Hello everyone,
The following versions of Totara have now been released:
- 2.9.5
- 2.7.13
- 2.6.30
- 2.5.37
- 2.4.40
- 2.2.46
These versions do contain security fixes and for this reason we strongly recommend upgrading.
Each release also includes bug fixes and improvements.
Kind regards
Sam Hemelryk
Release 2.9.5 (23rd March 2016):
Important:
TL-6790 Changed the default behaviour of certification reassignment
Previously a user who was unassigned and reassigned to a certification
would be placed back into their initial certification path. Depending on
their current course completions, their status may have been reaggregated
on the next cron run. Now the system will look for the latest unassigned
certification completion history record and the user will be restored to
their previous status instead. Any events that need to occur (such as
window opening) will take place when the relevant scheduled task runs (e.g.
update_certification_task).
Security issues:
TL-8641 The following security fixes were included with the merge of Moodle 2.9.5
* MDL-51167 Hidden courses are shown to students in Event Monitor
* MDL-52378 Non-Editing Instructor role can edit exclude checkbox in Single
View
* MDL-52651 Add no referrer to links with _blank target attribute
* MDL-52727 Reflected XSS in mod_data advanced search
* MDL-52774 Enumeration of category details possible without
authentication
* MDL-52808 External function get_calendar_events return events that
pertains to hidden activities
* MDL-52901 External function mod_assign_save_submission does not check due
dates
* MDL-53031 CSRF in Assignment plugin management page
Improvements:
TL-6296 Added an aria-label to select user checkbox when viewing course participants
TL-6723 Added automatic test coverage of the security overview report
TL-7864 Added haschildren class to top level totara menu items when applicable
TL-8295 Improved perfomance when getting items assigned to plans
This get_assigned_items function by default was returning the counts of any
linked items. This was leading to performance issues when the counts were
not required. The function now returns this information only when required.
TL-8422 Improved output of the standard logstore cleanup task
TL-8478 Added pagination to the Global Report Restriction administration page
TL-8484 Linked Report Builder Financial year setting labels to their inputs
TL-8532 Added an accessible label when adding a comment to a learning plan
Bug fixes:
TL-8205 Removed unassigned users that incorrectly show up in certification completion reports
Reports that used the 'Certification Completion' report source would
contain users that had been unassigned from a certification. This would
only be the case if the user was unassigned before their recertification
window opened and the data for these users would be incorrect for some
columns. Unassigned users will no longer show up in certification
completion reports, which is in line with documentation on this report
source.
Note that if you require a report that includes data for unassigned users.
You may like to create a report that uses the Record of Learning:
Certification report source.
TL-8274 Fixed calendar navigation on non-default home page
TL-8277 Fixed incorrect highlighting of menu items
When enhanced catalog was off, viewing the pages specific to the enhanced
catalog were leading to the Find Learning menu items being highlighted.
This has been corrected.
TL-8280 Fixed manual changes to course completion competency proficiency being overridden
Before the patch, if a manager set a course completion competency to
proficient, it was being overridden by a cron task. Now, the change the
manager made will be kept.
TL-8339 Fixed saving of due dates when creating and editing objectives in learning plans
TL-8345 Ensured sum aggregation uses display function if available
TL-8363 Ensured courses assigned to plans are removed when a course is deleted
TL-8364 Removed extra line breaks in Face-to-face messages
TL-8381 Ensured Hierarchy custom field data is deleted when a Hierarchy item is deleted
TL-8407 Improved layout of the graph tooltip in Internet Explorer using a rtl langauge
TL-8409 Prevented saving scheduled reports without a recipient
TL-8412 Fixed 'menuofchoice' custom field for sidebar filter in report builder
TL-8419 Fixed issue that prevented blocks from being edited with Totara Dashboard enabled as default home
TL-8427 Fixed position selecting which was incorrectly disabled when disabling position hierarchies
TL-8441 Increased maxlength of objective scales value name to 255 characters
TL-8444 Fixed Program and Certification Membership reports for MSSQL
TL-8457 Fixed a spelling mistake in the program extension request error message
TL-8477 Fixed Date (No timezone) user profile field in Report Builder
TL-8479 Fixed the MSSQL NVARCHAR migration upgrade step
TL-8482 Removed empty labels when adding/editing External tools
TL-8496 Fixed count of overdue users on Appraisals report page
TL-8506 Fixed AJAX deletion of an assigned audience when creating a dashboard
TL-8508 Fixed untranslatable string "Face-to-face name" in Face-to-face sessions report source
TL-8521 Improved course participants template for template library
TL-8538 Fixed dates in ODS exports to use current user timezone to match all other export options
TL-8583 Session end time is now adjusted in IE11 when start time is adjusted
Release 2.7.13 (23rd March 2016):
Important:
TL-6790 Changed the default behaviour of certification reassignment
Previously a user who was unassigned and reassigned to a certification
would be placed back into their initial certification path. Depending on
their current course completions, their status may have been reaggregated
on the next cron run. Now the system will look for the latest unassigned
certification completion history record and the user will be restored to
their previous status instead. Any events that need to occur (such as
window opening) will take place when the relevant scheduled task runs (e.g.
update_certification_task).
