ยซ Changelog History


Chamilo LMS v1.11.10 Release Notes

Release Date: 2019-05-09 // almost 5 years ago

  • ๐Ÿ›  Chamilo 1.11.10 is a minor bugfix release on top of 1.11.8. Contrary to previous releases, this one has a large number of security fixes. We strongly recommend you update to this version as soon as you can. We thank all who participated in this thorough security review over the last few months (these can be found on our security page).

    ๐Ÿ“ฆ We have made 4 different package versions available to benefit from slight optimizations in the PHP versions. Our website will only show the lowest denominator for each though (to simplify).

    • Packages with "-php5" are compiled for PHP 5.6. They will not work in PHP 5.5 or inferior, because these versions are not supported anymore. PHP 5.6 is not supported anymore by the PHP community (not even for security patches), so please do not use in production.
    • โšก๏ธ Packages with "-php7" are optimized for PHP 7.1 (and should work with 7.2 and 7.3, which is why we called it just "7"). They might give issues if used with PHP 7.0. PHP 7.0 is not supported anymore by the PHP community (not even for security patches), so please do not use in production.
    • โšก๏ธ Packages with "-php7.2" are optimized for PHP 7.2 and will only work with (you guessed it) PHP 7.2 or 7.3.
    • โšก๏ธ Packages with "-php7.3" are optimized for PHP 7.3 and will only work with PHP 7.3.

    ๐Ÿš€ Note: there is a slight mistake in the changelog.html file: the release tag is from May 9th instead of May 8th, but that has no relevant impact on anything.

    ๐Ÿ”’ Security fixes

    [2019-02-26] (c245b03) Security: Use "clean_up_files_in_zip" function before extracting content Blocks php/htaccess files
    โšก๏ธ [2019-02-26] (53c0dc4) Security: Remove folder main/inc/lib/nanogong after composer update
    ๐Ÿ”’ [2019-02-26] (2164d36) Security: Remove nanogong files (deprecated).
    ๐Ÿ”’ [2019-02-22] (1c82459) Security: Protect lp_upload.php to avoid malicious uploads by unauthenticated users #security
    ๐Ÿ”’ [2019-02-22] (e463775) Security: Avoid showing user popup to non authenticated users if user is not a course teacher #security
    ๐Ÿ”’ [2019-01-25] (4812672) Security: Block anon users
    ๐Ÿ”’ [2019-01-18] (662dbd6) Security fixes, add int casting
    ๐Ÿ”’ [2019-01-18] (297f780) Security fixes, add int casting
    ๐Ÿ”’ [2019-01-18] (6968fb5) Security fixes, add int casting
    ๐Ÿ”’ [2019-01-16] (33e2692) Security: Fix XSS in social network and one extended access to tickets
    ๐Ÿ”’ [2018-12-21] (5700b37) Security: Remove double-escaping of SQL in previous paranoid commit
    ๐Ÿ”’ [2018-12-21] (bec1fd1) Security: Fix suspected XSS vulnerability in tickets
    ๐Ÿ”’ [2018-12-20] (54d05c1) Security: Fix suspected XSS/SQL injections vulnerabilities in tickets
    ๐Ÿšš [2018-12-17] (ae7f2d5 - GH#2757) Remove XSS
    ๐Ÿ”’ [2018-12-17] (bfa1ecc) Security: Fix SQL injection and likely future similar issues
    [2018-12-03] (814049e - GH#2746) Escape gradebook name in gradebook_list.php to avoid XSS
    0๏ธโƒฃ [2018-12-03] (15e49c1 - GH#2746) Add default value for search_users (path disclosure)
    ๐Ÿšš [2018-12-03] (da8a93e - GH#2746) Remove warning + notice messages in agenda (path disclosure)
    ๐Ÿšš [2018-12-03] (5e61c2b - GH#2746) Remove XSS from social groups page
    ๐Ÿ”’ [2018-11-20] (d9c37bf) Security: Remove "Security::remove_XSS", fix htmleditor get value Related: 099ec41
    ๐Ÿšš [2018-11-19] (d13365c) Security - Add Database:escape_string and remove_XSS
    ๐Ÿ”’ [2018-11-15] (099ec41) Security: Fix XSS vulnerability in agenda - see security report 28 - additions
    ๐Ÿ‘€ [2018-10-09] (a248539) Remove XSS when registering user See https://packetstormsecurity.com/files/149711/chamilolms1118fn-xss.txt
    ๐Ÿ”’ [2018-10-08] (39b3162) Security: Protect agenda events using Security::remove_XSS

