Hello everyone,
The following versions of Totara have now been released:
- 9.1
- 2.9.13
- 2.7.21
- 2.6.38
- 2.5.45
- 2.4.47
- 2.2.53
These versions do contain security fixes and for this reason we strongly recommend upgrading.
Each release also includes bug fixes and improvements.
Thanks to the following people for their contributions to this release:
- Davo Smith at Synergy Learning - TL-10917
- Jo Jones at Kineo - TL-11157
Kind regards
Sam Hemelryk
SHA1 checksum | Size | Package |
---|---|---|
8d128b0ddc6d27242a42e7e31b24aa21f22b132b | 51M | totaralms-9.1.tar.gz |
d5209694c2da4482a75bb0ecaa3e08cb92f844e0 | 47M | totaralms-2.9.13.tar.gz |
8514bb3cb9922ef6583810d8c5a8d6be13feec67 | 56M | totaralms-2.7.21.tar.gz |
c5a443a6c9a3528df9f61efc78e2bedb42747fe6 | 50M | totaralms-2.6.38.tar.gz |
d52447ce70eaa513e95b700293b98052c53e3347 | 44M | totaralms-2.5.45.tar.gz |
312b3a03c6848b309e423c391e5bcdcd8d009da0 | 32M | totaralms-2.4.47.tar.gz |
f3293e1be301f3c78699a68988c0b779fe144145 | 26M | totaralms-2.2.53.tar.gz |
Release 9.1 (22nd November 2016): Important: TL-10252 Non-date picker uses of date picker strings changed to langconfig strings Code unrelated to date pickers has been updated to use strings from the langconfig language pack. Date picker strings should only be used in relation to date pickers. Code now using the langconfig strings will benefit from customisations made to those strings. Additionally, the lang string customfieldtextdateformat was added in totara_customfield. If you have customised the lang string datepickerlongyearregexphp then after upgrading you should change customfieldtextdateformat to your custom regular expression. TL-11112 The default encoding is now consistently set to UTF-8 Totara now sets UTF-8 as default encoding for PHP scripts to prevent hard to detect problems on sites with non-standard php.ini settings. There are no known problems in Totara, but this change may help with compatibility in external libraries and 3rd party plugins. TL-11114 Incompatible plugin updates and installer code was removed Totara LMS does not include an add-on installer, all additional plugins must be installed manually by server administrators. Before installing any additional plugins please make sure the code was tested with Totara LMS, is secure, is maintained by authors and contains phpunit and behat tests. Totara Learning Solutions support does not cover plugins that are not included in the standard distribution. TL-11157 Fixed data loss bug when learning plans are deleted under certain conditions This bug occurs under very specific circumstances. Due to the structure of the repository table involved, it is possible to have relationship data from different learning plans and even different components within the same learning plan co-existing within the same table. Originally, the system deleted relationships between learning plan components (e.g. course and objectives) using just the component identifier e.g. objective ID. However, in very rare situations, it is possible for the table to hold values from unrelated components which use the same identifier. When the system deleted a component using this identifier value alone *all* components associated with it were removed. Hence the data loss. The system now checks component type in addition to ID to prevent this happening. Security issues: TL-10752 Implemented additional checks within the Appraisal review ajax script TL-5178 Added a missing sesskey check to feedback/assignments.php TL-6615 Added a check for HTTP only cookies to the security report The HTTP only cookies setting restricts access to cookies by client side scripts in supported browsers making it more difficult to exploit any potential XSS vulnerabilities. TL-8849 Improved validation when managing Seminar custom fields Previously it was possible to view custom fields from areas outside of Seminars through the Seminar custom field management page. This page now properly verifies that the custom fields being requested belong to a Seminar area. Improvements: TL-10038 Added a warning entry into the HR Import import log if data contains a user that has their "HR import" setting disabled TL-10097 Removed whitespace when editing individual feedback 360 requests TL-10203 Improved efficiency when importing users that include dropdown menu profile field data A significant performance gain has been made when importing users through HR Import on sites that use drop down menu profile custom fields. The import process should now run much faster than before. TL-10292 Added a legend when exporting and importing questions by category or context from within the question bank TL-10627 Improved appraisal snapshot PDF rendering TL-10654 Improved display of username when viewing as another role TL-10681 Added an environment test for mbstring.func_overload to ensure it is not set Multibyte function overloading is not compatible with Totara. TL-10705 Improved the help text within Seminar when uploading attendees by CSV file TL-10731 Added setting to allow limiting of feedback reminders sent out A new setting has been added, 'reminder_maxtimesincecompletion', which can be used to limit the number of days after course completion in which feedback activity reminders will be sent. This may be used to prevent reminders being sent for historic course completions after they are imported via upload. TL-10782 Seminar direct enrolment instances within a course can now be manually removed when no longer wanted TL-10793 Improved support of RTL languages within Report builder reports in the new themes TL-10909 Improved wording of course activity reports visibility setting help TL-10917 Improved the performance of admin settings for PDF fonts TL-10947 Removed duplicated link in the My team block TL-10965 Improved program assignments to recognise changes in hierarchies related to 'all below' assignments