Skip to content

@ywarnier ywarnier released this May 9, 2019 · 1845 commits to master since this release

Chamilo 1.11.10 is a minor bugfix release on top of 1.11.8. Contrary to previous releases, this one has a large number of security fixes. We strongly recommend you update to this version as soon as you can. We thank all who participated in this thorough security review over the last few months (these can be found on our security page).

We have made 4 different package versions available to benefit from slight optimizations in the PHP versions. Our website will only show the lowest denominator for each though (to simplify).

  • Packages with "-php5" are compiled for PHP 5.6. They will not work in PHP 5.5 or inferior, because these versions are not supported anymore. PHP 5.6 is not supported anymore by the PHP community (not even for security patches), so please do not use in production.
  • Packages with "-php7" are optimized for PHP 7.1 (and should work with 7.2 and 7.3, which is why we called it just "7"). They might give issues if used with PHP 7.0. PHP 7.0 is not supported anymore by the PHP community (not even for security patches), so please do not use in production.
  • Packages with "-php7.2" are optimized for PHP 7.2 and will only work with (you guessed it) PHP 7.2 or 7.3.
  • Packages with "-php7.3" are optimized for PHP 7.3 and will only work with PHP 7.3.

Note: there is a slight mistake in the changelog.html file: the release tag is from May 9th instead of May 8th, but that has no relevant impact on anything.

Security fixes

[2019-02-26] (c245b03) Security: Use "clean_up_files_in_zip" function before extracting content Blocks php/htaccess files
[2019-02-26] (53c0dc4) Security: Remove folder main/inc/lib/nanogong after composer update
[2019-02-26] (2164d36) Security: Remove nanogong files (deprecated).
[2019-02-22] (1c82459) Security: Protect lp_upload.php to avoid malicious uploads by unauthenticated users #security
[2019-02-22] (e463775) Security: Avoid showing user popup to non authenticated users if user is not a course teacher #security
[2019-01-25] (4812672) Security: Block anon users
[2019-01-18] (662dbd6) Security fixes, add int casting
[2019-01-18] (297f780) Security fixes, add int casting
[2019-01-18] (6968fb5) Security fixes, add int casting
[2019-01-16] (33e2692) Security: Fix XSS in social network and one extended access to tickets
[2018-12-21] (5700b37) Security: Remove double-escaping of SQL in previous paranoid commit
[2018-12-21] (bec1fd1) Security: Fix suspected XSS vulnerability in tickets
[2018-12-20] (54d05c1) Security: Fix suspected XSS/SQL injections vulnerabilities in tickets
[2018-12-17] (ae7f2d5 - GH#2757) Remove XSS
[2018-12-17] (bfa1ecc) Security: Fix SQL injection and likely future similar issues
[2018-12-03] (814049e - GH#2746) Escape gradebook name in gradebook_list.php to avoid XSS
[2018-12-03] (15e49c1 - GH#2746) Add default value for search_users (path disclosure)
[2018-12-03] (da8a93e - GH#2746) Remove warning + notice messages in agenda (path disclosure)
[2018-12-03] (5e61c2b - GH#2746) Remove XSS from social groups page
[2018-11-20] (d9c37bf) Security: Remove "Security::remove_XSS", fix htmleditor get value Related: 099ec41
[2018-11-19] (d13365c) Security - Add Database:escape_string and remove_XSS
[2018-11-15] (099ec41) Security: Fix XSS vulnerability in agenda - see security report 28 - additions
[2018-10-09] (a248539) Remove XSS when registering user See https://packetstormsecurity.com/files/149711/chamilolms1118fn-xss.txt
[2018-10-08] (39b3162) Security: Protect agenda events using Security::remove_XSS

Possibly breaking changes

[2018-12-12] (a681bf5) GH#2708 Remove duplicate from limit_session_admin_role configuration setting

