Hello everyone,
The following versions of Totara have now been released:
- 2.9.7
- 2.7.15
- 2.6.32
- 2.5.39
- 2.4.41
- 2.2.47
These versions do contain security fixes and for this reason we strongly recommend upgrading.
Each release also includes bug fixes and improvements.
Thanks to the following people for their contributions to this release:
- Artur Poninski at Webanywhere - TL-8599
- Carlos Jurado at Kineo - TL-8960
- Chris Wharton at Catalyst NZ - TL-8867
- Davo Smith at Synergy Learning - TL-8788
- Francis Devine at Catalyst NZ - TL-8919
- Malgorzata Dziodzio at Webanywhere - TL-8376
- Stacey Walker at Catalyst EU - TL-8936
Kind regards
Sam Hemelryk
Package information:
| SHA checksum | Package name | Size |
|---|---|---|
| 57d01b0b655f8de86072d21bd851655eeb73638e | totaralms-2.2.47.tar.gz | 26mb |
| fc8d8425719eae25208021537833060e6e5470aa | totaralms-2.4.41.tar.gz | 32mb |
| bfb48abff060990f052dc4171f40de6247f4800d | totaralms-2.5.39.tar.gz | 44mb |
| e02e36e60071caf58c1c8cbc8362062aea3eb179 | totaralms-2.6.32.tar.gz | 50mb |
| c0e1e338177095630036bb3014980eee88d0ec3d | totaralms-2.7.15.tar.gz | 56mb |
| 5bcad3359da88d49d85758b160e9a94c6507ea5b | totaralms-2.9.7.tar.gz | 47mb |
Release 2.9.7 (23rd May 2016):
Important:
TL-8973 Activity completions will now always reset on archive regardless of their visibility
When activity completions were archived during a certification window
opening, the completions for activities set to hidden were ignored and
would be retained. Activity completions are now archived regardless of
their visibility.
This patch also fixes an issue where Face-to-face completion data was not
being fully reset if the completion time of the Face-to-face activity was
changed to a later time.
This change means that after the archive_course_activities function is run,
any activities that should not be complete will have no record in the
course_modules_completion table, rather than have one which is set to
incomplete.
As well as affecting certification window opening, these changes will also
apply when using the archive completions function within a course.
Security issues:
TL-9057 Added sesskey checks when applying automatic fixes on the check completions page in the Program completion editor
Improvements:
TL-6666 Enabled the randomisation of test table ids
In Moodle 2.9 phpunit testing was changed so that the auto-increment IDs of
records created in each table started with a different value. This was
designed to improve the testing quality by preventing code and tests from
using the wrong ID, but still coincidently passing the tests. For example,
if a course and certification were created during a test, previously it
could be possible to reference the course ID when the certification ID
should be used, because they were both 1, but with the change the two IDs
will be different, and use of the incorrect ID will be illuminated. This
improvement was initially disabled because many tests needed to be updated
to support it - the improvement has now been enabled and all of the core
tests have been updated to run with it. Any custom tests using fixed record
IDs may need to be updated.
TL-7993 Removed the obsolete 'Manager emails' settings from Face-to-face
TL-8237 Improved the reliability of behat in Firefox and Chrome using the latest version of Selenium
The behat integration has been tuned for the latest releases of Selenium.
Several old "hacks" made in Totara to get behat working have been removed
as the Selenium drivers have improved. This has greatly improved both the
performance and reliability of behat in core, though could have some impact
on any custom behat tests.
TL-8376 Refactored the Face-to-face completion state SQL to improve performance
TL-8629 Rephrased the help text for the SCORM activity's "Force new attempt" setting to improve its clarity
TL-8665 Added an environment check for "always_populate_raw_post_data"
TL-8705 Improved how deleted users are being handled on the browse list of users page
The detection of legacy deleted users, checking that their email address
field is set to an MD5, has been improved by using a regular expression.
Users who have an invalid email address (without an @ symbol) will now show
in the user list on the "Browse list of users" page.
TL-8768 Improved the wording on the Documentation settings page, and ensured that all the settings work correctly
TL-9020 Created initial Program and Certification completion transaction logs
If a user assigned to a Program or Certification did not have any
transaction logs, a snapshot log record will be created during upgrade.
Likewise, a certification settings snapshot will be created if none exists.
This will help with diagnosing future problems.
