Hello everyone,
The following versions of Totara have now been released:
- 2.7.7
- 2.6.24
- 2.5.31
- 2.4.34
- 2.2.41
These versions do contain security fixes and for this reason we strongly recommend upgrading.
Each release also includes bug fixes and improvements.
Thanks to the following people for there contributions: Andrew Hancox at Synergy Learning, Carlos Jurado at Kineo UK, Eugene Venter at Catalyst, Pavel Tsakalidis at Kineo UK.
Release 2.7.7 (22nd September 2015):
Improvements:
TL-6484 Totara Connect Server
Totara Connect makes it possible to connect one or more Totara LMS or
Totara Social installations to a master Totara LMS installation.
This connection allows for users, and audiences to be synchronised from the
master to all connected client sites.
Once synchronised users can move between the connected sites with ease
thanks to the single sign on system accompanying Totara Connect.
TL-6599 Changes to program assignment dates now override previous exceptions
When the completion date of an assignment in a program or certification is
changed, any previous exceptions that the related users had will be
removed, the specified date will be applied, and exceptions will be
recalculated. As a result, exceptions that were previously resolved using
"Dismiss and take no action" might reoccur, but this change is providing a
means to re-assign those users which was previously not possible (unless
the user was completely removed). This patch also enforces the rule that
due dates can only be increased (even if an earlier assignment date is set)
- previously it was unintentionally possible to decrease them under certain
circumstances.
TL-6634 Added a new capability for managing user profile fields
Added totara/core:manageprofilefields capability to allow managing of user
profile fields. By default it is not enabled for anyone
TL-6939 Added a warning that column aggregation options may not be compatible with reports that use aggregation internally
TL-6965 Reduced the number of DB queries used when triggering events on update of Face-to-face signups
TL-7151 Added additional settings to the Custom Totara Responsive theme
Custom Totara responsive now has the ability to change the text colour,
background colour, background image, background image location, and add a
footnote.
TL-7269 Added help text to timezones and times in Face-to-face sessions
TL-7272 Improved the layout of docked blocks
TL-7378 Improved the behaviour of the audience-based visibility section of the edit course form
Bug fixes:
TL-4527 Corrected PHP syntax error when using Hierarchy bulk actions.
TL-5822 Added a warning to pre-install environment checks if the max_input_vars setting is too low.
TL-6195 Fixed duplicate messages being sent to managers by Face-to-face when the user has an invalid email address
TL-6265 Fixed navigation by month in the Face-to-face calendar block
TL-6632 Fixed the generation of unique tokens within core libraries
There were several cases of uniqid being used to generate unique
identifiers or tokens.
These calls have now been improved to use a method that ensures a truly
unique identifier or token is generated.
TL-6659 Refactored program assignment code
Refactored program assignment code to make it more efficient and easier to
maintain. It will also prevent sql problems, which could occur on some
systems with some configurations, when assigning large numbers of users to
programs and certifications (such as using an audience). Performance for
adding and removing users has been improved by about a factor of two, while
performance when reprocessing existing user assignments (happens during
nightly cron) has been significantly improved (from 3 database queries per
user assignment down to zero). This should greatly reduce problems
experienced with long nightly cron jobs on large sites.
TL-6804 Fixed competencies in a learning plan showing linked courses even when the course was hidden
TL-6940 Fixed permissions handling when using the multiple hierarchy dialog
The multi hierarchy dialog extends the standard hierarchy dialog but failed
to pass through the fourth parameter. This caused the permissions to be
incorrectly checked resulting in a false permissions error.
TL-6970 Fixed hierarchy page not loading due to MySQL join limit
MySQL has a limit of 61 tables in a join. When viewing a hierarchy
framework, when 60 or more custom fields were defined (across one or more
types), the page was failing to load. The query has been changed to prevent
this problem.
TL-6980 Fixed the "Show only active enrolments" option in the Grader Report
TL-7023 The "Upcoming Certifications" block will now be hidden when "Enable Certifications" is set to Hide or Disable.
TL-7035 Fixed inconsistent date fields in Excel exports from the Record of Learning - Certifications report source
TL-7039 Prevented Face-to-face from sending booking confirmations for past sessions
When turning off "Approval required" for a Face-to-face activity a booking
notification was being sent for sessions in the past. This is now
prevented.
TL-7045 Enable content restriction options for the Face-to-face interest report source
TL-7074 Fixed the context for capability checks for the display of the button to create new courses, programs and certifications.
Users who had been assigned a role with permissions to create programs,
certifications or courses within specific categories would not have the
relevant "Create" button within the enhanced catalog. Now if they have
permissions to create a program, certification or course within any
category, this button will appear.