Security issues:
TL-8642 The following security fixes were included with the merge of Moodle 2.7.13
MDL-52378 Non-Editing Instructor role can edit exclude checkbox in Single
View
MDL-52651 Add no referrer to links with _blank target attribute
MDL-52727 Reflected XSS in mod_data advanced search
MDL-52774 Enumeration of category details possible without authentication
MDL-52808 External function get_calendar_events return events that pertains
to hidden activities
MDL-52901 External function mod_assign_save_submission does not check due
dates
MDL-53031 CSRF in Assignment plugin management page
Improvements:
TL-6723 Added automatic test coverage of the security overview report
TL-8295 Improved perfomance when getting items assigned to plans
This get_assigned_items function by default was returning the counts of any
linked items. This was leading to performance issues when the counts were
not required. The function now returns this information only when required.
TL-8422 Improved output of the standard logstore cleanup task
TL-8484 Linked Report Builder Financial year setting labels to their inputs
Bug fixes:
TL-8205 Removed unassigned users that incorrectly show up in certification completion reports
Reports that used the 'Certification Completion' report source would
contain users that had been unassigned from a certification. This would
only be the case if the user was unassigned before their recertification
window opened and the data for these users would be incorrect for some
columns. Unassigned users will no longer show up in certification
completion reports, which is in line with documentation on this report
source.
Note that if you require a report that includes data for unassigned users.
You may like to create a report that uses the Record of Learning:
Certification report source.
TL-8274 Fixed calendar navigation on non-default home page
TL-8277 Fixed incorrect highlighting of menu items
When enhanced catalog was off, viewing the pages specific to the enhanced
catalog were leading to the Find Learning menu items being highlighted.
This has been corrected.
TL-8280 Fixed manual changes to course completion competency proficiency being overridden
Before the patch, if a manager set a course completion competency to
proficient, it was being overridden by a cron task. Now, the change the
manager made will be kept.
TL-8339 Fixed saving of due dates when creating and editing objectives in learning plans
TL-8345 Ensured sum aggregation uses display function if available
TL-8363 Ensured courses assigned to plans are removed when a course is deleted
TL-8364 Removed extra line breaks in Face-to-face messages
TL-8396 Fixed default sort order for graphical report block
TL-8407 Improved layout of the graph tooltip in Internet Explorer using a rtl langauge
TL-8409 Prevented saving scheduled reports without a recipient
TL-8412 Fixed 'menuofchoice' custom field for sidebar filter in report builder
TL-8419 Fixed issue that prevented blocks from being edited with Totara Dashboard enabled as default home
TL-8440 Fixed report sort column for scheduled reports
TL-8441 Increased maxlength of objective scales value name to 255 characters
TL-8444 Fixed Program and Certification Membership reports for MSSQL
TL-8479 Fixed the MSSQL NVARCHAR migration upgrade step
TL-8508 Fixed untranslatable string "Face-to-face name" in Face-to-face sessions report source
TL-8538 Fixed dates in ODS exports to use current user timezone to match all other export options
Release 2.6.30 (23rd March 2016):
Important:
TL-6790 Changed the default behaviour of certification reassignment
Previously a user who was unassigned and reassigned to a certification
would be placed back into their initial certification path. Depending on
their current course completions, their status may have been reaggregated
on the next cron run. Now the system will look for the latest unassigned
certification completion history record and the user will be restored to
their previous status instead. Any events that need to occur (such as
window opening) will take place when the relevant scheduled task runs (e.g.
update_certification_task).
Security issues:
TL-8614 Prevented reflected XSS vulnerability in mod_data advanced search
TL-8616 Fixed access control in ajax script returning navigation branches
TL-8617 Fixed external function get_calendar_events to not return events for hidden activities
TL-8618 Added due dates check to external assignment save submission
TL-8619 Added session check to assignment plugins management
Bug fixes:
TL-8367 Fixed visiblity of hidden courses on the My Bookings page
TL-8444 Fixed Program and Certification Membership reports for MSSQL
TL-8479 Fixed the MSSQL NVARCHAR migration upgrade step
TL-8600 Fixed error when saving Certification tab when editing or creating a Certification
Release 2.5.37 (23rd March 2016):
Important:
TL-6790 Changed the default behaviour of certification reassignment
Previously a user who was unassigned and reassigned to a certification
would be placed back into their initial certification path. Depending on
their current course completions, their status may have been reaggregated
on the next cron run. Now the system will look for the latest unassigned
certification completion history record and the user will be restored to
their previous status instead. Any events that need to occur (such as
window opening) will take place when the relevant scheduled task runs (e.g.
update_certification_task).
Security issues:
TL-8614 Prevented reflected XSS vulnerability in mod_data advanced search
TL-8616 Fixed access control in ajax script returning navigation branches
TL-8617 Fixed external function get_calendar_events to not return events for hidden activities
TL-8619 Added session check to assignment plugins management
Bug fixes:
TL-8367 Fixed visiblity of hidden courses on the My Bookings page
TL-8444 Fixed Program and Certification Membership reports for MSSQL
Release 2.4.40 (23rd March 2016):
Security issues:
TL-8614 Prevented reflected XSS vulnerability in mod_data advanced search
TL-8616 Fixed access control in ajax script returning navigation branches
TL-8619 Added session check to assignment plugins management
Release 2.2.46 (23rd March 2016):
Security issues:
TL-8614 Prevented reflected XSS vulnerability in mod_data advanced search
TL-8616 Fixed access control in ajax script returning navigation branches
