebook

Drag and drop question types now allow use of mixed languages

Boost navigation bar accessibility improvements

Install database CLI script now shows help even if Moodle is already installed

Messaging search simpler UI when search returns no results

'Allowed email domains' setting is now case insensitive

Download assignment submission files via keyboard accessibility fix

Question bank category edit link usability improvement

Boost theme menu links contrast accessibility fix

Messaging contacts are now shown in bold

Messaging search results now shown with date rather than time stamp

get_with_capability_join, get_users_by_capability, assign/unassign_capability now check the capability exists

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.6.3_release_notes






3.6.2
 (Hauptversion)
21 Januar - 330MB3.6.2



Security

Manage groups capability was missing the XSS risk flag

User full name is now escaped in the un-linked userpix page



Bug Fixes

CAS authentication fixed

Exponential question growth prevented when duplicating quizzes

Hidden courses no longer send forum notifications to participants

IMS Common Cartridge can restore from custom temp directory

Drag and drop file uploads now respect the ignore file size limits capability

Performance improvement when fetching notifications

Lesson question responses show multimedia consistently

Messaging user info fix in bootstrapbase themes

Question bank pagination fix

The result of core_user::is_real_user is now consistent

Database query efficiency improvement to core_grade privacy provider

Admin bookmarks block can bookmark admin categories

All unread counts in message functionality now update without a page refresh

Filter support added to group message conversation names

LTI assignment and grade LineItems are retained after the cleanup scheduled task is run

GDPR moodle_content_writer can no longer cause an endless loop

User images are linked to their profile in the new messaging interface

Assignment grading interface 'Next page' navigation now resets scrolling to the top of the next page



3.6.1



Regressions

Previous messaging conversations should be displayed after upgrading



Bug Fixes

Facebook logo is correctly displayed when using OAuth 2 authentication

Calculated multichoice question able to answer with negative note in interactive mod



3.6.0



Security

Login CSRF vulnerability in login form. Note that this fix has previously been disclosed following the release of Moodle 3.5.3, 3.4.6, 3.3.9 and 3.1.15



GDPR and Privacy

Data requests bulk actions

Option to make site policies required or optional

Capabilities for controlling who can download SAR data

Data deletion of existing deleted users

Pre-processing stage removed from data requests process

Data retention summary (read-only)

Option to remove the "Data retention summary" link in the footer

HTML data request export format

User expiry improvements

Data purpose and category inheritance improvements

Different data retention strategies for different roles in a purpose

Ability to configure data registry to use module type defaults

Site mentioned in email notifications of data requests

Option to hide your name in the online users block



Highlights

New Course overview and Timeline block

New Recently accessed courses block

New Recently accessed items block

Option to hide courses in the course overview block

Option to star/unstar courses in the course overview block

New Starred courses block

Dashboard retains user preferences for view options

Course overview block retains user preferences for the number of courses to show

Grace period when displaying "In progress" courses in course overview block

Removal of Dashboard page header

Group messaging

New messaging UI with messaging drawer

Option to disable site-wide messaging

Privacy setting for restricting who can message you

The new 'Allow site-wide messaging' setting is disabled by default for new installs but enabled for upgraded sites if $CFG->keepmessagingallusersenabled = true; is defined in config.php

Option to star messaging conversations

Notifications not sent for group conversations

Group members synchronised with messaging conversations members

Assignment feedback can include media or other files

Improved quiz statistics report usability for randomized questions

Option to add ID numbers to questions and question categories

Single questions can be exported from the question bank

Teachers can specify workshop submission types

Nextcloud integration, with a Nextcloud repository and OAuth 2 Nextcloud service

Support for Open Badges v2

Performance improvements to cache flags

Glossary auto-linking filter performance improvements

atto_htmlplus implemented to improve Atto editor HTML indenting

Copy and paste of images from one WYSIWYG window to another

Forum actions announced by screen reader when completed

Global search displays a relevant icon next to link in results

SVG/high resolution emoticons

Larger badge images are used



Experimental

Context freezing - setting read-only access for categories, courses, activities and their content



Functional changes

'Resend confirmation email' button on login page

IF conditions in grade calculations

Calendar entries location support

Images are displayed in forum notification emails

Course format options may be specified in upload courses CSV file

Page resource option to show/hide "Last modified"

Forum post HTML structure improvements

Option to download the list of course participants

Analytics models can use different machine learning backends

User menu: customusermenuitems map Font Awesome icons for non pix/t folders

JSON added to the default MIME types list

Atto media plugin title global attribute support

Shibboleth authentication identity providers

Grader report saves after edit with multiple tabs

Drag and drop of course events respects the course start date

'Add a new course' link in Site administration

Admin search results provide location of the found matching page

Capability to control use of Atto Record RTC

New blocks supported by the mobile app can be disabled

Legacy log store deprecation

Log changes to site administrators

adhoc task runner

Site upgrades via CLI display new default settings

Indian Rupee added to PayPal enrolment currencies

Set Path to PHP CLI in order to display 'Run now' for Scheduled tasks

Assignment upgrade helper tool removed from core

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.6.2_release_notes






3.5.8
 (Sicherheitsupdate)
29 Oktober - 300MBSecurity

JavaScript injection possible in some Mustache templates via recursive rendering from contexts

Course creation did not check the creator's role assignment capability before automatically assigning them as a teacher in the course

Python Machine Learning dependency versions bumped

Activity :addinstance capabilities were not respected when creating a course in single activity format

Open redirect in the mobile launch endpoint could be used to expose mobile access tokens

Forum subscribe link contained an open redirect if forced subscription mode was enabled



Bug Fixes

Online text assignment error when attempting to submit an image only (with no text)

Grade page is broken if submission other than PDF was deleted

Upgrade PHPMailer

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.5.8_release_notes






3.5.7
 (Sicherheitsupdate)
8 Juli - 300MBSecurity

Details of any security issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. 



Bug Fixes

Boost theme no longer ignores HTML block custom classes

Hidden blocks can once again be unhidden

Redis cache store correctly displays exception after failed connections

SMTP debugging no longer displayed for lower debugging output levels

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.5.7_release_notes






3.5.6
 (Sicherheitsupdate)
14 Mai - 300MBSecurity

Details of any security issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.5.6_release_notes






3.5.3
 (Sicherheitsupdate)
27 November 2018 - 300MBSecurity

Login CSRF vulnerability in login form



Highlights

Data deletion of existing deleted users

Provide a data registry configuration summary (read-only)

Option to remove the "Data retention summary" link in the footer

HTML data request export format

User expiry improvements

Data purpose and category inheritance improvements

Different data retention strategies for different roles in a purpose

Ability to configure data registry to use module type defaults

Possibility to override repository capabilities in activity contexts

Data requests bulk actions

Site mentioned in email notifications of data requests

Delete account link on profile page



Bug Fixes

iOS 11.3 Moodle assignment grading interface fix

iOS mobile browsers TinyMCE editor fix

Glossary filter performance improvement

Edited forum post timestamp fix

Moving questions between sections in quiz fix

Environment check for version not supporting PHP 7.3

Web service core_course_get_course_contents should return stealth activities

Assignment rubrics should consider the fillings table

Boost: Gear icon accessibility improvements

Boost: Gear icon focus improvements

Boost: custommenuitems accessibility improvements

Boost: user profile menu accessibility improvements

Uploading deleted user then adding to cohort ignores the user, instead of resulting in a fatal error