    Possibly breaking changes

    [2018-12-12] (a681bf5) GH#2708 Remove duplicate from limit_session_admin_role configuration setting

    Notable new Features

    For end-users, teachers and Chamilo admins

    [2019-05-07] (94b7ca5 - BT#15579) Quiz: Add "Unanswered" status for unique questions, showing on the quiz results page
    ๐Ÿ”Œ [2019-04-30] The IMS/LTI plugin now fully supports LTI 1, 1.1, 1.1.1, Outcomes and Deep Linking
    [2019-04-16] (f8d91f9 - BT#15534) Quiz: Allow editing questions that are not inside an exercise
    [2019-04-11] (c68ccd9 - CT#7683) Display: Improvement in user summary (tracking)
    [2019-04-11] (f2b8f73 - BT#15535) Quiz: If random show also the total number of questions
    [2019-04-05] (6153de7 - BT#15389) Quiz: Show icon to indicate when exercises is embeddable in videos
    ๐Ÿ“š [2019-03-29] (a3d00fd) Documentation: Indicate support reduced to IE11+
    [2019-03-21] (ed0cba3 - BT#15234) Quiz: Add course setting "quiz_question_limit_per_day"
    [2019-03-20] (f25743c - BT#15394) Calendar: Add calendar for training sessions planning
    [2019-03-20] (7c93e97 - BT#15233) Quiz: Add new "result disable" option in exercises "Show only correct answer" BT#15233
    ๐Ÿ”Œ [2019-02-13] (bde49a2 - BT#15281) Plugin: Add ExportSurvey CSV plugin
    [2019-02-07] (8cbcfe9 - GH#2788) Quiz: Add new Ranking mode to show a ranking table on the results page
    ๐Ÿ‘ [2019-01-23] (63fde0c - BT#15232) Quiz: Add "SCORE" support in aiken
    [2018-11-13] (373427b - BT#15033) Add questions multiplication in surveys, based on classes (allows for teachers deliberations)
    [2018-11-08] (ad1ecb2) PDF view with viewerjs in LP
    โฑ [2018-11-08] (4733577 - BT#14957) Add survey type to agree on a schedule (doodle-type)
    [2018-11-08] (f50ecb7 - BT#15017) Add certificate link + download certificate in a zip
    [2018-10-31] (0d0d48f - GH#2717) Add statistical charts in course reports
    ๐Ÿ”Œ [2018-10-03] (f9eda9b) Plugin: Add Card game plugin
    ๐Ÿ‘€ [2018-09-28] (bfd4137 - BT#14880) Admin and teacher can see a blocked exercise
    [2018-09-28] (ac72f87 - BT#14882) Change behaviour when adding a user to a session BT#14882 There's only one action that will be done, only add new users. The old behaviour that implied add and remove users still exists in the unused file "add_edit_users_to_session.php" It requires some tests and validations.
    ๐Ÿ‘‰ [2018-09-28] (03aeb0b - BT#14882) Add new page to subscribe new users to a session-course directly page: add_users_to_session_course.php
    [2018-09-26] (8397a1d - BT#14750) Allow upload xlsx files to import exercise
    ๐Ÿ‘€ [2018-09-26] (7b95d60 - BT#14824) Add "preview" button before sending an announcement To see the list of users and groups that will be sent BT#14824
    [2018-09-13] (260549e - BT#14824) Add option "SendAnnouncementCopyToMyself" in announcement

