Moodle Liberal Arts Edition v1.01 Security Release Notes

===ABOUT===
Moodle has announced a critical security flaw in the Moodle 1.9.5 and Moodle 1.8 branches. Their recommended solution for this flaw is to upgraded to Moodle 1.9.6. However, as a whole CLAMP schools don't do point releases during the semester because of the possibility of radically changing or breaking core functionality while classes are in session.

Moodle core has not released a patch for this flaw, so we've reverse engineered one by comparing the code changes between 1.9.5+ (the version the LAE is based on) and Moodle 1.9.6. We've identified the changed code, and made it available as a patch for the LAE (available on the project home page) and incorporated it a new LAE 1.0.1 release.

===LEGAL===
The LAE is offered "as is", with no warranty. The institutions that comprise CLAMP have done their best to test this code, but we're offering it strictly as a connivence to our members. 

===CONTACT===
Questions about the LAE can be sent to Ken Newquist at newquisk@lafayette.edu or 610-330-5759. Member organizations can participate in the development o
CLAMP members can participate in the development of the LAE by joining the Development Project in Redmine (our collaboration web site) at:

http://redmine.clamp-it.org/projects/show/development

===UPDATING MOODLE===
In this folder you will find two files that can be used to fix your Moodle installation:

1. dmllib.php
2. LAE_v1.01.patch

To fix with dmllib.php:

1) SFTP or SSH to your Moodle installation.
2) Copy the dmllib.php file to the /lib folder, overwriting the existing dmllib.php file.

To fix with LAE_v1.01.patch (Linux/Unix only):

1) SFTP or SSH to your Moodle installation.
2) Copy the patch to the root of your Moodle installation.
3) Run the patch: patch -p0 < LAE_v1.01.patch
4) Delete the patch.

Alternatively, you can download the latest build of the LAE: v1.01, which includes the security fix:

http://www.clamp-it.org/code/moodle-liberal-arts-edition-v10/

===NOTES===

A few notes:

1) Always backup your original Moodle files and database before doing an update.

2) We *strongly* recommend doing a test update on a development Moodle instance before upgrading your production instance.