TL-9022 Added confirmation when applying automated fixes to program completions
When using the program or certification completion checker or editor, when
you activate one of the fixes, you will now need to confirm the action.
This is to prevent accidental clicks, and provides additional warnings.
TL-9033 Increased the form field lengths on the Certification settings form
Bug fixes:
TL-8046 An editor is displayed when editing role descriptions
This change reverted MDL-50222 which converted the role description from an
editor to a plain text field as it was deemed to be internal only. Totara
however uses this field more than Moodle and the above change was reported
as a bug.
We have now reverted Moodle's change and returned the editor for that
field.
TL-8247 Fixed missing history records when not overriding the current record during a course completion import
Previously if you ticked the override checkbox when uploading course
completions, but the most recent completion date in the upload was less
than the current completion date in an existing record, the upload would
ignore the first record and move straight on to the next one. That first
record is now placed into history instead.
TL-8389 Fixed an issue with empty variables inside aggregate questions
TL-8408 Fixed the Face-to-face user cancellation status by checking the user's current status, avoiding multiple cancellations
TL-8472 Fixed the Terms & Conditions dialog box for Face-to-face self approval
TL-8494 Fixed changes to editing trainer assignments not being reflected in the course catalog immediately
TL-8554 Fixed zero values for appraisals rating questions
Both positive and negative numbers are valid values for ratings questions
in Appraisals, but a lot of the validation checks were using !empty() which
caused problems when trying to use zero. These checks have been updated and
zero is now an acceptable value in both numeric and custom ratings
TL-8561 Changed the display of certification settings in the completion editor to use translatable strings
TL-8587 Improved the 'Grade to pass' setting validation in Quizzes
If the 'Require passing grade' activity completion setting is enabled, the
'Grade to pass' must now have a greater-than-zero value. This restriction
is also enforced when editing Quiz settings in the gradebook.
TL-8599 Corrected the completion time used for completion criteria based on completion of another course
Completion criteria based on completion of another course now use the
completion time of that course when setting the completion time of the
criteria, rather than using the time that the criteria was aggregated.
TL-8605 Fixed certification completon records affected by the reassignment bug
Patch TL-6790 in the March release of Totara changed the behaviour when
re-assigning users onto a certification. This patch repairs certification
completion records for users who were, before that patch, re-assigned and
ended up being unable to certify. All users which are identified by the
completion checker as "Program status should be 'Program incomplete' when
user is newly assigned. Program completion date should be empty when user
is newly assigned.", and have an "unassigned" historical completion record,
will have that historical record restored, as is the current behaviour when
reassigning users. Any records which do not meet these specific criteria,
or would be in an invalid state if the change was applied, will not be
affected and must be processed manually.
TL-8621 Fixed the progress bar on the Required learning page when Programs use "AND" courseset operators
TL-8667 Added functionality to fix duplicated Face-to-face notifications
In extremely rare cases the automatic notifications for Face-to-face are
being duplicated. If this happens, a warning box will appear for course
administrators on the session or notifications pages and it will be
possible to remove the duplicated notifications leaving only the required
ones.
TL-8696 Added a workaround for incorrect rendering of tables in pdf exports using wkhtmltopdf
TL-8721 Fixed the download file functionality for file pickers when using Internet Explorer
TL-8732 Fixed capability checks around suspended users within the course enrolment interfaces
TL-8753 Added an automatic fix for mismatched program and certification completion dates
The program completion date should match the certification completion date
when a user's certification is "Certified, before the window opens". To
repair records where the date is incorrect, this patch added an automated
fix which can be triggered to copy the certification completion date to the
program completion date. Relates to TL-9014.
TL-8764 Deleted orphaned course reminders for deleted courses
TL-8771 Removed duplicated Face-to-face event action icon titles
TL-8785 Removed the incorrect 'leave this page' warning when editing Feedback activity questions
TL-8788 Fixed the display of the program completion block when there are no programs visible
TL-8793 Reminders which are sent belonging to a user are now deleted when the user is deleted
TL-8807 Fixed search in the completion upload results report
TL-8867 Fixed the incorrect display of hidden positions and organisations during self registration
TL-8872 Fixed the ordering of the transaction logs in program and certification completion editors
TL-8919 Fixed incorrect id being used when preparing an overview for a SCORM activity
TL-8936 Fixed access to course/info.php when audience visibility is in use
TL-8942 Fixed test failures caused by a new timezone in Venezuela
TL-8960 Fixed an issue with creating courses, caused by a guest access setting
Previously if you set "require password" for the guest access enrolment
plugin, and set the plugin to add a new instance to all new courses. When
you then attempted to create a new course, the setting would not be copied
to the new course correctly.