TL-7114 See details
2.6, 2.5:
Message: Show hidden programs to enrolled users in the Record of Learning
Details: Several problems were fixed relating to course, program and
certification visibility, in relation to the normal and audience based
visibility settings. In some situations, the normal visibility setting was
being used when audience visibility was enabled. As a consequence, hidden
assigned programs will now be visible in the Record of Learning, bringing
them in line with courses and certifications. As before this patch, hidden
assigned courses will not be accessible, but hidden assigned programs and
certifications will be.
2.7:
Message: Show hidden courses, programs and certifications to enrolled users
in the Record of Learning
Details: Several problems were fixed relating to course, program and
certification visibility, in relation to the normal and audience based
visibility settings. In some situations, the normal visibility setting was
being used when audience visibility was enabled. As a consequence, hidden
assigned courses, programs and certifications will now be visible in the
Record of Learning, restoring the behaviour from Totara 2.6. As before this
patch, hidden assigned courses will not be accessible, but hidden assigned
programs and certifications will be.
TL-7121 Fixed Programs that are potentially stuck as unavailable
In 2.6.10, we removed the "availability" checkbox, so that availability is
now controlled via the available from/until date fields. This upgrade
catches any programs left as unavailable without availability dates. Any
issues found will be output to the screen during the upgrade and saved to
the upgrade_logs.
TL-7164 Fixed pagination on the Record of Learning course, program and certification history pages
TL-7166 Added course reminders to the course backup and restore functionality
TL-7186 Fixed the translation of generic error messages within totara dialogs
TL-7191 Fixed a missing sesskey in ajax requests when creating a filter in report builder reports
The sesskey and relevant checks were missing in ajax requests involved in
adding some audience filters to the report builder. These have now been
put in place.
TL-7206 Fixed the default end date for learning plans not defaulting to the end date of the associated learning plan template
TL-7215 Fixed reportbuilder filters for "Menu of choices" custom fields with values containing a comma
TL-7220 Fixed the Foreign key checks for Totara Dashboards in the XMLDB editor
TL-7222 Removed the dashboards link from the navigation node when a user has no dashboards assigned
TL-7224 Fixed the display of Certificates where the "Print Date" depends on a deleted activity
TL-7234 Fixed the caching of custom Totara Menu urls with course id parameter
TL-7235 Fixed an error on repository settings pages for hidden but enabled repositories
TL-7248 Reverted change causing an inability to see uploaded images in Internet Explorer
TL-7263 Fixed the restoration of course backups containing invalid audience visibility settings
If you backup a course with audience visibility it includes the ids of all
selected audiences, previously if you attempted to restore this backup
without matching audiences it would fail, now it logs a warning and
continues restoring the course. It is important to note if you are moving
backups between sites the audience ids might not match the expected
audiences.
TL-7265 Improved the layout of tabs when viewing a SCORM
TL-7275 Fixed case sensitivity for the search within Hierarchy bulk actions.
TL-7281 Fixed Face-to-face signup process when approval is required for a session with no date
This issue occurred when a user signed up to a Face-to-face session that
required approval but did not yet have a date. When the manager approved
the signup request they were incorrectly booked into the session instead of
waitlisted.
TL-7283 Fixed the field mapping for Organisation and Position imports using a database source
TL-7292 Fixed a display issue with the file manager when loaded in an iframe
When loading the file manager within an atto editor instance and attempting
to upload a new file, the display was inconsistent with other file editors.
This patch fixes that issue
TL-7295 Remove unused function rb_display_certification_duedate from base source
TL-7296 Fixed the minimum Totara 2.2 version in the UPGRADE.txt file
TL-7303 Fixed hours_minutes display function in the report builder
TL-7319 Fixed the display of custom fields in the report builder when using a non-English language
TL-7323 Added checks for https:// links in the learning plans evidence link functionality
TL-7328 Fixed checks for the course custom fields create, update, and delete capabilities
TL-7333 Reset cache for current session if required and do not show a menu item if it is disabled through an "Advanced features" setting
TL-7351 Fixed icon display when managing courses and categories
TL-7360 Consistently prevent suspended and deleted users from getting any emails
TL-7362 Updated INSTALL.txt to reflect support for IE8
Contributions:
* Andrew Hancox at Synergy Learning - TL-6195
* Carlos Jurado at Kineo UK - TL-6265
* Eugene Venter at Catalyst - TL-7166
* Pavel Tsakalidis at Kineo UK - TL-7164
Release 2.6.24 (22nd September 2015):
Security issues:
TL-7373 Fixed potential XSS through grouping description
TL-7374 Fixed the display of the manage files button in editors
Bug fixes:
TL-4527 Corrected PHP syntax error when using Hierarchy bulk actions.