Notable new Features

For end-users, teachers and Chamilo admins

[2019-05-07] (94b7ca5 - BT#15579) Quiz: Add "Unanswered" status for unique questions, showing on the quiz results page
[2019-04-30] The IMS/LTI plugin now fully supports LTI 1, 1.1, 1.1.1, Outcomes and Deep Linking
[2019-04-16] (f8d91f9 - BT#15534) Quiz: Allow editing questions that are not inside an exercise
[2019-04-11] (c68ccd9 - CT#7683) Display: Improvement in user summary (tracking)
[2019-04-11] (f2b8f73 - BT#15535) Quiz: If random show also the total number of questions
[2019-04-05] (6153de7 - BT#15389) Quiz: Show icon to indicate when exercises is embeddable in videos
[2019-03-29] (a3d00fd) Documentation: Indicate support reduced to IE11+
[2019-03-21] (ed0cba3 - BT#15234) Quiz: Add course setting "quiz_question_limit_per_day"
[2019-03-20] (f25743c - BT#15394) Calendar: Add calendar for training sessions planning
[2019-03-20] (7c93e97 - BT#15233) Quiz: Add new "result disable" option in exercises "Show only correct answer" BT#15233
[2019-02-13] (bde49a2 - BT#15281) Plugin: Add ExportSurvey CSV plugin
[2019-02-07] (8cbcfe9 - GH#2788) Quiz: Add new Ranking mode to show a ranking table on the results page
[2019-01-23] (63fde0c - BT#15232) Quiz: Add "SCORE" support in aiken
[2018-11-13] (373427b - BT#15033) Add questions multiplication in surveys, based on classes (allows for teachers deliberations)
[2018-11-08] (ad1ecb2) PDF view with viewerjs in LP
[2018-11-08] (4733577 - BT#14957) Add survey type to agree on a schedule (doodle-type)
[2018-11-08] (f50ecb7 - BT#15017) Add certificate link + download certificate in a zip
[2018-10-31] (0d0d48f - GH#2717) Add statistical charts in course reports
[2018-10-03] (f9eda9b) Plugin: Add Card game plugin
[2018-09-28] (bfd4137 - BT#14880) Admin and teacher can see a blocked exercise
[2018-09-28] (ac72f87 - BT#14882) Change behaviour when adding a user to a session BT#14882 There's only one action that will be done, only add new users. The old behaviour that implied add and remove users still exists in the unused file "add_edit_users_to_session.php" It requires some tests and validations.
[2018-09-28] (03aeb0b - BT#14882) Add new page to subscribe new users to a session-course directly page: add_users_to_session_course.php
[2018-09-26] (8397a1d - BT#14750) Allow upload xlsx files to import exercise
[2018-09-26] (7b95d60 - BT#14824) Add "preview" button before sending an announcement To see the list of users and groups that will be sent BT#14824
[2018-09-13] (260549e - BT#14824) Add option "SendAnnouncementCopyToMyself" in announcement

