moodle went up to v 1.9.4 last week. there are some important fixes, it is time to upgrade.
Founder Martin Dougiamas said:
“Schools often don’t have very good IT support and neglect this kind of vital maintenance, even though we try to notify them.”
Way to go to alienate some of your biggest user base... :tape2:
some of the comments point out that the sites with porn on them allowed self registration?
thats like giving a paedo a key to the school, the front door and the toilets is it not?
After disussions with our LEA a few weeks ago they have made the decision to postpone their 1.9 upgrades until version 2 is released and then move there.
We are on 1.8.3 :-0
I've just sent the link in this post to our LEA guy. Hopefully they will see sense. Although you cannot register to access our Moodle.
You will find that a lot of the security bugs come in at version 1.9+ so sticking with 1.8 might be a smart move, although there are more up to date 1.8 versions (1.8.7 I think?)
With added functionality comes more security holes.
I would defiantly hang fire on upgrading to 2.0, whenever it is released, i'd be using 1.9+ for a few good months before putting 2.0 as a live service.
Every time I send out Moodle security notices to our registered admins (currently around 45,000 people from all educational sectors around the world) I get back at least 1000 private emails, and many of them are from poor sods looking after an old Moodle site with no clue how to upgrade or even how to follow our documentation about it. There's even people in this discussion on 1.8.3 still, for example (See version history Moodle version history - MoodleDocs)
There must be many more unregistered users world-wide who used a one-click Fantastico install or Ubnuntu package or something who we can't even contact and wouldn't even think to visit Moodle.org: Security news. This is why we now have a new Security report built into Moodle (in 75 languages!). I really hope that helps people tighten up their sites.
Constructive suggestions to improve the situation are always welcome! No-one wants to let spammers win.
[quote=moodler;285980]There's even people in this discussion on 1.8.3 still, for example (See version history Moodle version history - MoodleDocs) -[quote]
Ahh that will be me then LOL.
The Moodle installation is out of my hands and is stored along with 13/14 other Moodle installations (all 1.8.3) on an LEA server in LEA Towers.
I've asked to be upgraded to a 1.9.x but have been told to wait until 2.x.x is out.
There were reasons for asking to upgrade - we were having problems with SCORM importing - but I see a security issue as good enough to upgrade in itself.