TL-8969 Fixed an issue with the display of users fullnames and improved the internal documentation
In 2.6 and 2.7 the "fullnamedisplay" setting was incorrectly falling back
to the format specified in language pack. This has been reverted and the
overriding fallback happens only if the value "firstname" is specified in
the "fullnamedisplay" setting.
A new setting in 2.9 "alternativefullnameformat" has already resolved this
in a different way.
TL-8983 Fixed the repeating update of signup status for suspended and deleted users in Face-to-face
Previously a cancellation status update was written to the database for
each deleted or suspended user who had signed up to a Face-to-face session
prior to deletion/suspension, this happened every time cron ran.
Face-to-face now correctly checks if the user already has a cancellation
status and does not write a redundant duplicate status.
TL-8991 Fixed the wrong date being used to calculate the certification completion date
If a certification had a course set with more than one course, where not
all of the courses were required for completion. And before being assigned
to the certification, a user completed (manually or via course completion
upload) enough of the courses to complete the course set. The certification
completion date was being incorrectly calculated as the latest date of all
completed courses, rather than the maximum course set completion date. This
patch corrects this, and provides an automated fix (part of the
Certification completion editor) to repair any affected records.
TL-9017 Fixed the incorrect redirection to file serving scripts after interruption actions
This fix makes two changes:
1) File serving scripts no longer set themselves to the return URL if
triggered during an interruption action such as the user being forced to
change their password.
2) Blocks are no longer shown on the change password screen, it now uses
the "login" page layout, the same as the main login page.
TL-9021 Fixed a race condition when loading JavaScript for Totara dialogs
When in an appraisal there was a chance that dialogues were attempted to be
initialised before the dialog code was downloaded.
TL-9030 Fixed the removal of text formatting in the display of descriptions for Report builder reports
TL-9044 Fixed the calculation of substitute colours within the custom Totara responsive theme
In the Custom Totara responsive theme, there was an error in the text
colour calculation where it would always result in going to the dark
colour, regardless of what the background colour was. Now if the background
colour is dark, the text will be light
TL-9052 Fixed the status of notification templates when they were updated by a user
TL-9061 Fixed an error when double clicking on filters in the enhanced catalog
Contributions:
* Artur Poninski at Webanywhere - TL-8599
* Carlos Jurado at Kineo - TL-8960
* Chris Wharton at Catalyst NZ - TL-8867
* Davo Smith at Synergy Learning - TL-8788
* Francis Devine at Catalyst NZ - TL-8919
* Malgorzata Dziodzio at Webanywhere - TL-8376
* Stacey Walker at Catalyst EU - TL-8936
Release 2.7.15 (23rd May 2016):
Important:
TL-7818 Changed certification window opening to also reset RPL activities
Previously, when the recertification window opened, RPL course completions
were being reset, but RPL activity completions were not. This could cause
the situation where a course would re-complete due the RPL activity
completions, which in turn triggered certification completion. Depending on
certification settings, this could cause a repeating loop. Now, like
courses, RPL activity completions will also be reset when the
recertification window opens.
This change in behaviour brings Totara 2.5, 2.6 and 2.7 in line with 2.9
(which has had this change since 2.9.0).
TL-8973 Activity completions will now always reset on archive regardless of their visibility
When activity completions were archived during a certification window
opening, the completions for activities set to hidden were ignored and
would be retained. Activity completions are now archived regardless of
their visibility.
This patch also fixes an issue where Face-to-face completion data was not
being fully reset if the completion time of the Face-to-face activity was
changed to a later time.
This change means that after the archive_course_activities function is run,
any activities that should not be complete will have no record in the
course_modules_completion table, rather than have one which is set to
incomplete.
As well as affecting certification window opening, these changes will also
apply when using the archive completions function within a course.
Security issues:
TL-9057 Added sesskey checks when applying automatic fixes on the check completions page in the Program completion editor
Improvements:
TL-7993 Removed the obsolete 'Manager emails' settings from Face-to-face
TL-8237 Improved the reliability of behat in Firefox and Chrome using the latest version of Selenium
The behat integration has been tuned for the latest releases of Selenium.