    For developers and sysadmins

    โšก๏ธ [2019-04-11] (82697e6 - BT#15533) Learnpath: Optimize query to get media player
    [2019-04-03] (1411274 - BT#15327) Language: Include extra language file main/lang/xxx/custom.php if exists
    [2019-03-28] (09b447d - BT#15362) Session: Allow session admin to upload files to BasicCourseDocuments folder
    [2019-03-28] (efcd6d1 - BT#14357) Admin: Add configuration setting "allow_gradebook_stats" to improve gradebook speed
    [2019-03-28] (4cb8f2e - BT#15437) Admin: Add configuration setting "block_editor_file_manager_for_students" to block student's access to the course documents when using the ckeditor "Browse server" button
    [2019-03-15] (9af667f - BT#15393) Admin: Add configuration setting "social_enable_likes_messages" (requires high level of customization to enable)
    [2019-03-12] (89cbc14 - BT#15280) Admin: Add configuration setting "survey_anonymous_show_answered" to enable showing who answered or not an anonymous survey (requires a minimum of 2 submissions to show)
    ๐Ÿ”Œ [2019-03-11] (399d7ce - BT#15265) Plugin: QuestionOptionsEvaluation: Add questionoptionsevaluation plugin
    โž• [2019-03-11] (0de2668 - BT#15265) Admin: Add configuraiton setting "exercise_additional_teacher_modify_actions" to enable more actions for teachers
    [2019-03-07] (6a758d8 - GH#2699) Admin: Add configuration setting "mail_no_reply_avoid_reply_to" - Avoid add a reply-to header when a no-reply address is set.
    ๐Ÿ”ง [2019-03-06] (73d802a - BT#15176) Social: Add social map, requires to add geolocation extra fields and configuration setting $_configuration['allow_social_map_fields'] = ['fields' => ['terms_villedustage', 'terms_ville']];
    [2019-03-06] (a31c5df - BT#15173 - BT#15309) Admin: Add new configuration settings "allow_forum_post_revisions", "community_managers_user_list" and "global_forums_course_id"
    [2019-02-27] (c2f9db3 - BT#15326) Registration: Add configuration setting "required_extra_fields_in_inscription" - Set extra fields as required in the inscription.php page + Add forum_post, forum_category extra fields
    [2019-02-22] (2865726 - BT#15317) Forum: Add configuration setting "forum_fold_categories" to fold forum categories by default
    ๐Ÿ”ง [2019-02-20] (3548395 - BT#15318) Admin: Hide course graph reports with configuration setting $_configuration['hide_course_report_graph'] = false;
    โž• [2019-02-13] (ebe2eb1 - BT#15281) Admin: Add configuration setting survey_additional_teacher_modify_actions
    [2019-02-06] (8a21d41 - GH#2796) Admin: Add configuration setting "admin_chamilo_announcements_disable". Disable Chamilo.org announcements at the top of the admin page
    [2019-02-06] (e226292 - BT#15252) LP: Add setting lp_minimum_item, depends in the course and session extra field "new_tracking_system". It should be turned on in order to process the new stats, otherwise it will load the legacy stats
    [2019-02-05] (eca05ce - BT#15270) Admin: Add configuration setting "jq_grid_default_row" for default row values for jQGrid
    [2019-02-05] (7024207 - BT#15270) Admin: Add configuration setting "jq_grid_row_list" to change the jqgrid row list //$_configuration['jq_grid_row_list'] = ['options' => [50, 100, 200, 500]];
    [2019-01-30] (dc21353 - BT#15230) Admin: Add configuration setting "show_question_id" config to show question ID in the exercises + Add DESCRIPTION option when importing exercises with AIKEN
    ๐Ÿ”ง [2019-01-29] (a1e9e3f - BT#15235) Admin: Add configuration setting that limits teachers rights in exercise $_configuration['limit_exercise_teacher_access']
    ๐Ÿ‘‰ [2019-01-26] (a7fbce4 - BT#11784) Admin: Add configuration setting "quiz_show_description_on_results_page" to control whether the test description is shown on the results page or not
    [2019-01-26] (f4653e5 - BT#15208) Admin: Add configuration setting 'quiz_prevent_copy_paste' to prevent copying questions/answers text with the keyboard or the right-click menu
    [2019-01-21] (ec1faa5 - BT#15010) Admin: Add configuration setting 'hide_social_media_links'
    [2019-01-22] (244f36b - GH#2701) Documents: Add Accept-Range HTTP header for pseudo-streaming
    [2018-12-18] (d2e4aa4) Add indexes for gradebook tables in optimization guide
    ๐Ÿ‘€ [2018-12-14] (625ed0b) Add script to check if the default extra fields are present in the platform. See BT# 13954 If a default extra field doesn't exists then it will be created. Extra field list as in 1.11.8 Requires to manually remove an "exit".
    ๐Ÿ”Œ [2018-12-12] (c51a213) Allow performing actions from plugin when deleting user/course/session