TL-5822 Added a warning to pre-install environment checks if the max_input_vars setting is too low.
TL-6195 Fixed duplicate messages being sent to managers by Face-to-face when the user has an invalid email address
TL-6265 Fixed navigation by month in the Face-to-face calendar block
TL-6632 Fixed the generation of unique tokens within core libraries
There were several cases of uniqid being used to generate unique
identifiers or tokens.
These calls have now been improved to use a method that ensures a truly
unique identifier or token is generated.
TL-6659 Refactored program assignment code
Refactored program assignment code to make it more efficient and easier to
maintain. It will also prevent sql problems, which could occur on some
systems with some configurations, when assigning large numbers of users to
programs and certifications (such as using an audience). Performance for
adding and removing users has been improved by about a factor of two, while
performance when reprocessing existing user assignments (happens during
nightly cron) has been significantly improved (from 3 database queries per
user assignment down to zero). This should greatly reduce problems
experienced with long nightly cron jobs on large sites.
TL-6804 Fixed competencies in a learning plan showing linked courses even when the course was hidden
TL-6940 Fixed permissions handling when using the multiple hierarchy dialog
The multi hierarchy dialog extends the standard hierarchy dialog but failed
to pass through the fourth parameter. This caused the permissions to be
incorrectly checked resulting in a false permissions error.
TL-7035 Fixed inconsistent date fields in Excel exports from the Record of Learning - Certifications report source
TL-7039 Prevented Face-to-face from sending booking confirmations for past sessions
When turning off "Approval required" for a Face-to-face activity a booking
notification was being sent for sessions in the past. This is now
prevented.
TL-7074 Fixed the context for capability checks for the display of the button to create new courses, programs and certifications.
Users who had been assigned a role with permissions to create programs,
certifications or courses within specific categories would not have the
relevant "Create" button within the enhanced catalog. Now if they have
permissions to create a program, certification or course within any
category, this button will appear.
TL-7114 See details
2.6, 2.5:
Message: Show hidden programs to enrolled users in the Record of Learning
Details: Several problems were fixed relating to course, program and
certification visibility, in relation to the normal and audience based
visibility settings. In some situations, the normal visibility setting was
being used when audience visibility was enabled. As a consequence, hidden
assigned programs will now be visible in the Record of Learning, bringing
them in line with courses and certifications. As before this patch, hidden
assigned courses will not be accessible, but hidden assigned programs and
certifications will be.
2.7:
Message: Show hidden courses, programs and certifications to enrolled users
in the Record of Learning
Details: Several problems were fixed relating to course, program and
certification visibility, in relation to the normal and audience based
visibility settings. In some situations, the normal visibility setting was
being used when audience visibility was enabled. As a consequence, hidden
assigned courses, programs and certifications will now be visible in the
Record of Learning, restoring the behaviour from Totara 2.6. As before this
patch, hidden assigned courses will not be accessible, but hidden assigned
programs and certifications will be.
TL-7121 Fixed Programs that are potentially stuck as unavailable
In 2.6.10, we removed the "availability" checkbox, so that availability is
now controlled via the available from/until date fields. This upgrade
catches any programs left as unavailable without availability dates. Any
issues found will be output to the screen during the upgrade and saved to
the upgrade_logs.
TL-7164 Fixed pagination on the Record of Learning course, program and certification history pages
TL-7191 Fixed a missing sesskey in ajax requests when creating a filter in report builder reports
The sesskey and relevant checks were missing in ajax requests involved in
adding some audience filters to the report builder. These have now been
put in place.
TL-7224 Fixed the display of Certificates where the "Print Date" depends on a deleted activity
TL-7248 Reverted change causing an inability to see uploaded images in Internet Explorer
TL-7265 Improved the layout of tabs when viewing a SCORM
TL-7275 Fixed case sensitivity for the search within Hierarchy bulk actions.
TL-7281 Fixed Face-to-face signup process when approval is required for a session with no date
This issue occurred when a user signed up to a Face-to-face session that
required approval but did not yet have a date. When the manager approved
the signup request they were incorrectly booked into the session instead of
waitlisted.
TL-7283 Fixed the field mapping for Organisation and Position imports using a database source
TL-7319 Fixed the display of custom fields in the report builder when using a non-English language
TL-7323 Added checks for https:// links in the learning plans evidence link functionality
TL-7360 Consistently prevent suspended and deleted users from getting any emails
TL-7362 Updated INSTALL.txt to reflect support for IE8
Contributions:
* Andrew Hancox at Synergy Learning - TL-6195
* Carlos Jurado at Kineo UK - TL-6265
* Pavel Tsakalidis at Kineo UK - TL-7164
Release 2.5.31 (22nd September 2015):
Security issues:
TL-7373 Fixed potential XSS through grouping description
Bug fixes:
TL-4527 Corrected PHP syntax error when using Hierarchy bulk actions.