Drag and drop of course events should take into account the course start date

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.5.3_release_notes






3.5.2
 (Sicherheitsupdate)
12 September 2018 - 270MBHighlights

MDL-61652 - Configuration as to who can download SAR data

MDL-62026 - Privacy officer can mark general enquiries as complete

MDL-62660 - Option to set a data request expiry time

MDL-57741 - Launch URL for Publish as LTI tool

MDL-57977 - Global search allows searching for users by alternate name



Fixes and improvements

MDL-60826 - Memory exhaustion error when trying to add/edit calendar event as admin

MDL-60874 - Clearer search results in user enrolment

MDL-62782 - Users with the capability mod/assign:viewgrades can also view uploaded feedback files

MDL-62849 - Filemanager: cannot manage files when there are folders

MDL-62534 - Empty course sections deleted when upgrading

MDL-62600 - Admin is misinformed that there are no data requests

MDL-61351 - Shibboleth logout does not handle file sessions correctly

MDL-62996 - Missing upgrade.php file on tool_dataprivacy may cause errors when upgrading from 3.3 or 3.4

MDL-62643 - Online text assignment submissions generate a blank HTML document for grading when no text is entered

MDL-61515 - The current core php-css-parser prefixing library does not support sass syntax "@supports"

MDL-61424 - When token is rejected from moodle.net provide option to unregister

MDL-59847 - Behaviour when city/country are hiddenfields and identityfields at the same time

MDL-62965 - User profile fields missing on signup page

MDL-62889 - Multiple fixes when redirecting to a URL after clicking on a notification

MDL-62989 - Data requests are listed by date requested for users

MDL-62896 - Some non-core plugins are missing their Additional label on the Plugin data registry page

MDL-62993 - External tool Message in Membership Service not in an Array

MDL-62969 - External tool LtiLinkMemberships URL is invalid

MDL-62581 - Boost Course restore screen styling improvements

MDL-62769 - "Statistics for question positions" graph shows last shown variant, not stats for overall question

MDL-62341 - 'Go back to previous page' link on All policies page

MDL-62746 - Boost core_tag modals content layout improvements

MDL-45389 - Forum index page alignment improvements

MDL-61707 - Pre-signup (minor check) session is not deleted upon signup

MDL-62852 - All policies page lists policy type and audience



Security issues

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.5.2_release_notes






3.5
 (Hauptversion)
2 August 2018 - 270MBMoodle 3.5 focuses on GDPR compliance and enhanced usability and accessibility.



Highlights

Privacy and policies area in Profile

Course images on the dashboard

Clearer icons, accessible fonts

Directly record sound and video

Choice results display

Moodle from your Mobile! (coming soon)

More efficient user management

Award badges based on other badges

Filter questions by tag

Quiz Essay questions

GDPR features

Simple Global Search

LTI Advantage 1.1 support

More badge criteria

Cohort themes

New capabilities

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.5_release_notes






3.4.8
 (Sicherheitsupdate)
8 Mai - 300MB3.4.8



Security

"Log in as" functionality exposed to JavaScript risk on other users' Dashboards

Logged in users could view all calendar events

Users could elevate their role when accessing the LTI tool on a provider site

Stored HTML in assignment submission comments allowed links to be opened directly



Highlights

Last post date and time shown correctly on forum page

Data export performance improvement

get_with_capability_join, get_users_by_capability, assign/unassign_capability now check the capability exists

Exponential question growth prevented when duplicating quizzes



3.4.7



Security

Manage groups capability was missing the XSS risk flag

User full name is now escaped in the un-linked userpix page



Highlights

CAS authentication fixed

Hidden courses no longer send forum notifications to participants

Deletion requests can be processed without a site purpose being set

ReCAPTCHA v2 now works globally

Auto-linking now works with titles containing brackets

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.4.8_release_notes






3.4.6
 (Sicherheitsupdate)
27 November 2018 - 300MBSecurity

Login CSRF vulnerability in login form



Highlights

Data deletion of existing deleted users

Provide a data registry configuration summary (read-only)

Option to remove the "Data retention summary" link in the footer

HTML data request export format

User expiry improvements

Data purpose and category inheritance improvements

Different data retention strategies for different roles in a purpose

Ability to configure data registry to use module type defaults

Possibility to override repository capabilities in activity contexts

Data requests bulk actions

Site mentioned in email notifications of data requests

Delete account link on profile page



Bug Fixes

iOS 11.3 Moodle assignment grading interface fix

iOS mobile browsers TinyMCE editor fix

Glossary filter performance improvement

Edited forum post timestamp fix

Moving questions between sections in quiz fix

Environment check for version not supporting PHP 7.3

Web service core_course_get_course_contents should return stealth activities

Assignment rubrics should consider the fillings table

Boost: Gear icon accessibility improvements

Boost: Gear icon focus improvements

Boost: custommenuitems accessibility improvements

Boost: user profile menu accessibility improvements

Uploading deleted user then adding to cohort ignores the user, instead of resulting in a fatal error

Drag and drop of course events should take into account the course start date

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.4.6_release_notes






3.4.5
 (Sicherheitsupdate)
12 September 2018 - 270MBHighlights

MDL-62799 - tool_dataprivacy plugin merged into 3.4 core

MDL-62800 - tool_policy plugin merged into 3.4 core

MDL-62660 - Option to set a data request expiry time

MDL-57741 - Launch URL for Publish as LTI tool

MDL-57977 - Global search allows searching for users by alternate name



Fixes and improvements

MDL-60826 - Memory exhaustion error when trying to add/edit calendar event as admin

MDL-60874 - Clearer search results in user enrolment

MDL-62782 - Users with the capability mod/assign:viewgrades can also view uploaded feedback files

MDL-62849 - Filemanager: cannot manage files when there are folders

MDL-62534 - Empty course sections deleted when upgrading

MDL-62600 - Admin is misinformed that there are no data requests

MDL-61351 - Shibboleth logout does not handle file sessions correctly

MDL-62643 - Online text assignment submissions generate a blank HTML document for grading when no text is entered

MDL-61424 - When token is rejected from moodle.net provide option to unregister

MDL-59847 - Behaviour when city/country are hiddenfields and identityfields at the same time

MDL-62965 - User profile fields missing on signup page

MDL-62889 - Multiple fixes when redirecting to a URL after clicking on a notification

MDL-62989 - Data requests are listed by date requested for users

MDL-62896 - Some non-core plugins are missing their Additional label on the Plugin data registry page

MDL-62769 - "Statistics for question positions" graph shows last shown variant, not stats for overall question

MDL-62341 - 'Go back to previous page' link on All policies page

MDL-62746 - Boost core_tag modals content layout improvements

MDL-45389 - Forum index page alignment improvements

MDL-61707 - Pre-signup (minor check) session is not deleted upon signup

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.4.5_release_notes






3.4.3
 (Sicherheitsupdate)
18 Mai 2018 - 270MBPlugins are available for Moodle 3.3 and 3.4 to help Moodle sites to comply with GDPR - Data privacy, Policies. In Moodle 3.5 they will be included in the standard distribution.



