Chamilo 1.11.8
27 January 2019
Chamilo version 1.11.8 is now available (security release).
Upgrading to Chamilo 1.11.8
Chamilo 1.11.8 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Chamilo updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Chamilo install to test the 1.11.8 upgrade prior to applying it live. Get started managing your Chamilo installations with Installatron
What's New in Chamilo 1.11.8
1.11.8
Chamilo 1.11.8 is a minor, bug fix and security fix release with dozens of improvements and bug fixes.
Security
- Add app/Resources/public/css to the list of directories where execution of PHP is forbidden
- Add documentation about X-Frame-Options in configuration.dist.php
- Add Security::remove_XSS to clean variables from $_REQUEST
- Update PHP files extension matching pattern in .htaccess and documentation to match all possible forms supported by PHP 5 and PHP 7.
- add rules to .htaccess to prevent direct PHP execution from the corresponding directories and updates security.html with a missing change in the previous commit. Using security.html is still the recommended way to go for security, but in the absence of that, we want to make sure Chamilo is always more secure.
- Add Nginx rules to security documentation, in order to prevent execution of PHP files from the uploadable-files directories
- Fix who is online access: now it will check chamilo settings api_get_setting('showonline', 'world') api_get_setting('showonline', 'users') api_get_setting('showonline', 'course')
- Security: Use json_decode/json_encode instead base64 - Add Security::remove_XSSS
- Check access to "who is online in session"
- Fix work access for teachers and students
WARNINGS
- Gradebook: Rename disable_gradebook_stats to gradebook_enable_best_score and fix behaviour: now the setting will be required to *enable* the 3 last columns of the gradebook results table (avg, best score and ranking)
- Gradebook: Avoid conflict between gradebook_detailed_admin_view and disable_gradebook_stats
1.11.6
Chamilo 1.11.6 is a minor, bugfix release on top of 1.11.4 with dozens of improvements and bug fixes.
Security
- Remove excessive SQL quotes filtering adding risk to queries