This week we have releases of both the 1.0 and 1.1 versions of Totara, in order to incorporate the most recent version of Moodle (1.9.15). This includes a number of security fixes so we recommend all sites upgrade to either 1.0.28 or 1.1.5.

Here's the 1.0.28 changelog:

Release 1.0.28 (2 December 2011):
==================================================

Security fixes:
    T-9484      Clean URL parameters in javascript to prevent XSS           Thanks to Nick Freeman from security-assessment.com for finding this

Improvements:
    T-8485      Dutch language pack added
    T-8485      Additions to Arabic, Finnish, French, German, Hebrew,
                Portuguese, Simplified Chinese, Spanish Castilian Spanish and Swedish packs

Bug fixes:
                Fixes from MoodleHQ http://docs.moodle.org/dev/Moodle_1.9.15_release_notes
    T-9469      totara_get_staff() now doesn't return deleted users
    T-8485      Retire lang/en_utf8_local/ directory to make syncing translations easier
    T-8485      Remove extra copy of feedback block lang file
    T-9414      RPL column not created during upgrade from Moodle
    T-5734      Fixed missing format_string on competency name in the competency linked evidence list for a course
    T-9476      Fix include errors and layout/display issues when using messaging
    T-9463      Fix use of strcmp in learning plans
    T-9483      Fix saving of due date when creating objected in learning plan

And here's the 1.1.5 changelog:

Release 1.1.5 (2 December 2011):
==================================================

Security fixes:
    T-9484      Clean URL parameters in javascript to prevent XSS                                 Thanks to Nick Freeman from security-assessment.com for finding this

Improvements:
    T-8485      Dutch language pack added
    T-8485      Additions to Finnish, German, Hebrew, Portuguese and Spanish

Bug fixes:
                Fixes from MoodleHQ http://docs.moodle.org/dev/Moodle_1.9.15_release_notes
    T-9476      Fix additional require statements in messages
    T-5734      Fixed missing format_string on competency name in the competency
                linked evidence list for a course
    T-6710      Fix typo in facetoface English language string
    T-9478      Remove incorrect permissions check on course browse pages                          Course creators now correctly see 'Add Course' button when editing is on
    T-9482      Refactor calendar picker to avoid duplication

Simon