Several old "hacks" made in Totara to get behat working have been removed
as the Selenium drivers have improved. This has greatly improved both the
performance and reliability of behat in core, though could have some impact
on any custom behat tests.
TL-8376 Refactored the Face-to-face completion state SQL to improve performance
TL-8665 Added an environment check for "always_populate_raw_post_data"
TL-8705 Improved how deleted users are being handled on the browse list of users page
The detection of legacy deleted users, checking that their email address
field is set to an MD5, has been improved by using a regular expression.
Users who have an invalid email address (without an @ symbol) will now show
in the user list on the "Browse list of users" page.
TL-9001 Backported mysqli improvement MDL-53944 for sql_cast_char2real()
TL-9020 Created initial Program and Certification completion transaction logs
If a user assigned to a Program or Certification did not have any
transaction logs, a snapshot log record will be created during upgrade.
Likewise, a certification settings snapshot will be created if none exists.
This will help with diagnosing future problems.
TL-9022 Added confirmation when applying automated fixes to program completions
When using the program or certification completion checker or editor, when
you activate one of the fixes, you will now need to confirm the action.
This is to prevent accidental clicks, and provides additional warnings.
TL-9033 Increased the form field lengths on the Certification settings form
Bug fixes:
TL-8247 Fixed missing history records when not overriding the current record during a course completion import
Previously if you ticked the override checkbox when uploading course
completions, but the most recent completion date in the upload was less
than the current completion date in an existing record, the upload would
ignore the first record and move straight on to the next one. That first
record is now placed into history instead.
TL-8389 Fixed an issue with empty variables inside aggregate questions
TL-8408 Fixed the Face-to-face user cancellation status by checking the user's current status, avoiding multiple cancellations
TL-8472 Fixed the Terms & Conditions dialog box for Face-to-face self approval
TL-8554 Fixed zero values for appraisals rating questions
Both positive and negative numbers are valid values for ratings questions
in Appraisals, but a lot of the validation checks were using !empty() which
caused problems when trying to use zero. These checks have been updated and
zero is now an acceptable value in both numeric and custom ratings
TL-8561 Changed the display of certification settings in the completion editor to use translatable strings
TL-8599 Corrected the completion time used for completion criteria based on completion of another course
Completion criteria based on completion of another course now use the
completion time of that course when setting the completion time of the
criteria, rather than using the time that the criteria was aggregated.
TL-8605 Fixed certification completon records affected by the reassignment bug
Patch TL-6790 in the March release of Totara changed the behaviour when
re-assigning users onto a certification. This patch repairs certification
completion records for users who were, before that patch, re-assigned and
ended up being unable to certify. All users which are identified by the
completion checker as "Program status should be 'Program incomplete' when
user is newly assigned. Program completion date should be empty when user
is newly assigned.", and have an "unassigned" historical completion record,
will have that historical record restored, as is the current behaviour when
reassigning users. Any records which do not meet these specific criteria,
or would be in an invalid state if the change was applied, will not be
affected and must be processed manually.
TL-8732 Fixed capability checks around suspended users within the course enrolment interfaces
TL-8753 Added an automatic fix for mismatched program and certification completion dates
The program completion date should match the certification completion date
when a user's certification is "Certified, before the window opens". To
repair records where the date is incorrect, this patch added an automated
fix which can be triggered to copy the certification completion date to the
program completion date. Relates to TL-9014.
TL-8764 Deleted orphaned course reminders for deleted courses
TL-8785 Removed the incorrect 'leave this page' warning when editing Feedback activity questions
TL-8793 Reminders which are sent belonging to a user are now deleted when the user is deleted
TL-8807 Fixed search in the completion upload results report
TL-8872 Fixed the ordering of the transaction logs in program and certification completion editors
TL-8881 Fixed html blocks from losing images when being customised.
TL-8942 Fixed test failures caused by a new timezone in Venezuela
TL-8969 Fixed an issue with the display of users fullnames and improved the internal documentation
In 2.6 and 2.7 the "fullnamedisplay" setting was incorrectly falling back
to the format specified in language pack. This has been reverted and the
overriding fallback happens only if the value "firstname" is specified in
the "fullnamedisplay" setting.
A new setting in 2.9 "alternativefullnameformat" has already resolved this
in a different way.