For developers and sysadmins

[2019-04-11] (82697e6 - BT#15533) Learnpath: Optimize query to get media player
[2019-04-03] (1411274 - BT#15327) Language: Include extra language file main/lang/xxx/custom.php if exists
[2019-03-28] (09b447d - BT#15362) Session: Allow session admin to upload files to BasicCourseDocuments folder
[2019-03-28] (efcd6d1 - BT#14357) Admin: Add configuration setting "allow_gradebook_stats" to improve gradebook speed
[2019-03-28] (4cb8f2e - BT#15437) Admin: Add configuration setting "block_editor_file_manager_for_students" to block student's access to the course documents when using the ckeditor "Browse server" button
[2019-03-15] (9af667f - BT#15393) Admin: Add configuration setting "social_enable_likes_messages" (requires high level of customization to enable)
[2019-03-12] (89cbc14 - BT#15280) Admin: Add configuration setting "survey_anonymous_show_answered" to enable showing who answered or not an anonymous survey (requires a minimum of 2 submissions to show)
[2019-03-11] (399d7ce - BT#15265) Plugin: QuestionOptionsEvaluation: Add questionoptionsevaluation plugin
[2019-03-11] (0de2668 - BT#15265) Admin: Add configuraiton setting "exercise_additional_teacher_modify_actions" to enable more actions for teachers
[2019-03-07] (6a758d8 - GH#2699) Admin: Add configuration setting "mail_no_reply_avoid_reply_to" - Avoid add a reply-to header when a no-reply address is set.
[2019-03-06] (73d802a - BT#15176) Social: Add social map, requires to add geolocation extra fields and configuration setting $_configuration['allow_social_map_fields'] = ['fields' => ['terms_villedustage', 'terms_ville']];
[2019-03-06] (a31c5df - BT#15173 - BT#15309) Admin: Add new configuration settings "allow_forum_post_revisions", "community_managers_user_list" and "global_forums_course_id"
[2019-02-27] (c2f9db3 - BT#15326) Registration: Add configuration setting "required_extra_fields_in_inscription" - Set extra fields as required in the inscription.php page + Add forum_post, forum_category extra fields
[2019-02-22] (2865726 - BT#15317) Forum: Add configuration setting "forum_fold_categories" to fold forum categories by default
[2019-02-20] (3548395 - BT#15318) Admin: Hide course graph reports with configuration setting $_configuration['hide_course_report_graph'] = false;
[2019-02-13] (ebe2eb1 - BT#15281) Admin: Add configuration setting survey_additional_teacher_modify_actions
[2019-02-06] (8a21d41 - GH#2796) Admin: Add configuration setting "admin_chamilo_announcements_disable". Disable Chamilo.org announcements at the top of the admin page
[2019-02-06] (e226292 - BT#15252) LP: Add setting lp_minimum_item, depends in the course and session extra field "new_tracking_system". It should be turned on in order to process the new stats, otherwise it will load the legacy stats
[2019-02-05] (eca05ce - BT#15270) Admin: Add configuration setting "jq_grid_default_row" for default row values for jQGrid
[2019-02-05] (7024207 - BT#15270) Admin: Add configuration setting "jq_grid_row_list" to change the jqgrid row list //$_configuration['jq_grid_row_list'] = ['options' => [50, 100, 200, 500]];
[2019-01-30] (dc21353 - BT#15230) Admin: Add configuration setting "show_question_id" config to show question ID in the exercises + Add DESCRIPTION option when importing exercises with AIKEN
[2019-01-29] (a1e9e3f - BT#15235) Admin: Add configuration setting that limits teachers rights in exercise $_configuration['limit_exercise_teacher_access']
[2019-01-26] (a7fbce4 - BT#11784) Admin: Add configuration setting "quiz_show_description_on_results_page" to control whether the test description is shown on the results page or not
[2019-01-26] (f4653e5 - BT#15208) Admin: Add configuration setting 'quiz_prevent_copy_paste' to prevent copying questions/answers text with the keyboard or the right-click menu
[2019-01-21] (ec1faa5 - BT#15010) Admin: Add configuration setting 'hide_social_media_links'
[2019-01-22] (244f36b - GH#2701) Documents: Add Accept-Range HTTP header for pseudo-streaming
[2018-12-18] (d2e4aa4) Add indexes for gradebook tables in optimization guide
[2018-12-14] (625ed0b) Add script to check if the default extra fields are present in the platform. See BT# 13954 If a default extra field doesn't exists then it will be created. Extra field list as in 1.11.8 Requires to manually remove an "exit".
[2018-12-12] (c51a213) Allow performing actions from plugin when deleting user/course/session
