The 2.7.5.1, 2.6.22.1, and 2.5.29.1 releases have now been published, 29th July 2015.
Details of the issue that lead to this emergency release can be found in the post above.
The changelogs for this release are as follows:
Release 2.7.5.1 (29th July 2015):
Bug fixes:
TL-6763 Fixed the display of the main menu when an item with children was not visible to the user
A problem was identified with the Totara main menu when the current user
could not see a top level menu item that had sub menu items that were still
visible.
Visibility was not being inherited by sub menu items correctly and this
resulted in a coding error.
This was fixed by ensuring that visibility gets inherited by sub menu
items.
TL-7044 Fixed rules for dynamic audiences based on a text input user profile field having multiple values
A bug was discovered with dynamic audiences which had been configured with
one or more rules on custom user profile fields with a series of comma
separated values.
When configured in this way users may be incorrectly added and/or removed
from the audience.
This could lead to users having access to things that they should not
otherwise have access to or for users to lose state and data if they were
incorrectly removed.
The fix for this includes a large number of new automated tests to ensure
that this does not happen again.
TL-7061 Fixed incorrect triggering of the report_created event
The report_created event was being incorrectly triggered when embedded
reports were being created.
This would occur the first time an embedded report was used.
The report_created event is now only ever triggered when the user creates a
new custom report.
Release 2.6.22.1 (29th July 2015):
Bug fixes:
TL-7044 Fixed rules for dynamic audiences based on a text input user profile field having multiple values
A bug was discovered with dynamic audiences which had been configured with
one or more rules on custom user profile fields with a series of comma
separated values.
When configured in this way users may be incorrectly added and/or removed
from the audience.
This could lead to users having access to things that they should not
otherwise have access to or for users to lose state and data if they were
incorrectly removed.
The fix for this includes a large number of new automated tests to ensure
that this does not happen again.
Release 2.5.29.1 (29th July 2015):
Bug fixes:
TL-7017 Fixed Totara Sync incorrectly deleting existing users when the CSV source has invalid values
A bug was found in Totara Sync when 'Source contains all records' has been
turned on, the 'Delete' sync action has been enabled, and a user in the
source has an invalid manager.
In this situation the user record would be incorrectly deleted.
TL-7044 Fixed rules for dynamic audiences based on a text input user profile field having multiple values
A bug was discovered with dynamic audiences which had been configured with
one or more rules on custom user profile fields with a series of comma
separated values.
When configured in this way users may be incorrectly added and/or removed
from the audience.
This could lead to users having access to things that they should not
otherwise have access to or for users to lose state and data if they were
incorrectly removed.
The fix for this includes a large number of new automated tests to ensure
that this does not happen again.
Kind regards
Sam