In late May CLAMP became aware of several critical bugs in the Moodle gradebook which were introduced in 2.8. After assessing, CLAMP issued an advisory recommending against upgrading to Moodle 2.8 or 2.9 until those bugs were mitigated. Since then Moodle core and members of the Moodle community have made considerable progress working on these issues, and CLAMP believes it is now safe to upgrade to 2.8 and 2.9. Please continue reading for a full explanation. Read more
Tag: lae
Moodle 2.8 and 2.9 gradebook advisory
The problems described in this advisory have now been addressed and CLAMP has issued a new advisory. This page is retained for historical reasons but CLAMP now recommends upgrading to 2.8 or 2.9.
CLAMP has become aware of several critical bugs in the Moodle gradebook which were introduced in 2.8. CLAMP recommends that schools do not upgrade to Moodle 2.8 or 2.9 until these bugs have been mitigated. All current versions of 2.8 and 2.9 (as of writing 2.8.6 and 2.9.0) are affected. Please continue reading for a full explanation. Read more
New Moodle LAE Releases for 2.6.11, 2.7.8, 2.8.6
There are three new CLAMP releases. There are no new LAE features; these are maintenance releases only.
You can download the updates from their project pages:
- Moodle 2.8.6+Liberal Arts Edition 8.0.4
- Moodle 2.7.8+Liberal Arts Edition 7.0.6
- Moodle 2.6.11+Liberal Arts Edition 6.0.9
The next stable releases on the 2.6, 2.7 and 2.8 branches are slated for July 19. Core has released Moodle 2.9.0; CLAMP anticipates releasing a beta in late May and a production release following the MUG and Hack/Doc Fest at the College of the Holy Cross in June.
I would like to thank Kevin Wiliarty (Smith College) for testing this set of releases.
New Moodle LAE Releases for 2.6.10, 2.7.7, 2.8.5
There are three new CLAMP releases. There are no new LAE features; these are maintenance releases only. This release incorporates both the initial releases made by Moodle core on March 9, and the emergency releases made the same day after a regression was discovered.
You can download the updates from their project pages:
- Moodle 2.8.5+Liberal Arts Edition 8.0.3
- Moodle 2.7.7+Liberal Arts Edition 7.0.5
- Moodle 2.6.10+Liberal Arts Edition 6.0.8
The next stable releases on the 2.6, 2.7 and 2.8 branches are slated for May 18. Core has scheduled the Moodle 2.9 release for the same window; CLAMP anticipates releasing a beta in late May and a production release following the MUG and Hack/Doc Fest at the College of the Holy Cross in June.
I would like to thank Kevin Wiliarty (Smith College) and Willy Lee (Carleton College) for packaging and testing this set of releases.
LAE Security Releases
Due to a recent emergency security release of Moodle, CLAMP is issuing new versions of all of its supported releases. CLAMP strongly recommends that you upgrade to one of these security releases.
Moodle is withholding public details of the vulnerability until next week. Registered Moodle admins should have received details via email. The vulnerability could allow authenticated users to submit malformed requests to get files outside of the Moodle directory.
You can download the updates from their project pages:
- Moodle 2.8.3+Liberal Arts Edition 8.0.2
- Moodle 2.7.5+Liberal Arts Edition 7.0.4
- Moodle 2.6.8+Liberal Arts Edition 6.0.7
The next stable releases on the 2.8, 2.7 and 2.6 branches are still slated for March 16.
Versions prior to 2.6 are also vulnerable. In Moodle 2.3 and 2.4, only instances hosted on Windows are vulnerable. Starting with Moodle 2.5, the vulnerability affected all server operating systems. If you are running one of these versions in production, you should apply the fix directly. If this applies to you and you need help, please contact wlee@carleton.edu or fultonc@lafayette.edu for help.