moodle Bugfix und Security Update 3.2.2 – 3.1.5 – 3.0.9 und 2.7.19 veröffentlicht

Für die hauptsächlich von Schulen, Universitäten und weiteren Bildungsstätten eingesetzte E-Learning Plattform, Moodle, wurde ein Patch veröffentlicht. Dieser soll eine Reihe von Sicherheitslücken schließen mit deren Hilfe ein berechtigter Benutzer, nicht jedoch das Gastkonto, beliebigen Schadcode ausführen kann.

moodle 3.2.2 Release Notes

Highlights

  • MDL-36233 – Fixed inconsistent „Submissions not graded“ link displayed to the teachers on the course overview block
  • MDL-48228 – MySQL and MariaDB drivers updated to support full UTF-8 . For sites upgrading to 3.2.2, a CLI script may be used to convert to full UTF-8. See MySQL full unicode support for details.

Security issues

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.

Fixes and improvements

  • MDL-56122 – Force reload/recreation of (unoconv) preview in grading interface
  • MDL-51833 – Performance improvement in event monitor preferences loading
  • MDL-55859 – Assignment: Delete incomplete files after pdf conversion failure
  • MDL-55762 – Better error handling around ghostscript
  • MDL-50719 – Long-running scheduled task should not significantly slow down cron processing of other tasks
  • MDL-57587 – Quiz: Show feedback images when reviewing a quiz attempt
  • MDL-57608 – VideoJS and VideoJs-Youtube javascript modules are no longer loaded when not required on the page
  • MDL-50770 – Dashboard should apply customized block positions during dashboard reset
  • MDL-57374 – Pasting unformatted non HTML plain text in Atto should not remove all styles and class attributes from all existing content in editor
  • MDL-57362 – Assignment list all submissions must respect separate groups mode
  • MDL-46782 – When re-entering Multi-SCO SCORM start from the first uncompleted SCO
  • MDL-53367 – Importing a forum with auto subscription now automatically subscribes current users
  • MDL-50625 – Allow to use LDAP user synchronisation without page control
  • MDL-55915 – Respect capability to view full names in assignment grading, grader report and manual user enrolment popup
  • MDL-57785 – Don’t refresh SCORM navigation when navigation display is disabled
  • MDL-57370 – Performance improvement when displaying notifications and messages popups
  • MDL-57296 – Fixed bug when teacher without permission to view hidden grades was not able to collapse grade categories in the gradebook
  • MDL-55547 – Event monitor: fixed bug preventing to view current subscription after deleting a course with subscriptions

For developers

  • MDL-57030 – Add option to behat run tool to automatically rerun failures
  • MDL-57940 – Allow behat parallel run to start at different time

moodle 3.1.5 Release Notes

Highlights

  • MDL-36233 – Fixed inconsistent „Submissions not graded“ link displayed to the teachers on the course overview block
  • MDL-56592 – Allow teacher to toggle to/from „user view“ in grader and user report in gradebook
  • MDL-48228 – MySQL and MariaDB drivers updated to support full UTF-8 . For sites upgrading to 3.1.5, a CLI script may be used to convert to full UTF-8. See MySQL full unicode support for details.

Security issues

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.

Fixes and improvements

  • MDL-56122 – Force reload/recreation of (unoconv) preview in grading interface
  • MDL-51833 – Performance improvement in event monitor preferences loading
  • MDL-55859 – Assignment: Delete incomplete files after pdf conversion failure
  • MDL-55762 – Better error handling around ghostscript
  • MDL-50719 – Long-running scheduled task should not significantly slow down cron processing of other tasks
  • MDL-57587 – Quiz: Show feedback images when reviewing a quiz attempt
  • MDL-50770 – Dashboard should apply customized block positions during dashboard reset
  • MDL-57374 – Pasting unformatted non HTML plain text in Atto should not remove all styles and class attributes from all existing content in editor
  • MDL-57362 – Assignment list all submissions must respect separate groups mode
  • MDL-46782 – When re-entering Multi-SCO SCORM start from the first uncompleted SCO
  • MDL-53367 – Importing a forum with auto subscription now automatically subscribes current users
  • MDL-50625 – Allow to use LDAP user synchronisation without page control
  • MDL-55915 – Respect capability to view full names in assignment grading, grader report and manual user enrolment popup
  • MDL-57785 – Don’t refresh SCORM navigation when navigation display is disabled
  • MDL-57296 – Fixed bug when teacher without permission to view hidden grades was not able to collapse grade categories in the gradebook
  • MDL-55547 – Event monitor: fixed bug preventing to view current subscription after deleting a course with subscriptions

moodle 3.0.9 Release Notes: https://docs.moodle.org/dev/Moodle_3.0.9_release_notes

moodle 2.7.19 Release Notes: https://docs.moodle.org/dev/Moodle_2.7.19_release_notes

Link Security Patch: https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-58010

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.