    [2018-12-12] (a681bf5 - GH#2708) Remove limit_session_admin_role from conf file and use setting
    [2018-12-11] (dbc571c - BT#15095) Admin: Add configuration setting 'allow_session_admin_login_as_teacher'
    ๐Ÿ‘‰ [2018-12-11] (c1cdf0a - BT#15126) Admin: Add configuration setting 'allow_user_session_collapsable'
    ๐Ÿ‘‰ [2018-12-10] (3520689 - BT#15126) Admin: Add configuration setting 'allow_user_course_category_collapsable'
    [2018-12-07] (237f9bb - GH#2717) Admin: Add charts for several statistics pages
    ๐Ÿ”ง [2018-12-06] (676d2c1 - BT#15020) Admin: Add configuration setting $_configuration['allow_track_complete'] = false; Allows more detail user tracking
    [2018-12-05] (74964fc - BT#15095) Admin: Add configuration setting 'session_admins_edit_courses_content'
    [2018-12-05] (0d5b344 - BT#15020) Add table track_e_access_complete creation
    ๐Ÿ”ง [2018-12-05] (fe19616 - BT#15020) Admin: Add configuration setting $_configuration['lp_minimum_time'] = false; Add AccumulateWorkTime (a.k.a lp min time)
    ๐Ÿ›  [2018-12-05] (c243556 - BT#15102) Add proxy.php needed when using setting "lp_fix_embed_content"
    ๐Ÿ”ง [2018-12-03] (a9a2849 - BT#14357) Improve speed when rendering gradebook student reports. Using Doctrine APCU cache Setting: $_configuration['gradebook_use_apcu_cache']
    [2018-11-29] (3292b3c - BT#15081) Admin: Add configuration setting "user_import_settings"
    [2018-11-29] (ed38dc2 - BT#15091) Admin: Add configuration setting "exercises_disable_new_attempts"
    [2018-11-28] (e30fb0d) DRH can see visible announcement (allow_drh_access_announcement option)
    [2018-11-28] (ba6bffc - BT#15081) Admin: Add configuration setting "session_import_settings"
    โšก๏ธ [2018-11-28] (5178a59 - GH#2738) Improve composer update speed
    [2018-11-21] (eb0c06d) Admin: Add configuration setting "allow_my_files_link_in_homepage" Allow my personal files link in the homepage
    [2018-11-20] (3bfab64 - BT#15072) Admin: Add configuration setting 'allow_drh_access_announcement'
    ๐Ÿ”ง [2018-11-08] (156bcf8 - BT#15044) Admin: Add configuration setting to activate view with ViewerJS PDF LP
    ๐Ÿ”ง [2018-11-02] (4c7dc3c - BT#14813) Admin: Add configuration setting importOpenSessions
    [2018-11-02] (0d51722 - BT#14976) Admin: Add configuration setting in BBB plugin "disable_download_conference_link"
    [2018-10-31] (40dcc1e - BT#14972) Admin: Add configuration setting "hide_gradebook_percentage_user_result" + fix rank column - Hide percentage in best/average gradebook results
    [2018-10-31] (26d6fb4 - BT#15028) Admin: Add configuration setting "allow_only_one_student_publication_per_user"
    [2018-10-29] (744479d - BT#14938) Add option to setting to hide lp navigation with arrows
    [2018-10-24] (ed0d11a - BT#15003) Admin: Add configuration setting 'limit_session_admin_list_users'
    [2018-10-22] (0c14460 - BT#14894) Admin: Add configuration setting "mail_template_system"
    [2018-10-22] (54a8d0d - BT#14987) Admin: Add configuration setting 'block_student_publication_score_edition'. Teachers can't edit student score once the score was set. Admins can still edit those values
    [2018-10-22] (501dcbe - BT#14986) Admin: Add configuration setting "block_student_publication_add_documents". Block "add documents" in student publication feature
    [2018-10-22] (59d8aec - BT#14894) Admin: Add Mail template manager (requires specific activation process)
    [2018-10-22] (53f18dc - BT#14985) Admin: Add configuration setting "block_student_publication_edition"
    [2018-10-03] (60eaebf - BT#14906) Admin: Add configuration setting "hide_complete_name_in_whoisonline" To hide name from whoisonline
    [2018-10-03] (5603615 - BT#14910) Admin: Add configuration setting "session_list_show_count_users" show only students
    ๐Ÿ”ง [2018-09-03] (cd9460d - BT#14372) Admin: Add configuration setting $_configuration['hide_flag_language_switcher'] = false; Hide country flags in the language switcher + fix login form.
    [2018-08-31] (4c603d5) Admin: Add configuration setting "gradebook_multiple_evaluation_attempts". Add the possibility to add more attempts to the gradebook evaluation tool. Requires a DB change.
    ๐Ÿ‘‰ [2018-08-28] (7b6f760 - BT#14769) Admin: Add configuration setting 'hide_username_in_course_chat'
    ๐Ÿ‘‰ [2018-08-28] (afba2a6 - BT#14769) Admin: Add configuration setting 'hide_username_with_complete_name'
    [2018-08-23] (f23fa4b - BT#14747) Scripts: Add multiple-access-urls conversion script allowing for the conversion of an existing single-url portal to the secondary url of a multiple-access-url portal