Previously, if a change was made to a lower level of a hierarchy then the change did not trigger the deferred program assignment update. Instead, the change would not be applied until the program user assignments cron task was run. Now, the change immediately flags the related program for update and will be processed by the deferred program assignments task. TL-11001 Mark completion reaggregated after each record is processed Previously, completion_regular_task would first process all records which had a reaggregate flag greater than one, then finally set the flags on all the records to 0. Now, the reaggregate flag is set to 0 after each record is processed. TL-11026 Improved move left and move right functionality when editing a course TL-11041 Site level administrative approvers setting in Seminars has been relocated to Seminars > Global settings TL-11045 Seminar upcoming and previous headings are now the correct level TL-11051 The Seminar event "Add approver" button is now disabled when it is not relevant TL-11052 Changed text when removing users from a seminar event TL-9325 Moved the add event link within Seminar above the upcoming events display Bug fixes: TL-10108 Prevented program due messages being sent when the user is already complete This fix affects several messages: program due, program overdue, course set due and course set overdue. In programs and certifications, just before one of these messages is sent, a check is performed to ensure that the user hasn't completed the program or certification in the mean time. TL-10213 Reduced the number of joins in appraisal details report with scale value questions Multi-choice, single answer questions no longer need a join, while multi-choice, multi-select questions now require just one join per role per question (down from two). A consequence of this change is that multi-choice columns will no longer be sorted alphabetically in this report. Instead, if you sort a multi-choice column, the records will be shown in the same order as the options are defined and as they appear when completing the appraisal. MySQL is inherently limited to 61 joins, but now more questions can be added before this limit is reached. TL-10244 Removed unnecessary italic format from the my team block TL-10273 Removed unnecessary fieldset around forum search TL-10311 Controls in the element library now link to the same page TL-10320 Corrected the accessibility link between the Seminar event export label and it's select input TL-10331 Ensured URL custom fields are cleaned using PARAM_URL when uploaded via HR Import TL-10332 Added default behaviour of do not open in new window for URL custom fields when added or updated via HR Import TL-10360 Competency completion calculations now correctly look at previously completed courses Courses completed before the last time a competency is modified are now correctly considered for competency assignment TL-10687 Dock action icons now use the same colour as block actions in basis TL-10766 Fixed colour of legends and help icons in Kiwifruit responsive TL-10787 Fixed a php notice generated when a competency is added to a learning plan with optional courses TL-10819 Added code to re-run an upgrade step to delete report data for deleted users The issue was caused by TL-8711 and fixed by TL-10804 TL-10837 Added workaround for iOS 10 bug causing problems with video playback TL-10853 Ensured consistent spacing around the login info within the Basis theme footer TL-10891 Fixed overactive validation of Seminar cutoff against dates Previously when editing a Seminar event in which the current date was already within the cutoff period, if you attempted to edit the event you could not save because the cutoff was too close, even in situations when you were not changing the dates or the cutoff. Cutoff validation is now only applied when the dates are changing, or when the cutoff period is changing. TL-10901 Fixed missing course events from calendar when viewing all Previously, many events were being excluded from the calendar when being viewed by a user with the capability, moodle/calendar:manageentries, while the site setting, 'calendar_adminseesall' was turned on. The process of selecting events from courses to show in the calendar to fix this has been improved. However, for performance reasons, there is still a limit on how many courses have events shown in the calendar. This limit has been set at 50 courses by default. The limit can be adjusted using a new setting, calendar_adminallcourseslimit. See config-dist.php for more information on that setting. TL-10905 Stopped a duplicate error message from being displayed on the login screen when the session has expired TL-10910 Fixed required permissions for appraisals aggregate questions TL-10916 Fixed a debug error within the Current Learning block when images are added to the summary of a program or certification TL-10946 Removed false deprecation message for the viewmyteam string TL-10955 Fixed database error when generating a report with search columns TL-10956 Fixed the display of the marking guide editing interface Missing selectors from Totara's new themes have been added to now catch each type of advanced grading form; marking guide & Rubric. As themes continue to prefer CSS applied without the use of the 'style' attribute, the maximum grade form input has also had its explicit width removed. The Javascript calculation of textarea widths inside the form have also been simplified, with height now being the only value calculated & set. TL-10963 Added tabs to the seminar events and session report pages and ensured bookmarking of both pages can be achieved TL-10972 Deleting a Seminar now correctly removes orphaned notification records TL-10979 Ensured certification messages can be resent on subsequent recertifications This patch ensures that all applicable certification messages