Highlights

Implement privacy API in various components and standard plugins for user data export and deletion



Bug Fixes

Assignment: Fixed incorrect "No submission" status if group submission changed to individual submission

File resource: Fixed download problem for files with long names

Performance improvement in Calendar in case of big number of course categories

Show grade category name in Grades Export

GDPR and privacy: Change default age of digital consent according to current legislation on each country

Lesson: Fixed regression in cluster navigation

Display participants count on course participants page

Display custom external tool icon in activity chooser

Show self enroled user as inactive when self enrolement method is disabled

A bug which led to the failure of some Scheduled Tasks in certain circmstances has been fixed.

Database module: Fixed bug with creating tables in templates using Atto editor

Quiz: Fixed a report bug where the count of the number of attempts is sometimes incorrect in group averages

Quiz: Fixed a bug where the question text was no longer exported in the quiz statistics HTML download

Quiz: Fixed a bug in the statistics report to display the chosen questions for random question slots

GDPR: Moved the Privacy and policies administration section to the Users tab (when GDPR plugins are installed)

Global search: Remove unicode non-characters from indexing to resolve indexing errors

Facebook OAuth2: Update the Facebook Graph API to v2.12



Security Issues

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.4.3_release_notes






3.4.2
 (Sicherheitsupdate)
4 April 2018 - 220MBHighlights

Migrate to reCAPTCHA v2

Quiz: now possible to edit user overrides even if quiz is not available to a student

Invisible default sections lead to unexpected visibility layout

Assignment: "additional files" are now shown in Edit Submission view



Security issues

Unauthenticated users can trigger custom messages to admin via paypal enrol script

Suspended users with OAuth 2 authentication method can still log in to the site



Bug Fixes

Fixed bug with loading CSS for editor

Fixed bug with empty user name on Participants page if username is included in user identitfy fields

Select correct default role during manual enrolment

Assignment: reset 'Blind marking' status during 'Course reset'

Choice: hide "unanswered" column when it is set so in choice settings

Single View & grades export should follow the same order set in gradebook set up

Performance: Modinfo cache can get built in parallel

Corrected end date for manual enrolments

EQUELLA repository: fixed error "The source url does not match the sourcekey."

Change "Remind me to grade by" date according to the new course start date after course restore



GDPR preparation

New Privacy subsystem

Allow plugins to handle site policies and overwrite $CFG->sitepolicy

Signup process - add minimum age verification

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.4.2_release_notes






3.4.1
 (Sicherheitsupdate)
28 Januar 2018 - 220MBMoodle 3.4.1 is a security and bug-fix release.



Highlights

LTI: backup and restore supports submissions and also course and site tools. References to the site tools are restored only on the same site (they are not included in course backup for security reasons).

If general backup setting "Include users" is unchecked, users with relevant capability can now backup user data

LDAP authentication method can now synchronise custom user profile fields



Fixes and Improvements

Accessibility: Gear icon is now properly defined for screen readers

Incomplete user accounts are now deleted after specified period of time (setting "Delete not fully setup users after")

Allow to connect to OAuth 2 services that only support client authentication via Basic Auth

Lesson: Multiple Choice answers appear on same line as radio button

Import Groups from CSV tool bug fixes

Folder resource: Large files deleted when editing teachers update resource with global maxbytes lower

Turning off Server Files Repository should not break courses that use it

Assignment: Converting images in submissions to pdf (unoconv)

IMS Common Cartridge import works correctly with HTML entities in URLs

Quiz: when group override is deleted the calendar event should also be deleted

Quiz: Clicking on help for "Shuffle" button no longer toggles shuffle itself

Assignment: The message "This assignment is not accepting submissions" is displayed in the assignment when override the grade

Category manager with the 'moodle/course:changecategory' should be able to move existing courses between categories

Lesson: Content pages no longer display grade

Allow uninstalling grading methods plugins

LTI: display correct icons

Lesson multi-choice questions with multiple answers: more clear indication for the user which answer was correct

Lesson: UI fix for content buttons running off the edge of the page

Lesson: Grade essays page shows which essays have been graded

"Sort my courses (navsortmycoursessort)" setting now respected on the dashboard

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.4.1_release_notes






3.4
 (Hauptversion)
30 Dezember 2017 - 220MBMoodle 3.4 is a major update that might deprecate or change the APIs to plugins that you are using.



WE HIGHLY RECOMMEND TAKING A BACKUP OF MOODLE BEFORE ATTEMPTING TO UPDATE YOUR APPLICATION and BE PREPARED TO DISABLE OR REMOVE PLUGINS AFTER OR EVEN BEFORE PERFORMING THE UPDATE IN ORDER TO MINIMISE PROBLEMS.



Calendar

Calendar entries in monthly view should include course shortname

Create calendar event quick-add

Add navigation of all calendar views without page reload

Add support for drag and drop of calendar events

Add support for creation and update of calendar events using a modal dialogue

Add support for calendar events at the category level



Management

Merge Course Participants and Enrolled Users pages

Add bulk editing of enrolment status/dates for users in the course participants page

Remove the "Brief / User Details" functionality from the participants page

Enrol Users button on participants page

Add filter controls to the participants page to allow custom filtering

Add a roles column to participants page

Add a groups column to the participants page

Add a status column to the participants page

Remove the columns from the participants page that are not in showuseridentity

Add "Proceed to course content" to participants page



Other Highlights

Implement analytics engine in Moodle

Add links and a drop down to navigate between activities

Allow teachers to mark activities as completed



Backup, Restore & Import

Correct the permissions required to download and restore course automated backups

Restore with roll forward changes dates for user data

Restore date should not roll for user created data - Core components



Global Search

Index contents of the restored courses

Course reset doesn‘t always shift dates (fixed)

Global search: Make it possible to search blocks

Global search: Allow partial indexing (in scheduled task)



Authentication

Assign arbitrary system roles via LDAP sync

Add option to trust email of an OAuth provider

Enable OAuth 2 token-based authentication for requests in webdav_client

Global Search: Increase file indexing coverage

Global search: Allow search of non-enrolled courses



Functional Changes

LIS Group Variables support in LTI

Should have checkbox for extra credit when you add a grade item

Web services: Manage tokens page should show tokens for all users

Display space used in My Private Files

Performance improvement in Server files repository

Performance improvement due to Role definition caching & accesslib refactoring

Assignment grading: Adding back "Save and show next"

Make section titles and course titles more accessible in Boost

Allow to tag database entries

Assignment: automatically remove embedded files that are no longer linked from submission text. Reduce the size of "Download all submissions"

Lesson overview report does not respect value of showuseridentity setting

Forum: make Subscription mode setting configurable



For Administrators (**Please read carefully: Possible issues that may affect you in Moodle 3.4**)

Deprecate loginhttps. Sites that used to use this setting will now be served via https always

Tool to convert http embedded content to https where available

Let the admin control if the course end date form field in course settings is enabled by default

New filters for User Tours

Compile SCSS files on the command-line

Upgrade: Show upgrade times

Missing index on (timemodified) in grade_items_history table and several other grade history tables. This will increase performance of various reports but may also slow down Moodle upgrade

Add CLI script to kill all sessions

Register and publish courses with moodle.net only, remove support for alternative hubs

Trigger an event in add_to_config_log function

Move "Messages" block out from the standard Moodle distribution

SEO - Create admin setting to be able to enable or disable search engine indexing for sites with forcelogin

Boost: Add a setting for background image

Create new security setting to configure the expiration time of tokens created via login/token.php or tool/mobile/launch.php



Security

Students can find out email addresses of other students in the same course (fixed)



For developers

Upgrade PHPUnit to 6.4 to ensure compatibility with PHP 7.2 - may require changes in unittests.