[2018-12-12] (a681bf5 - GH#2708) Remove limit_session_admin_role from conf file and use setting
[2018-12-11] (dbc571c - BT#15095) Admin: Add configuration setting 'allow_session_admin_login_as_teacher'
[2018-12-11] (c1cdf0a - BT#15126) Admin: Add configuration setting 'allow_user_session_collapsable'
[2018-12-10] (3520689 - BT#15126) Admin: Add configuration setting 'allow_user_course_category_collapsable'
[2018-12-07] (237f9bb - GH#2717) Admin: Add charts for several statistics pages
[2018-12-06] (676d2c1 - BT#15020) Admin: Add configuration setting $_configuration['allow_track_complete'] = false; Allows more detail user tracking
[2018-12-05] (74964fc - BT#15095) Admin: Add configuration setting 'session_admins_edit_courses_content'
[2018-12-05] (0d5b344 - BT#15020) Add table track_e_access_complete creation
[2018-12-05] (fe19616 - BT#15020) Admin: Add configuration setting $_configuration['lp_minimum_time'] = false; Add AccumulateWorkTime (a.k.a lp min time)
[2018-12-05] (c243556 - BT#15102) Add proxy.php needed when using setting "lp_fix_embed_content"
[2018-12-03] (a9a2849 - BT#14357) Improve speed when rendering gradebook student reports. Using Doctrine APCU cache Setting: $_configuration['gradebook_use_apcu_cache']
[2018-11-29] (3292b3c - BT#15081) Admin: Add configuration setting "user_import_settings"
[2018-11-29] (ed38dc2 - BT#15091) Admin: Add configuration setting "exercises_disable_new_attempts"
[2018-11-28] (e30fb0d) DRH can see visible announcement (allow_drh_access_announcement option)
[2018-11-28] (ba6bffc - BT#15081) Admin: Add configuration setting "session_import_settings"
[2018-11-28] (5178a59 - GH#2738) Improve composer update speed
[2018-11-21] (eb0c06d) Admin: Add configuration setting "allow_my_files_link_in_homepage" Allow my personal files link in the homepage
[2018-11-20] (3bfab64 - BT#15072) Admin: Add configuration setting 'allow_drh_access_announcement'
[2018-11-08] (156bcf8 - BT#15044) Admin: Add configuration setting to activate view with ViewerJS PDF LP
[2018-11-02] (4c7dc3c - BT#14813) Admin: Add configuration setting importOpenSessions
[2018-11-02] (0d51722 - BT#14976) Admin: Add configuration setting in BBB plugin "disable_download_conference_link"
[2018-10-31] (40dcc1e - BT#14972) Admin: Add configuration setting "hide_gradebook_percentage_user_result" + fix rank column - Hide percentage in best/average gradebook results
[2018-10-31] (26d6fb4 - BT#15028) Admin: Add configuration setting "allow_only_one_student_publication_per_user"
[2018-10-29] (744479d - BT#14938) Add option to setting to hide lp navigation with arrows
[2018-10-24] (ed0d11a - BT#15003) Admin: Add configuration setting 'limit_session_admin_list_users'
[2018-10-22] (0c14460 - BT#14894) Admin: Add configuration setting "mail_template_system"
[2018-10-22] (54a8d0d - BT#14987) Admin: Add configuration setting 'block_student_publication_score_edition'. Teachers can't edit student score once the score was set. Admins can still edit those values
[2018-10-22] (501dcbe - BT#14986) Admin: Add configuration setting "block_student_publication_add_documents". Block "add documents" in student publication feature
[2018-10-22] (59d8aec - BT#14894) Admin: Add Mail template manager (requires specific activation process)
[2018-10-22] (53f18dc - BT#14985) Admin: Add configuration setting "block_student_publication_edition"
[2018-10-03] (60eaebf - BT#14906) Admin: Add configuration setting "hide_complete_name_in_whoisonline" To hide name from whoisonline
[2018-10-03] (5603615 - BT#14910) Admin: Add configuration setting "session_list_show_count_users" show only students
[2018-09-03] (cd9460d - BT#14372) Admin: Add configuration setting $_configuration['hide_flag_language_switcher'] = false; Hide country flags in the language switcher + fix login form.
[2018-08-31] (4c603d5) Admin: Add configuration setting "gradebook_multiple_evaluation_attempts". Add the possibility to add more attempts to the gradebook evaluation tool. Requires a DB change.
[2018-08-28] (7b6f760 - BT#14769) Admin: Add configuration setting 'hide_username_in_course_chat'
[2018-08-28] (afba2a6 - BT#14769) Admin: Add configuration setting 'hide_username_with_complete_name'
[2018-08-23] (f23fa4b - BT#14747) Scripts: Add multiple-access-urls conversion script allowing for the conversion of an existing single-url portal to the secondary url of a multiple-access-url portal

Assets 10
You can’t perform that action at this time.