are reset when a user's recertification window opens, allowing them to be triggered again for that user. TL-10998 Removed inaccessible options in Program Administration block TL-11009 Fixed the display of learning plan courses within the Current Learning block after being enrolled in a course TL-11010 Fixed emails being sent to declined users when an event is closed TL-11020 Caused program completion to be checked on assignment Now, when users are assigned to programs and certifications, completion will immediately be calculated. If the user has already completed the courses required for program completion or certification, they will be marked complete. Previously, the user would have had to wait for the Program Completions scheduled task to run, which occurs once each night by default. This change also causes the first course set completion record to be correctly created. Previously, it was not created until the first course set was completed. Because it is being created at the correct time, course set due and overdue messages related to the first course set will now be correctly triggered. TL-11047 Fixed an incorrect capability check made when checking whether a user can manage dashboards TL-11060 Fixed a php notice generated within HR Sync when using the organisation or position elements TL-11087 Ensured that IE9 chunked stylesheet paths are correctly generated TL-11102 Fixed a timing issue in totara_core_webservice PHPUnit tests TL-11138 Provided an IE9 compatible fallback for the loading icon TL-7752 Fixed problems with program enrolment messages Program enrolment and unenrolment messages are now resent each time a user is assigned or unassigned, rather than just the first time either of those events occur. All program messages are now covered by automated tests. TL-9301 Fixed Seminar event functionality when the cancellationnote default custom field has been deleted TL-9846 Removed reference to deprecated variable when in a chat activity TL-9993 Fixed the display of images within textareas in Learning Plans and Record of Learning Evidence TL-9994 Stopped the actions column from being included when exporting Other Evidence report in the Record of Learning API changes: TL-9726 Added the system requirements for upgrades to Totara 10dev Contributions: * Davo Smith at Synergy Learning - TL-10917 * Jo Jones at Kineo - TL-11157
Release 2.9.13 (22nd November 2016): Important: TL-11157 Fixed data loss bug when learning plans are deleted under certain conditions This bug occurs under very specific circumstances. Due to the structure of the repository table involved, it is possible to have relationship data from different learning plans and even different components within the same learning plan co-existing within the same table. Originally, the system deleted relationships between learning plan components (e.g. course and objectives) using just the component identifier e.g. objective ID. However, in very rare situations, it is possible for the table to hold values from unrelated components which use the same identifier. When the system deleted a component using this identifier value alone *all* components associated with it were removed. Hence the data loss. The system now checks component type in addition to ID to prevent this happening. Security issues: TL-10752 Implemented additional checks within the Appraisal review ajax script TL-5178 Added a missing sesskey check to feedback/assignments.php TL-6615 Added a check for HTTP only cookies to the security report The HTTP only cookies setting restricts access to cookies by client side scripts in supported browsers making it more difficult to exploit any potential XSS vulnerabilities. Improvements: TL-10203 Improved efficiency when importing users that include dropdown menu profile field data A significant performance gain has been made when importing users through HR Import on sites that use drop down menu profile custom fields. The import process should now run much faster than before. TL-10627 Improved appraisal snapshot PDF rendering TL-10681 Added an environment test for mbstring.func_overload to ensure it is not set Multibyte function overloading is not compatible with Totara. TL-10731 Added setting to allow limiting of feedback reminders sent out A new setting has been added, 'reminder_maxtimesincecompletion', which can be used to limit the number of days after course completion in which feedback activity reminders will be sent. This may be used to prevent reminders being sent for historic course completions after they are imported via upload. TL-10782 Face-to-face direct enrolment instances within a course can now be manually removed when no longer wanted TL-10909 Improved wording of course activity reports visibility setting help TL-10917 Improved the performance of admin settings for PDF fonts TL-10965 Improved program assignments to recognise changes in hierarchies related to 'all below' assignments Previously, if a change was made to a lower level of a hierarchy then the change did not trigger the deferred program assignment update. Instead, the change would not be applied until the program user assignments cron task was run. Now, the change immediately flags the related program for update and will be processed by the deferred program assignments task. TL-11001 Mark completion reaggregated after each record is processed Previously, completion_regular_task would first process all records which had a reaggregate flag greater than one, then finally set the flags on all the records to 0. Now, the reaggregate flag is set to 0 after each record is processed. TL-9730 Allowed assign_user_position to manage roles in tests Previously when running tests, role assignments had to be set up manually, rather than using assign_user_position. Now, this function can set up the roles during tests. This will improve testing, as the roles can