Compatibility with chrome mink driver

Provide a way to retrieve all courses a user can potentially access.

Global Search: Increase file indexing coverage

Global search: Make it possible to search blocks. See the new \core_search\base_block class.

Form element and admin setting type to choose file types and type groups

Formslib - add function to $mform that makes it possible to hide form elements dependent on selected values

Add possibility to disable admin warning if a development libs directory exists

Plagiarism: onlinetext submission should pass raw submissiontext to plagiarism get_links()

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.4_release_notes






3.3.6
 (Sicherheitsupdate)
18 Mai 2018 - 270MBPlugins are available for Moodle 3.3 and 3.4 to help Moodle sites to comply with GDPR - Data privacy, Policies. In Moodle 3.5 they will be included in the standard distribution.



Highlights

Implement privacy API in various components and standard plugins for user data export and deletion



Bug Fixes

Assignment: Fixed incorrect "No submission" status if group submission changed to individual submission

File resource: Fixed download problem for files with long names

Show grade category name in Grades Export

GDPR and privacy: Change default age of digital consent according to current legislation on each country

Lesson: Fixed regression in cluster navigation

Display custom external tool icon in activity chooser

A bug which led to the failure of some Scheduled Tasks in certain circmstances has been fixed.

Database module: Fixed bug with creating tables in templates using Atto editor

Quiz: Fixed a report bug where the count of the number of attempts is sometimes incorrect in group averages

Quiz: Fixed a bug where the question text was no longer exported in the quiz statistics HTML download

GDPR: Moved the Privacy and policies administration section to the Users tab (when GDPR plugins are installed)

Global search: Remove unicode non-characters from indexing to resolve indexing errors

Facebook OAuth2: Update the Facebook Graph API to v2.12



Security

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.3.6_release_notes






3.3.5
 (Sicherheitsupdate)
4 April 2018 - 220MBSecurity issues

Unauthenticated users can trigger custom messages to admin via paypal enrol script

Suspended users with OAuth 2 authentication method can still log in to the site



Highlights

Migrate to reCAPTCHA v2

Quiz: now possible to edit user overrides even if quiz is not available to a student

Invisible default sections lead to unexpected visibility layout

Assignment: "additional files" are now shown in Edit Submission view



GDPR Preparation

New Privacy subsystem

Allow plugins to handle site policies and overwrite $CFG->sitepolicy

Signup process - add minimum age verification



Bug Fixes

Assignment: reset 'Blind marking' status during 'Course reset'

Choice: hide "unanswered" column when it is set so in choice settings

Single View & grades export should follow the same order set in gradebook set up

Performance: Modinfo cache can get built in parallel

EQUELLA repository: fixed error "The source url does not match the sourcekey."

Change "Remind me to grade by" date according to the new course start date after course restore

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.3.5_release_notes






3.3.4
 (Sicherheitsupdate)
28 Januar 2018 - 220MB3.3.4



Security

Server Side Request Forgery in the filepicker

Setting for blocked hosts list can be bypassed with multiple A record hostnames

Privilege escalation in quiz web services

XSS in calendar event name



Highlights

LTI: backup and restore supports submissions and also course and site tools. References to the site tools are restored only on the same site (they are not included in course backup for security reasons).

If general backup setting "Include users" is unchecked, users with relevant capability can now backup user data

LDAP authentication method now can synchronise custom user profile fields



Bug Fixes

Accessibility: Gear icon is now properly defined for screen readers

Fixed bug preventing deletion of incomplete users accounts after specified period of time (setting "Delete not fully setup users after")

Allow to connect to OAuth 2 services that only support client authentication via Basic Auth

Lesson: Multiple Choice answers should appear on same line as radio button

Number of bug fixes in Import Groups from CSV tool

Folder resource: Fixed bug with big files being deleted when editing teachers update resource with global maxbytes lower

Turning off Server Files Repository should not break courses that use it

Assignment: Fixed bug when converting images in submisisons to pdf (unoconv)

IMS Common Cartridge import works correctly with HTML entities in URLs

Quiz: when group override is deleted the calendar event should also be deleted

Quiz: Clicking on help for "Shuffle" button no longer toggles shuffle itself

Assignment: Bug fix. The "This assignment is not accepting submissions" message is displayed in the assignment when override the grade

Category manager with the 'moodle/course:changecategory' should be able to move existing courses between categories

Lesson: Fixed bug with content pages displaying grade when they should not

Allow uninstalling grading methods plugins

LTI: display correct icons

Lession multichoice questions with multiple answers : more clear indication for the user which answer was correct

Lesson: UI fix for content buttons running off the edge of the page

Lesson: Grade essays page does should show which essays have been graded

Respect setting "Sort my courses (navsortmycoursessort)" on the dashboard



3.3.3



Security

Students can find out email addresses of other students in the same course



Highlights

Assignment: Show Due Date in calendar for teachers and managers

External Tool: backup/restore consumer key and secret (on the same site only)

Show file upload progress bar in Boost theme

List custom roles in the filter on Participants page



Bug Fixes

Respect comment format in questions manual comments when Plain text area editor is used

Assignment: Reopening a group assignment should not create additional attempts for each group member

Fixed error in ad-hoc refresh_mod_calendar_events_task that caused exceptions and very long cron run time

Restore MathJax filter settings that were lost in previous upgrades

External tool: Allow to switch to full screen mode

Better explaination of the reason for failed logins in the logs report

Label resource: allow to access "Label administration" without Administration block on the "Edit label" page

Show error message when incorrect CAPTCHA is entered on sign-up page

Fixed configuration of PHP 7 sessions using memcached (3.x.x)

Forum: Avoid creating duplicate subscriptions due to race conditions

Feedback: fixed upgrade script (introduced in 3.1.6 and 3.2.3) that deleted valid multiple anonymous attempts. If your site was affected, please follow MDL-60592 for the script that restores accidentally deleted data.

