Moodle 1.9.4

Unsupported Moodle Version

This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 28th January 2009

Here is the full list of fixed issues in 1.9.4.

Highlights

MDL-17205 New options to allow Moodle to be configured to comply with European and US privacy regulations, like FERPA.
- MDL-17472 New Site policies setting for disabling Notes completely
- MDL-17472 New Internal enrolment settings for enforcing enrolment key usage and complexity
- MDL-17222 New Security overview report
- Separate capabilities for each report and other parts with sensitive information
Fix multiple bugs relating to creating and editing course categories. Previously, giving admin permissions in a category and its subcategories did not work reliably. In the process, the separate create, update and delete category capabilities were replaced with moodle/category:manage, and moodle/category:visibility was renamed to moodle/category:viewhiddencategories.
MDL-8648 Essay questions can now be randomised by random questions. This must be enabled under Administration > Miscellaneous > Experimental.
MDL-14926 A new capability mod/quiz:reviewmyattempts, separate from mod/quiz:attempt. This let's you create a read-only role that lets students see what they have done on a course in the past, without being able to change anything any more.
MDL-16651 A new capability mod/scorm:deleteresponses allowing deletion of SCORM attempts
MDL-6160 Email notification of course requests, and a new capability moodle/course:request to control who can request courses.
MDL-17364 New Forum setting for enabling AJAX forum ratings
MDL-10021 New option, "Yes, without frame", for the file resource "Keep page navigation visible on the same page" setting. This option displays a resource in a XHTML strict page. Other options have been kept.
MDL-16999 Some database module settings have been fixed ('Required Entries' and ' Required Entries before viewing). If the fix has an impact on your Moodle installation, you will be warned during upgrade.

Security issues

MSA-09-0001 No way easy to remove pictures of deleted users
MSA-09-0002 User pix disclosure
MSA-09-0003 Vulnerability in Snoopy 1.2.3
MSA-09-0004 XSS vulnerabilities in HTML blocks if "Login as" used
MSA-09-0005 Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
MSA-09-0006 Calendar export may allow brute force attacks
MSA-09-0007 Missing input validation in logs allows potential XSS attacks
MSA-09-0008 CSRF vulnerability in forum code

New language strings file

report_security.php

New language pack

Kazakh - Калима Туенбаева

(See Translation credits for additional details.)

Known problems and regressions

New Security overview report on large sites extremely slow and overloading database server MDL-18040 - update to latest weekly or copy /admin/report/security/* files from latest weekly

Translations

French version of this page

Highlights​

Security issues​

New language strings file​

New language pack​

Known problems and regressions​

Translations​