TL-8983 Fixed the repeating update of signup status for suspended and deleted users in Face-to-face
Previously a cancellation status update was written to the database for
each deleted or suspended user who had signed up to a Face-to-face session
prior to deletion/suspension, this happened every time cron ran.
Face-to-face now correctly checks if the user already has a cancellation
status and does not write a redundant duplicate status.
TL-8990 Backported upstream fixes for time zone related issues
TL-8991 Fixed the wrong date being used to calculate the certification completion date
If a certification had a course set with more than one course, where not
all of the courses were required for completion. And before being assigned
to the certification, a user completed (manually or via course completion
upload) enough of the courses to complete the course set. The certification
completion date was being incorrectly calculated as the latest date of all
completed courses, rather than the maximum course set completion date. This
patch corrects this, and provides an automated fix (part of the
Certification completion editor) to repair any affected records.
TL-9052 Fixed the status of notification templates when they were updated by a user
Contributions:
* Artur Poninski at Webanywhere - TL-8599
* Malgorzata Dziodzio at Webanywhere - TL-8376
Release 2.6.32 (23rd May 2016):
Important:
TL-7818 Changed certification window opening to also reset RPL activities
Previously, when the recertification window opened, RPL course completions
were being reset, but RPL activity completions were not. This could cause
the situation where a course would re-complete due the RPL activity
completions, which in turn triggered certification completion. Depending on
certification settings, this could cause a repeating loop. Now, like
courses, RPL activity completions will also be reset when the
recertification window opens.
This change in behaviour brings Totara 2.5, 2.6 and 2.7 in line with 2.9
(which has had this change since 2.9.0).
TL-8973 Activity completions will now always reset on archive regardless of their visibility
When activity completions were archived during a certification window
opening, the completions for activities set to hidden were ignored and
would be retained. Activity completions are now archived regardless of
their visibility.
This patch also fixes an issue where Face-to-face completion data was not
being fully reset if the completion time of the Face-to-face activity was
changed to a later time.
This change means that after the archive_course_activities function is run,
any activities that should not be complete will have no record in the
course_modules_completion table, rather than have one which is set to
incomplete.
As well as affecting certification window opening, these changes will also
apply when using the archive completions function within a course.
Security issues:
TL-8615 Added noreferred attribute to links set to open in a new tab or window
This is a backport of MDL-52651 to Totara 2.5.39, and 2.6.32
TL-9006 Locked user profile fields could be edited by the user despite being locked
TL-9008 Fixed an exploit with the window opened when working with SCORMS in new windows
This is a backport of MDL-53546 to Totara 2.2.47, 2.4.41, 2.5.39, and
2.6.32
TL-9009 Added a missing sesskey check to forum/markposts.php
This is a backport of MDL-53755 to Totara 2.2.47, 2.4.41, 2.5.39, and
2.6.32
TL-9010 Fixed capability checks when viewing a user's badges
This is a backport of MDL-53589 to Totara 2.4.41, 2.5.39, and 2.6.32
TL-9011 Backport MDL-51369 course idnumber is now correctly protected during restore
TL-9057 Added sesskey checks when applying automatic fixes on the check completions page in the Program completion editor
Improvements:
TL-7993 Removed the obsolete 'Manager emails' settings from Face-to-face
TL-8237 Improved the reliability of behat in Firefox and Chrome using the latest version of Selenium
The behat integration has been tuned for the latest releases of Selenium.
Several old "hacks" made in Totara to get behat working have been removed
as the Selenium drivers have improved. This has greatly improved both the
performance and reliability of behat in core, though could have some impact
on any custom behat tests.
TL-8376 Refactored the Face-to-face completion state SQL to improve performance
TL-9001 Backported mysqli improvement MDL-53944 for sql_cast_char2real()
TL-9020 Created initial Program and Certification completion transaction logs
If a user assigned to a Program or Certification did not have any
transaction logs, a snapshot log record will be created during upgrade.
Likewise, a certification settings snapshot will be created if none exists.
This will help with diagnosing future problems.
TL-9022 Added confirmation when applying automated fixes to program completions
When using the program or certification completion checker or editor, when
you activate one of the fixes, you will now need to confirm the action.
This is to prevent accidental clicks, and provides additional warnings.