Lesen Sie mehr: https://docs.moodle.org/dev/Moodle_3.3.4_release_notes






3.3.2
 (Sicherheitsupdate)
6 Oktober 2017 - 220MBHighlights

MDL-59492 - Gray out hidden courses in the new course overview block

MDL-57412 - Setting "Always link course sections" should apply consistently in Boost and Clean/More

MDL-58196 - "Require passing grade" in the Quiz activity completion settings can only be checked if "Student must receive a grade" is also checked

MDL-57698 - Bug fix: Backup and restore cause deadlock with sqlsrv driver



Fixes and Improvements

MDL-55912 - Assignment: when blind marking is enabled, students should receive teacher participant number in the email and not their own

MDL-54607 - Calendar export should not export events without duration as full-day events, i.e. assignment due dates have time component that was lost during export

MDL-59490 - Bug fix: LTI does not work when activity has a long name

MDL-55937 - Assignment: fixed error when viewing attachments of team submission

MDL-59511, MDL-59746, MDL-59539, MDL-59869 - Multiple fixes in OAuth 2 services (Google, OwnCloud, Nextcloud, etc)

MDL-35290 - My private files should continue working even if some files in filesystem are currently unreadable

MDL-57259 - Fixed bug that caused multiple debugging messages in error.log when teachers use assignment grading

MDL-56646 - Assignment: changing maximum grade of the module could result in negative grades in assignment which were pushed as "0" to the gradebook. This bug was fixed and will not happen in the future. However, according to Moodle policy, no existing grades were changed. Teachers will see the warning that there are erroneous grades and will be able to fix all of them with one click

MDL-54965 - Database module: fixed SQL error when you edit an entry after having added a new picture/file field

MDL-46495 - When uploading courses the setting "Completion tracking" should be set to the site default

MDL-59262 - Courses made via course request or "Upload course" tool should respect default course sections

MDL-59442 - Some third party modules had very big icons in the Default activity completion page

MDL-38129 - Grade export of user profile fields can now work with uppercase letters in the fields names

MDL-59317 - Performance improvements on the messages page

MDL-57246 - Trying to view a forum without the capability may lead you to a broken page.

MDL-59287 - Generate calendar event for "Expected completed on" for all modules.

MDL-55364 - Forum headers alignment on narrow screens

MDL-57649 - Lesson: Fixed bug deleting files unrelated to the pages being deleted

MDL-59195 - Assignments: when switching role to student teacher should be able to view group submissions

MDL-59068 - Lesson: Restore the behaviour of "No, I just want to go on to the next question"



Security Issues

MSA-17-0017 XSS in contact form on "non-respondents" page in non-anonymous feedback

MSA-17-0018 Course reports are not respecting group settings in courses

MSA-17-0019 user_can_view_profile() incorrectly assumes $course as shared course

MSA-17-0020 Admins may not know that exposing vendor directory is a security risk



For Developers

MDL-59708 - Hooks into the file API (backport of MDL-57476)

Lesen Sie mehr: http://docs.moodle.org/dev/Moodle_3.3.2_release_notes






3.3.1
 (Sicherheitsupdate)
10 Juli 2017 - 220MBHighlights

MDL-58136 - Show only "in progress" courses in the My courses list in Booost flat navigation

MDL-56046 - Fixed bug when downloading Quiz statistics report and other multiple-sheet reports

MDL-58646, MDL-59122 - Number of performance improvements in Boost cache rebuilding

MDL-58310, MDL-59312, MDL-58103 - Correctly display AJAX errors and ignore interrupted requests caused by page unload (occasional "undefined" popup)

MDL-44961 - When restoring course with rolling start date never change log dates



Security issues

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.



Fixes and improvements

MDL-46322 - Assignment: Only enrolled users may be assigned as markers, if admins/managers can view course but are not enrolled they will not be assigned

MDL-58907 - Course overview: Remember last view mode (Timeline/Courses), add a setting for a default mode

MDL-58729 - Performance improvement in MySQL collation change script (follow up for Full UTF-8 Support in MySQL)

MDL-57957 - Assignment: Fixed bug with feedback files not being shown to students if assignment has no grading

MDL-57021 - Use normal password form field during sign up, adding new user and enrolling in a course

MDL-49988 - Wiki: line breaks in HTML source code should not affect page layout

MDL-58811 - Quiz: fixed bug preventing quiz duplication if questions have file links in their texts



For developers

MDL-58911 - Change of behavior when writing unittests for the dashboard events - now callback from module are executed in unittests same way they would be executed on the dashboard

Lesen Sie mehr: http://docs.moodle.org/dev/Moodle_3.3.1_release_notes






3.3
 (Hauptversion)
22 Mai 2017 - 220MBHighlights

MDL-55611 - New Course overview dashboard block featuring timeline of events

MDL-58220 - Make use of OAuth 2 services to allow users to authenticate with Google G-Suite or Microsoft Office accounts and manage files from associated drives

MDL-39913 - New Assignment setting for restricting submission file types

MDL-4782 - "Stealth mode" for resources/activities in a course - not displayed on the course page but available for students

MDL-40759 - New Font Awesome icon font for all icons in Moodle



For teachers

MDL-58138 - Activity completion settings for setting activity completion defaults and bulk editing of completion requirements

MDL-48771 - Quiz activity: Option to delete multiple questions

MDL-53814 - Quiz activity: Question type icons are displayed in the quiz manual grading overview

MDL-55459 - Assignment activity: Annotated PDF comments are collapsible

MDL-23919 - Database activity: The setting "Required entries" is now an activity completion condition

MDL-57769 - Topic and weeks course formats: After a course is created, sections can be added and removed only from the course page (it is no longer possible to have "orphaned" activities)

MDL-46929, MDL-57456, MDL-57457 - Forum posts, glossary entries and book chapters may be tagged

MDL-56251 - For courses in weekly format, a new course setting allows for the course end date to be calculated automatically

MDL-47354 - Allow the page size in the Single view report to be configurable



Backup and restore

MDL-34859 - Add site defaults for all restore settings, improve UI around "Overwrite course configuration" select

MDL-40838 - Allow to restore non-default enrollment methods without restoring users

MDL-57769 - When restoring/importing big courses in Weeks and Topics formats into small existing courses ajust the number of sections automatically



For administrators

MDL-46375 - Support for storing files not on the local drive (there are no open-source solutions at the moment, developer's help is required to implement custom cloud storage)

MDL-55528, MDL-58280 - New document converter plugin type allows alternatives to unoconv, such as the Google Drive converter

MDL-55980 - Run individual scheduled tasks from web interface

MDL-57896 - CLI wrapper for get_config() and set_config() methods

MDL-57789 - Use Cache-Control: immutable when serving files

MDL-37765 - New capability to bypass access restrictions, separated from capability to view hidden activities

MDL-57913 - Convert external database authentication synchronisation to scheduled task

Plugins removal and deprecation: The repository Skydrive is deprecated; please migrate to the newer OneDrive repository

Plugins removal and deprecation: The Dashboard block Course overview is replaced with a new block Course overview which is a different plugin. If you want to use the old block, you need to download and install it from https://moodle.org/plugins/block_course_overview



Mobile app support

MDL-57410 - Allow admins to add new external links to pages in the main menu of the Mobile app

