Totara 2.2.14 is a "security" release, because it includes important fixes for potential security vulnerabilities. We recommend upgrading your site to this release.

In addition 2.2.14 completes the transition to the new AMOS-based language pack management system, and removes the Totara language packs from the distributed code. Totara language packs are now updated automatically on every upgrade, or can be manually checked for new additions using the Site Administration -> Language - > Language Packs tool.

Because of this there are some major changes to the file structure, and upgrades to 2.2.14 should be carried out by REPLACING the existing codebase (after backing up any local modules and customisations you may have), rather than simply extracting a ZIP into the existing directory. This is always best practice anyway, in order to ensure that all files are in their correct locations on each release, but is particularly important for 2.2.14.

2.2.14 also involves significant changes to Timezone handling, with old Moodle-style UTC offset timezones now deprecated as they did not handle Daylight Savings changes correctly. There is a new admin tool at Site Administration -> Location -> Check User Timezones to allow administrators to set valid timezones for any users who may have incorrect timezones set in their profile. Facetoface sessions now also require a location timezone to be set, and all Facetoface sessions occuring in the future should be checked after this upgrade, to ensure timezone and daylight-savings adjustments are correct for new sign-ups.

Here's the 2.2.14 changelog:

Release 2.2.14 (7th February 2013):
==================================================

Security fixes:
    T-10274     Add ability to lockout users after N failed login attempts                                New "Account lockout" settings are found in Site Administration -> Security -> Site Policies
    T-10263     Remove links to user profiles in Alerts

Database upgrades:
    T-10276     Fix course and hierarchy custom field sortorder on sites upgraded from 1.0
    T-9844      Fix count of unread messages in Message block

Improvements:
    T-8078      Improve Timezone handling                                                                 Added new user timezone fixing tool, added timezone field to Facetoface sessions.
                                                                                                          Administrators should use the new tool at Site Administration -> Location -> Check User Timezones,
                                                                                                          to ensure all users have a valid timezone set.
                                                                                                          All Facetoface sessions occuring in the future should also be checked,
                                                                                                          to ensure timezone and daylight-savings adjustments are correct for new F2F sign-ups.

    T-9832      Remove all non-English langpacks from codebase                                            This completes the transition to the new AMOS-based language architecture.
                                                                                                          New Totara language packs can be installed via Site Administration -> Language
    T-10234     Add UI to allow administrators to manually run totara_sync from the browser               Requires new capability tool/totara_sync:runsync to be assigned to the appropriate user Roles

Bug fixes:
    T-10280     Fix uploading of theme files on sites with long URLs
    T-10261     Change hover text to use course/program name in Course Catalog
    T-9832      Change language pack references from download.moodle.org to download.totaralms.com
    T-10127     Increase height of the select box in Audience rules
    T-10262     Fix IE style issues in Feedback Analysis screen
    T-10069     Fix purging of theme caches when theme settings are changed
    T-10175     Fix function call in totara_addtoplan block
    T-10272     Fix site log entries when adding Facetoface session
    T-10282     Fix backup of course and Facetoface custom fields
    T-10267     Fix display of My Learning Plan block to users who are not logged in
    T-10253     Improve totara_sync performance with large import files on mySQL
    T-10149     Fix ability of manager to approve Facetoface requests from Alerts
    T-10265     Fix backup of SCORM completion settings in course backups
    T-10218     Fix MSSQL SQL queries for non-Latin characters
    T-10217     Fix user search dialog for non-Latin characters in names
    T-10271     Fix case-sensitive searches in Audiences
    T-10275     Make idnumber field on user edit form static when totara_sync is enabled for user source

Also released today is a "snapshot" release of Totara 1.1.22. Here's the 1.1.22 changelog:

Release 1.1.22 (7 February 2013):
==================================================

Database upgrades:
    T-10199     Fix MSSQL error on Facetoface upgrades
    T-10210     Fix errors on Program Management upgrades
    T-10144     Delete dashboard instances when deleting user
    T-10276     Fix course and hierarchy custom field sortorder after upgrade from 1.0

Bug fixes:
    T-10161     Fix access checks on Learning Plan item view pages
    T-10232     Add search to cohort dialog in Program Management user assignment
    T-10260     Fix popup notifications for messaging
    T-10217     Fix user search dialog for non-Latin characters in names
    T-10175     Fix function call in addtoplan block
    T-10283     Fix display of summaries containing HTML in Learning Plan components
    T-10071     Fix "user from" display in messages to avoid system-generated messages appearing to come from managers