Bug fixes:
TL-8247 Fixed missing history records when not overriding the current record during a course completion import
Previously if you ticked the override checkbox when uploading course
completions, but the most recent completion date in the upload was less
than the current completion date in an existing record, the upload would
ignore the first record and move straight on to the next one. That first
record is now placed into history instead.
TL-8415 Fixed audience enrolment sync
Suspended enrolments are now correctly reactivated when user becomes member
of audience again.
TL-8599 Corrected the completion time used for completion criteria based on completion of another course
Completion criteria based on completion of another course now use the
completion time of that course when setting the completion time of the
criteria, rather than using the time that the criteria was aggregated.
TL-8605 Fixed certification completon records affected by the reassignment bug
Patch TL-6790 in the March release of Totara changed the behaviour when
re-assigning users onto a certification. This patch repairs certification
completion records for users who were, before that patch, re-assigned and
ended up being unable to certify. All users which are identified by the
completion checker as "Program status should be 'Program incomplete' when
user is newly assigned. Program completion date should be empty when user
is newly assigned.", and have an "unassigned" historical completion record,
will have that historical record restored, as is the current behaviour when
reassigning users. Any records which do not meet these specific criteria,
or would be in an invalid state if the change was applied, will not be
affected and must be processed manually.
TL-8753 Added an automatic fix for mismatched program and certification completion dates
The program completion date should match the certification completion date
when a user's certification is "Certified, before the window opens". To
repair records where the date is incorrect, this patch added an automated
fix which can be triggered to copy the certification completion date to the
program completion date. Relates to TL-9014.
TL-8764 Deleted orphaned course reminders for deleted courses
TL-8872 Fixed the ordering of the transaction logs in program and certification completion editors
TL-8969 Fixed an issue with the display of users fullnames and improved the internal documentation
In 2.6 and 2.7 the "fullnamedisplay" setting was incorrectly falling back
to the format specified in language pack. This has been reverted and the
overriding fallback happens only if the value "firstname" is specified in
the "fullnamedisplay" setting.
A new setting in 2.9 "alternativefullnameformat" has already resolved this
in a different way.
TL-8991 Fixed the wrong date being used to calculate the certification completion date
If a certification had a course set with more than one course, where not
all of the courses were required for completion. And before being assigned
to the certification, a user completed (manually or via course completion
upload) enough of the courses to complete the course set. The certification
completion date was being incorrectly calculated as the latest date of all
completed courses, rather than the maximum course set completion date. This
patch corrects this, and provides an automated fix (part of the
Certification completion editor) to repair any affected records.
TL-9005 Fixed program enrolment messages not being sent
When users were becoming assigned to a program or certification due to
"first login" or "indirect" assignment (some action which was not manually
performed in the Assignments interface, such as when a user becomes a
member of an audience which is already assigned to a program), they were
not receiving any configured program enrolment messages. This has been
fixed. This patch does not retroactively send program/certification
enrolment messages that were missed.
Contributions:
* Artur Poninski at Webanywhere - TL-8599
* Malgorzata Dziodzio at Webanywhere - TL-8376
Release 2.5.39 (23rd May 2016):
Important:
TL-7818 Changed certification window opening to also reset RPL activities
Previously, when the recertification window opened, RPL course completions
were being reset, but RPL activity completions were not. This could cause
the situation where a course would re-complete due the RPL activity
completions, which in turn triggered certification completion. Depending on
certification settings, this could cause a repeating loop. Now, like
courses, RPL activity completions will also be reset when the
recertification window opens.
This change in behaviour brings Totara 2.5, 2.6 and 2.7 in line with 2.9
(which has had this change since 2.9.0).
TL-8973 Activity completions will now always reset on archive regardless of their visibility
When activity completions were archived during a certification window
opening, the completions for activities set to hidden were ignored and
would be retained. Activity completions are now archived regardless of
their visibility.
This patch also fixes an issue where Face-to-face completion data was not
being fully reset if the completion time of the Face-to-face activity was
changed to a later time.
This change means that after the archive_course_activities function is run,
any activities that should not be complete will have no record in the
course_modules_completion table, rather than have one which is set to
incomplete.
As well as affecting certification window opening, these changes will also
apply when using the archive completions function within a course.