TL-5822 Added a warning to pre-install environment checks if the max_input_vars setting is too low.
TL-6195 Fixed duplicate messages being sent to managers by Face-to-face when the user has an invalid email address
TL-6632 Fixed the generation of unique tokens within core libraries
There were several cases of uniqid being used to generate unique
identifiers or tokens.
These calls have now been improved to use a method that ensures a truly
unique identifier or token is generated.
TL-6659 Refactored program assignment code
Refactored program assignment code to make it more efficient and easier to
maintain. It will also prevent sql problems, which could occur on some
systems with some configurations, when assigning large numbers of users to
programs and certifications (such as using an audience). Performance for
adding and removing users has been improved by about a factor of two, while
performance when reprocessing existing user assignments (happens during
nightly cron) has been significantly improved (from 3 database queries per
user assignment down to zero). This should greatly reduce problems
experienced with long nightly cron jobs on large sites.
TL-6804 Fixed competencies in a learning plan showing linked courses even when the course was hidden
TL-7039 Prevented Face-to-face from sending booking confirmations for past sessions
When turning off "Approval required" for a Face-to-face activity a booking
notification was being sent for sessions in the past. This is now
prevented.
TL-7114 See details
2.6, 2.5:
Message: Show hidden programs to enrolled users in the Record of Learning
Details: Several problems were fixed relating to course, program and
certification visibility, in relation to the normal and audience based
visibility settings. In some situations, the normal visibility setting was
being used when audience visibility was enabled. As a consequence, hidden
assigned programs will now be visible in the Record of Learning, bringing
them in line with courses and certifications. As before this patch, hidden
assigned courses will not be accessible, but hidden assigned programs and
certifications will be.
2.7:
Message: Show hidden courses, programs and certifications to enrolled users
in the Record of Learning
Details: Several problems were fixed relating to course, program and
certification visibility, in relation to the normal and audience based
visibility settings. In some situations, the normal visibility setting was
being used when audience visibility was enabled. As a consequence, hidden
assigned courses, programs and certifications will now be visible in the
Record of Learning, restoring the behaviour from Totara 2.6. As before this
patch, hidden assigned courses will not be accessible, but hidden assigned
programs and certifications will be.
TL-7191 Fixed a missing sesskey in ajax requests when creating a filter in report builder reports
The sesskey and relevant checks were missing in ajax requests involved in
adding some audience filters to the report builder. These have now been
put in place.
TL-7224 Fixed the display of Certificates where the "Print Date" depends on a deleted activity
TL-7248 Reverted change causing an inability to see uploaded images in Internet Explorer
TL-7265 Improved the layout of tabs when viewing a SCORM
TL-7360 Consistently prevent suspended and deleted users from getting any emails
Contributions:
* Andrew Hancox at Synergy Learning - TL-6195
Release 2.4.34 (22nd September 2015):
Security issues:
TL-7043 Fixed course creator role capabilities for managing audiences
TL-7373 Fixed potential XSS through grouping description
Bug fixes:
TL-4527 Corrected PHP syntax error when using Hierarchy bulk actions.
TL-7039 Prevented Face-to-face from sending booking confirmations for past sessions
When turning off "Approval required" for a Face-to-face activity a booking
notification was being sent for sessions in the past. This is now
prevented.
TL-7191 Fixed a missing sesskey in ajax requests when creating a filter in report builder reports
The sesskey and relevant checks were missing in ajax requests involved in
adding some audience filters to the report builder. These have now been
put in place.
TL-7224 Fixed the display of Certificates where the "Print Date" depends on a deleted activity
TL-7248 Reverted change causing an inability to see uploaded images in Internet Explorer
TL-7358 Fixed a database error in the assignment module during course restore
Release 2.2.41 (22nd September 2015):
Security issues:
TL-7043 Fixed course creator role capabilities for managing audiences
TL-7373 Fixed potential XSS through grouping description
Bug fixes:
TL-4527 Corrected PHP syntax error when using Hierarchy bulk actions.
TL-7191 Fixed a missing sesskey in ajax requests when creating a filter in report builder reports
The sesskey and relevant checks were missing in ajax requests involved in
adding some audience filters to the report builder. These have now been
put in place.
TL-7248 Reverted change causing an inability to see uploaded images in Internet Explorer