MDL-57408 - Add new settings for allowing renaming strings in the Mobile app

MDL-49423 - Add new settings for disabling Mobile app functionalities

MDL-57759 - Allow offline attempts via the Mobile app in the lesson module

MDL-57162 - Support Native App install banners for Android as well as iOS for the mobile app



Other improvements

MDL-33483 - Google Docs repository: Save Doc files in different formats to RTF

MDL-42266 - Improve the list of maximum file size options for file uploads

MDL-51853 - Calendar subscriptions from imported files should be editable

MDL-41729 - Add ability to change passwords for users using Shibboleth

MDL-57572, MDL-57570, MDL-57355 - Redis and static caches performance improvements if igbinary library is installed

MDL-56808 - SCORM module: Performance improvements when running SCORM 1.2 packages

MDL-57686 - Add support for PDO databases in external database authentication

MDL-57638 - RSS Block: RSS feeds are more heavily cached and correctly respect skip values



For developers

MDL-55528 - New plugin type 'fileconverter' for file conversions, unoconv is now a plugin that can be replaced with scalable commercial solutions (see File Converters)

MDL-40759 - Font Awesome icon font is used for all icons in Moodle (see Moodle icons)

MDL-46375 - Support for storing files not on the local drive is implemented by allowing to override functionality of file_storage and stored_file classes (see File System API)

MDL-12689 - Convert all authentication plugins to use settings.php (see upgrade.txt)

MDL-53978 - Add extra plugin callbacks for every major stage of page render (see commit)

MDL-58138 - Course modules may provide additional callbacks to participate in bulk editing of activities completion rules in a course

MDL-58220 - Better office integration

MDL-45584 - Multiple caches can be instantiated with the same definition but with different identifiers

MDL-57769 - Course formats: Attribute 'numsections' was removed from topics and weeks, other course formats may want to implement similar changes

MDL-55956 - Priority field for the calendar events allowing to specify the priority of overrides

MDL-58566 - New methods for retrieving calendar events

MDL-55941 - New element to select first name of first/last names is implemented in tablelib or can be used by developers elsewhere (template)

MDL-56519 - Lint behat .feature files

MDL-57273 - New classes (core\persistent, core\form\persistent, core\external\exporter, \core\external\persistent_exporter) used to represent a data-model and export that data in a standard format for webservices (previously was used in competencies) (see Persistent form, Persistent, Exporter)

MDL-57490 - Removed several legacy JS functions from javascript-static.js

MDL-57690 - mcore YUI rollup is no longer included on every single Moodle page (see [forum post])

Lesen Sie mehr: http://docs.moodle.org/dev/Moodle_3.3_release_notes






3.2.9
 (Sicherheitsupdate)
18 Mai 2018 - 270MB3.2.9



Security

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. 



3.2.8



Bug Fixes

Migrate to reCAPTCHA v2

EQUELLA repository: fixed error "The source url does not match the sourcekey."



Security

Unauthenticated users can trigger custom messages to admin via paypal enrol script

Lesen Sie mehr: http://docs.moodle.org/dev/Moodle_3.2.9_release_notes






3.2.7
 (Sicherheitsupdate)
28 Januar 2018 - 220MB3.2.7



Security

Server Side Request Forgery in the filepicker

Setting for blocked hosts list can be bypassed with multiple A record hostnames

Privilege escalation in quiz web services

XSS in calendar event name



3.2.6



Security

Students can find out email addresses of other students in the same course



Highlights

External Tool: backup/restore consumer key and secret (on the same site only)

Show file upload pr*ogress bar in Boost theme

List custom roles in the filter on Participants page



Bug Fixes

Respect comment format in questions manual comments when Plain text area editor is used

Assignment: Reopening a group assignment should not create additional attempts for each group member

Restore MathJax filter settings that were lost in previous upgrades

External tool: Allow to switch to full screen mode

Better explaination of the reason for failed logins in the logs report

Label resource: allow to access "Label administration" without Administration block on the "Edit label" page

Show error message when incorrect CAPTCHA is entered on sign-up page

Fixed configuration of PHP 7 sessions using memcached (3.x.x)

Forum: Avoid creating duplicate subscriptions due to race conditions

Feedback: fixed upgrade script (introduced in 3.1.6 and 3.2.3) that deleted valid multiple anonymous attempts. If your site was affected, please follow MDL-60592 for the script that restores accidentally deleted data.

Lesen Sie mehr: http://docs.moodle.org/dev/Moodle_3.2.7_release_notes






3.2.5
 (Sicherheitsupdate)
5 Oktober 2017 - 220MBHighlights

MDL-57412 - Setting "Always link course sections" should apply consistently in Boost and Clean/More

MDL-58196 - "Require passing grade" in the Quiz activity completion settings can only be checked if "Student must receive a grade" is also checked

MDL-57698 - Bug fix: Backup and restore cause deadlock with sqlsrv driver



Fixes and improvements

MDL-55912 - Assignment: when blink marking is enabled, students should receive teacher participant number in the email and not their own

MDL-54607 - Calendar export should not export events without duration as full-day events, i.e. assignment due dates have time component that was being lost during export

MDL-59490 - Bug fix: LTI does not work when activity has a long name

MDL-55937 - Assignment: fixed error when viewing attachments of team submission

MDL-35290 - My private files should continue working even if some files in filesystem are currently unreadable

MDL-57259 - Fixed bug that caused polluting error.log with debugging information when teachers use assignment grading

MDL-56646 - Assignment: changing maximum grade of the module could result in negative grades in assignment which were pushed as "0" to the gradebook. This bug was fixed and will not happen in the future. However, according to Moodle policy, no existing grades were changed. Teachers will see the warning that there are erroneous grades and will be able to fix all of them with one click

MDL-54965 - Database module: fixed SQL error when you edit an entry after having added a new picture/file field

MDL-46495 - When uploading courses the setting "Completion tracking" should be set to the site default

MDL-38129 - Grade export of user profile fields can now work with uppercase letters in the fields names

MDL-59317 - Performance improvements on the messages page

MDL-57246 - Trying to view a forum without the capability may lead you to a broken page.

MDL-55364 - Forum headers alignment on narrow screens

MDL-58119 - Use Cache-Control: immutable (backport of MDL-57789)

MDL-57649 - Lesson: Fixed bug deleting files unrelated to the pages being deleted

MDL-59195 - Assignments: when switching role to student teacher should be able to view group submissions

MDL-59068 - Lesson: Restore the behaviour of "No, I just want to go on to the next question"



Security issues

MSA-17-0017 XSS in contact form on "non-respondents" page in non-anonymous feedback

MSA-17-0018 Course reports are not respecting group settings in courses

MSA-17-0019 user_can_view_profile() incorrectly assumes $course as shared course

MSA-17-0020 Admins may not know that exposing vendor directory is a security risk



For developers

MDL-59708 - Hooks into the file API (backport of MDL-57476)

Lesen Sie mehr: http://docs.moodle.org/dev/Moodle_3.2.5_release_notes






3.2.4
 (Sicherheitsupdate)
10 Juli 2017 - 220MBHighlights

MDL-58136 - Show only "in progress" courses in the My courses list in Booost flat navigation

MDL-56046 - Fixed bug when downloading Quiz statistics report and other multiple-sheet reports

MDL-58646, MDL-59122 - Number of performance improvements in Boost cache rebuilding

MDL-58310, MDL-59312, MDL-58103 - Correctly display AJAX errors and ignore interrupted requests caused by page unload (occasional "undefined" popup)



Security issues

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.