Security issues:
TL-8615 Added noreferred attribute to links set to open in a new tab or window
This is a backport of MDL-52651 to Totara 2.5.39, and 2.6.32
TL-9008 Fixed an exploit with the window opened when working with SCORMS in new windows
This is a backport of MDL-53546 to Totara 2.2.47, 2.4.41, 2.5.39, and
2.6.32
TL-9009 Added a missing sesskey check to forum/markposts.php
This is a backport of MDL-53755 to Totara 2.2.47, 2.4.41, 2.5.39, and
2.6.32
TL-9010 Fixed capability checks when viewing a user's badges
This is a backport of MDL-53589 to Totara 2.4.41, 2.5.39, and 2.6.32
TL-9057 Added sesskey checks when applying automatic fixes on the check completions page in the Program completion editor
Improvements:
TL-7993 Removed the obsolete 'Manager emails' settings from Face-to-face
TL-8866 Increase the max year in date pickers to 2037
Due to the Year 2038 bug we can only increase this to 2037 in 2.5. See
https://en.wikipedia.org/wiki/Year_2038_problem for details on this issue.
TL-9020 Created initial Program and Certification completion transaction logs
If a user assigned to a Program or Certification did not have any
transaction logs, a snapshot log record will be created during upgrade.
Likewise, a certification settings snapshot will be created if none exists.
This will help with diagnosing future problems.
TL-9022 Added confirmation when applying automated fixes to program completions
When using the program or certification completion checker or editor, when
you activate one of the fixes, you will now need to confirm the action.
This is to prevent accidental clicks, and provides additional warnings.
Bug fixes:
TL-8605 Fixed certification completon records affected by the reassignment bug
Patch TL-6790 in the March release of Totara changed the behaviour when
re-assigning users onto a certification. This patch repairs certification
completion records for users who were, before that patch, re-assigned and
ended up being unable to certify. All users which are identified by the
completion checker as "Program status should be 'Program incomplete' when
user is newly assigned. Program completion date should be empty when user
is newly assigned.", and have an "unassigned" historical completion record,
will have that historical record restored, as is the current behaviour when
reassigning users. Any records which do not meet these specific criteria,
or would be in an invalid state if the change was applied, will not be
affected and must be processed manually.
TL-8753 Added an automatic fix for mismatched program and certification completion dates
The program completion date should match the certification completion date
when a user's certification is "Certified, before the window opens". To
repair records where the date is incorrect, this patch added an automated
fix which can be triggered to copy the certification completion date to the
program completion date. Relates to TL-9014.
TL-8764 Deleted orphaned course reminders for deleted courses
TL-8872 Fixed the ordering of the transaction logs in program and certification completion editors
TL-8991 Fixed the wrong date being used to calculate the certification completion date
If a certification had a course set with more than one course, where not
all of the courses were required for completion. And before being assigned
to the certification, a user completed (manually or via course completion
upload) enough of the courses to complete the course set. The certification
completion date was being incorrectly calculated as the latest date of all
completed courses, rather than the maximum course set completion date. This
patch corrects this, and provides an automated fix (part of the
Certification completion editor) to repair any affected records.
TL-9005 Fixed program enrolment messages not being sent
When users were becoming assigned to a program or certification due to
"first login" or "indirect" assignment (some action which was not manually
performed in the Assignments interface, such as when a user becomes a
member of an audience which is already assigned to a program), they were
not receiving any configured program enrolment messages. This has been
fixed. This patch does not retroactively send program/certification
enrolment messages that were missed.
Release 2.4.41 (23rd May 2016):
Security issues:
TL-9008 Fixed an exploit with the window opened when working with SCORMS in new windows
This is a backport of MDL-53546 to Totara 2.2.47, 2.4.41, 2.5.39, and
2.6.32
TL-9009 Added a missing sesskey check to forum/markposts.php
This is a backport of MDL-53755 to Totara 2.2.47, 2.4.41, 2.5.39, and
2.6.32
TL-9010 Fixed capability checks when viewing a user's badges
This is a backport of MDL-53589 to Totara 2.4.41, 2.5.39, and 2.6.32
Release 2.2.47 (23rd May 2016):
Security issues:
TL-9008 Fixed an exploit with the window opened when working with SCORMS in new windows
This is a backport of MDL-53546 to Totara 2.2.47, 2.4.41, 2.5.39, and
2.6.32
TL-9009 Added a missing sesskey check to forum/markposts.php
This is a backport of MDL-53755 to Totara 2.2.47, 2.4.41, 2.5.39, and
2.6.32