Fixes and improvements

MDL-46322 - Assignment: Only enrolled users may be assigned as markers, if admins/managers can view course but are not enrolled they will not be assigned

MDL-58729 - Performance impovement in MySQL collation change script (follow up for Full UTF-8 Support in MySQL)

MDL-57957 - Assignment: Fixed bug with feedback files not being shown to students if assignment has no grading

MDL-57021 - Use normal password form field during sign up, adding new user and enrolling in a course

MDL-49988 - Wiki: line breaks in HTML source code should not affect page layout

MDL-58811 - Quiz: fixed bug preventing quiz duplication if questions have file links in their texts

Lesen Sie mehr: http://docs.moodle.org/dev/Moodle_3.2.4_release_notes






3.2.3
 (Sicherheitsupdate)
8 Mai 2017 - 220MBHighlights

MDL-39913 - Assignment module: Allow teacher to specify what file types are allowed for submissions

MDL-57429 - Badges: Backpack connection now works using Moodle own e-mail verification and does not use removed Persona service

MDL-55468 - Feedback module: Re-introduce export of analysis page removed in 3.1

MDL-57419 - Messaging: Enter inserts a new line instead of sending a message, fixing a problem with too many short emails

MDL-57510 - Added quick navigation between sections of Question bank in Boost theme

MDL-58461 - Updated URLs for MathJAX CDN

MDL-56675 - Memcached MUC store: Detected an incompatible version combination with PHP 5.6 and memcached 1.4.23. Please upgrade to PHP7, or downgrade to a known working version of memcached



Security issues

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.



Fixes and improvements

MDL-58593 - Performance improvement when creating automated backups

MDL-58182 - Fixed absent buttons on course drag and drop dialogue

MDL-41809 - Fixed bug in course cache rebuilding when access restrictions depend on grade in another activity

MDL-55939 - Feedback module: Fixed bug when teachers were not able to map site feedback to courses

MDL-58278 - Assignment module: save grade, feedback and rubric data before marking workflow state is released

MDL-58274 - Theme Boost: fixed misalignment of editing icons on course page in editing mode

MDL-58166 - Assignment module: allow students to view submissions with marking workflow and allocated markers

MDL-57807 - Database module: In advanced search when nothing is specified in the simple menu dropdown assume all values

MDL-58556 - Fixed indefinite loop in LDAP authentication with forced password

MDL-57583 - Bug fix in course completion settings form always selecting all activities

MDL-56370 - Feedback module: If multiple submissions are allowed in non-anonymous feedback new submission should modify the previous one and not start over

MDL-58257 - Fixed bug preventing searching courses with a dash in the title

MDL-57616 - Allow to drag and drop video and audio files to the course page and and insert them as labels

MDL-57704 - LTI provider: Do not force SSLv3, it is insecure and rejected by some clients

MDL-58349 - Assignment module: fixed display of edit pdf comments in theme "Boost"

Lesen Sie mehr: http://docs.moodle.org/dev/Moodle_3.2.3_release_notes






3.2.2
 (Sicherheitsupdate)
23 März 2017 - 220MBHighlights

MDL-36233 - Fixed inconsistent "Submissions not graded" link displayed to the teachers on the course overview block
MDL-48228 - MySQL and MariaDB drivers updated to support full UTF-8 . For sites upgrading to 3.2.2, a CLI script may be used to convert to full UTF-8. See MySQL full unicode support for details.


Security issues

MSA-17-0005 SQL injection via user preferences
MSA-17-0007 Global search displays user names for unauthenticated users
MSA-17-0008 XSS in evidence of prior learning
MSA-17-0009 XSS in attachments to evidence of prior learning


Fixes and improvements

MDL-56122 - Force reload/recreation of (unoconv) preview in grading interface
MDL-51833 - Performance improvement in event monitor preferences loading
MDL-55859 - Assignment: Delete incomplete files after pdf conversion failure
MDL-55762 - Better error handling around ghostscript
MDL-50719 - Long-running scheduled task should not significantly slow down cron processing of other tasks
MDL-57587 - Quiz: Show feedback images when reviewing a quiz attempt
MDL-57608 - VideoJS and VideoJs-Youtube javascript modules are no longer loaded when not required on the page
MDL-50770 - Dashboard should apply customized block positions during dashboard reset
MDL-57374 - Pasting unformatted non HTML plain text in Atto should not remove all styles and class attributes from all existing content in editor
MDL-57362 - Assignment list all submissions must respect separate groups mode
MDL-46782 - When re-entering Multi-SCO SCORM start from the first uncompleted SCO
MDL-53367 - Importing a forum with auto subscription now automatically subscribes current users
MDL-50625 - Allow to use LDAP user synchronisation without page control
MDL-55915 - Respect capability to view full names in assignment grading, grader report and manual user enrolment popup
MDL-57785 - Don't refresh SCORM navigation when navigation display is disabled
MDL-57370 - Performance improvement when displaying notifications and messages popups
MDL-57296 - Fixed bug when teacher without permission to view hidden grades was not able to collapse grade categories in the gradebook
MDL-55547 - Event monitor: fixed bug preventing to view current subscription after deleting a course with subscriptions


For developers

MDL-57030 - Add option to behat run tool to automatically rerun failures
MDL-57940 - Allow behat parallel run to start at different time

Lesen Sie mehr: http://docs.moodle.org/dev/Moodle_3.2.2_release_notes






3.2.1
 (Sicherheitsupdate)
17 Januar 2017 - 220MBFixes and improvements

MDL-55906 - Assignment grading table reset button should clear persistent settings
MDL-57222 - Marking workflow and grading must still save for hidden Assignment
MDL-56810 - Fixed error converting submissions for annotation when student is unenrolled from course
MDL-55062 - Upload users admin tool incorrectly updates authentication method for existing users when not included in CSV
MDL-56912 - Feedback: Allow to submit empty not required multichoice questions
MDL-53044 - Completely prevent login with expired passwords
MDL-57213 - Boost - Fixed bug when my courses were not displayed at all with $CFG->navshowmycoursecategories on


Security issues

MSA-17-0001 System file inclusion when adding own preset file in Boost theme
MSA-17-0002 Incorrect sanitation of attributes in forums
MSA-17-0003 PHPMailer vulnerability in no-reply address
MSA-17-0004 XSS in assignment submission page

Lesen Sie mehr: http://docs.moodle.org/dev/Moodle_3.2.1_release_notes






3.2
 (Hauptversion)
4 Dezember 2016 - 220MBHighlights

MDL-55071, MDL-55074 - New "Boost" Bootstrap 4 theme, usability improvements of the navigation

MDL-54682 - Messaging UI changes

MDL-52777 - Moodle Tour/Walkthough/Instructional overlays for first time user on page (User tours)

MDL-38158 - Pluggable media players in Moodle; Video.JS player

MDL-55324 - Easier embedding videos in audios in Atto editor with poster, subtitles and other attributes

MDL-54987 - New chart API and library



Mobile app

MDL-53870 - Support for offline quizzes in the Mobile app

MDL-53777 - Include support for login via the browser in the new Moodle Mobile admin tool

MDL-55059 - Support Smart App Banners for iOS

MDL-56607 - Move mobile settings to top-level admin



External tool (LTI)

MDL-49609 - Add LTI Content Item support

MDL-47113 - Open LTI Tools in new Window, add link when popup is blocked

MDL-53832 - LTI v2.0 support



Assignment

MDL-38105 - Allow negative score for rubric and change default grade calculation method

MDL-29795 - Add user/group overrides for mod/assign

MDL-54872 - Sort blind marked assignment by blind ID instead of userid



Quiz

MDL-48629 - Change the separator for matching correct answer feedback

MDL-3782 - Allow multiple answers in cloze MULTICHOICE question type

MDL-55200 - Show coordinates in ddmarker questions to simplify dropzone creation



Choice

MDL-18592 - Allow teacher to make choices for students

MDL-11369 - Show choice deadline in the course calendar

MDL-55140 - Allow to specify open and close dates separately

MDL-37946 - When choice display is set horizontal or vertical apply it to both options and results display



Forum

MDL-18599 - Upon restore, association of "owner" of single simple discussion forum type defaults to user completing restore. Solution: hide author of the first post

MDL-37669 - Forum: Make "Mark as read on notification" a user preference

MDL-55982 - Add support for automatic locking of an individual forum discussion after a period of inactivity



Other activity modules

MDL-55327 - Lesson: option to duplicate pages

MDL-55868 - Book: various usability improvements

MDL-56100 - Folder: Display in recent activity block

MDL-54945 - Workshop: integrate with portfolio API

MDL-48944 - Survey: activity completion condition on survey completion

MDL-44712 - SCORM: improve Multi-SCO completion handing in activity completion

MDL-55158 - Database activity: add start and end dates to the calendar

MDL-14448, MDL-55464, MDL-55254, MDL-55251, MDL-49029 - Add standard capability "mod/xxxxx:view" to Lesson, Label, Database, Chat and Choice activities

MDL-55866 - Remember editor disabled setting on a per-activity setting



Global search

MDL-54794 - Add users to global search

MDL-54973 - Add messages to global search

MDL-55127 - Add database entries to global search

MDL-53222 - Revise admin settings/report for global search for improved usability



Other improvements

MDL-30179 - Allow teacher to toggle to/from "user view" in the User report in the gradebook (some items may be hidden for students but not teachers)

MDL-53048 - New "password" fields that are not auto-filled by password managers

MDL-55767 - Allow to import learning plans

MDL-29110 - Specify welcome email sender in enrol_self, or send emails from system noreply address

MDL-22078 - Store "End date" for each course to be used in reports and analytics

MDL-53399 - Remove 'activity chooser off/on' option

MDL-54751 - Introduce asynchronous module deletion so that recycle bin backup does not slow down editing process for the teacher

MDL-55981 - By default non-editing teacher should not be able to access all groups (roles in upgraded sites are not changed)

MDL-31356 - IMS Enterprise enrol plugin added features

MDL-43230 - Support revoking awarded badges

MDL-50286 - Allow to filter report_log by origin : Logs clogged up with events listed as origin cli

MDL-51749 - Add Ability to Export Calendar for user or group events

MDL-50888 - Antivirus: Implement ClamAV virus scanning using unix sockets.

MDL-54617 - Always show count of online users in the online users block

MDL-54680 - Offer cartridges in LTI provider



For administrators

MDL-44467 - Return-Path should use no-reply address instead of support email; use only no-reply email or allowed domains in "From" header

MDL-48468 - Add a Redis cache store to Moodle core

MDL-39117 - Add a APCu cache store to Moodle core

MDL-54947 - Update PostgreSQL binary (bytea) handling and improve connection performance

MDL-48766 - Support IPv6 in IP lookup tool

MDL-55124 - Support for connection pooler (pgbouncer) in PostgreSQL connection

MDL-55916 - Maintenance mode should serve a http 503 instead of a 200

MDL-54606 - Sessions: Add support for Redis as a session_class_handler

MDL-53366 - Antivirus clamav: Remove "Quarantine directory" settings parameter.

MDL-55791 - Add capability to allow certain users through Maintenance mode



Plugins removal - If you are using any of the following you need to download and install the plugins or otherwise they will be removed following 3.2 upgrade:

MDL-55837 - Themes Base and Canvas - these themes can not be used by themselves but they may be used as parent themes

MDL-49533 - Repository Alfresco for Alfresco 4.2 and below, see Alfresco repository documentation

MDL-55927 - Authentication method Radius. This plugin uses mcrypt library and is not compatible with PHP 7.1

MDL-38158 - Media players Flowplayer, Windows media player, RealPlayer, Quicktime - these media players were present in Moodle 3.1 but removed in 3.2. They need to be installed in media/player directory



Web services

MDL-31465 - Incorporate user suspension into web services

MDL-45639 - Web Service for SSO (auto-login from the app to the site)

MDL-55923 - Improve the behavior of deleted tokens on password reset

MDL-55928 - New Web Service gradereport_user_get_grade_items

MDL-55100 - New Web Service core_course_get_courses_by_field



For developers

MDL-55071, MDL-55074 - New "Boost" Bootstrap 4 theme, block and navigation changes (see Boost_Navigation and Themes documentation)

MDL-38158 - Introduction of Media players plugin type (see Media players documentation)

MDL-55727 - Create AMD modal module (see AMD Modal documentation)

MDL-49599 - Deprecate old boxnet v1 API

MDL-53306 - Add hook to be executed before user login in authentication plugins

MDL-55048 - Grunt and npm build dependencies now require node version 4 or above

MDL-47162 - Add course id to message eventdata

MDL-50937 - Update to JQuery 3.1 (see jQuery documentation)

MDL-48114 - Add Meta-Information to composer.json

MDL-54987 - Introduce a new chart API and library (see Charts_API)

MDL-52127 - Linting for Javascript with ESLint (see Linting Javascript)

MDL-55058 - Linting for CSS with stylelint (see Linting CSS)

MDL-55072 - Upgrades to Behat so it can work with different themes

MDL-55141 - Add debugging option when running scheduled tasks from CLI (documentation)

MDL-31243 - Refactor similar SQL generation code from get_users_by_capability & get_enrolled_uses to make get_with_capability_sql

MDL-54941 - Add filesize as a new field returned in all the Web Services returning file information

MDL-55091 - Upgrade phpunit to 5.x

MDL-56082 - Expose external authentication methods (loginpage_idp_list) in login block (see Authentication plugin documentation)

MDL-55072 - Behat now supports different themes. (See Acceptance test documentation)

MDL-48114 - Moodle can now be downloaded via composer(documentation)

Lesen Sie mehr: http://docs.moodle.org/dev/Moodle_3.2_release_notes