now be set up in tests using the same function that is used on live sites, rather than having to simulate that functionality, avoiding possible discrepancies between live code and test setup. Bug fixes: TL-10108 Prevented program due messages being sent when the user is already complete This fix affects several messages: program due, program overdue, course set due and course set overdue. In programs and certifications, just before one of these messages is sent, a check is performed to ensure that the user hasn't completed the program or certification in the mean time. TL-10213 Reduced the number of joins in appraisal details report with scale value questions Multi-choice, single answer questions no longer need a join, while multi-choice, multi-select questions now require just one join per role per question (down from two). A consequence of this change is that multi-choice columns will no longer be sorted alphabetically in this report. Instead, if you sort a multi-choice column, the records will be shown in the same order as the options are defined and as they appear when completing the appraisal. MySQL is inherently limited to 61 joins, but now more questions can be added before this limit is reached. TL-10360 Competency completion calculations now correctly look at previously completed courses Courses completed before the last time a competency is modified are now correctly considered for competency assignment TL-10819 Added code to re-run an upgrade step to delete report data for deleted users The issue was caused by TL-8711 and fixed by TL-10804 TL-10837 Added workaround for iOS 10 bug causing problems with video playback TL-10891 Fixed overactive validation of Face-to-face cutoff against dates Previously when editing a Face-to-face event in which the current date was already within the cutoff period, if you attempted to edit the event you could not save because the cutoff was too close, even in situations when you were not changing the dates or the cutoff. Cutoff validation is now only applied when the dates are changing, or when the cutoff period is changing. TL-10901 Fixed missing course events from calendar when viewing all Previously, many events were being excluded from the calendar when being viewed by a user with the capability, moodle/calendar:manageentries, while the site setting, 'calendar_adminseesall' was turned on. The process of selecting events from courses to show in the calendar to fix this has been improved. However, for performance reasons, there is still a limit on how many courses have events shown in the calendar. This limit has been set at 50 courses by default. The limit can be adjusted using a new setting, calendar_adminallcourseslimit. See config-dist.php for more information on that setting. TL-10910 Fixed required permissions for appraisals aggregate questions TL-10955 Fixed database error when generating a report with search columns TL-10972 Deleting a Face-to-face now correctly removes orphaned notification records TL-10979 Ensured certification messages can be resent on subsequent recertifications This patch ensures that all applicable certification messages are reset when a user's recertification window opens, allowing them to be triggered again for that user. TL-10998 Removed inaccessible options in Program Administration block TL-11020 Caused program completion to be checked on assignment Now, when users are assigned to programs and certifications, completion will immediately be calculated. If the user has already completed the courses required for program completion or certification, they will be marked complete. Previously, the user would have had to wait for the Program Completions scheduled task to run, which occurs once each night by default. This change also causes the first course set completion record to be correctly created. Previously, it was not created until the first course set was completed. Because it is being created at the correct time, course set due and overdue messages related to the first course set will now be correctly triggered. TL-11047 Fixed an incorrect capability check made when checking whether a user can manage dashboards TL-11070 Fixed disabled Appraisal message entry fields TL-11102 Fixed a timing issue in totara_core_webservice PHPUnit tests TL-11118 Fixed the display of the Declare Interest button for past Face-to-face sessions TL-1944 Corrected move left / right feature in the Face-to-face activity menu on the course page TL-7752 Fixed problems with program enrolment messages Program enrolment and unenrolment messages are now resent each time a user is assigned or unassigned, rather than just the first time either of those events occur. All program messages are now covered by automated tests. TL-9301 Fixed Face-to-face event functionality when the cancellationnote default custom field has been deleted TL-9993 Fixed the display of images within textareas in Learning Plans and Record of Learning Evidence TL-9994 Stopped the actions column from being included when exporting Other Evidence report in the Record of Learning API changes: TL-9726 Added the system requirements for upgrades to Totara 10dev Contributions: * Davo Smith at Synergy Learning - TL-10917 * Jo Jones at Kineo - TL-11157
Release 2.7.21 (22nd November 2016): Important: TL-11157 Fixed data loss bug when learning plans are deleted under certain conditions This bug occurs under very specific circumstances. Due to the structure of the repository table involved, it is possible to have relationship data from different learning plans and even different components within the same learning plan co-existing within the same table. Originally, the system deleted relationships between learning plan components (e.g. course and objectives) using just the component identifier e.g. objective ID. However, in very rare situations, it is possible for the table to hold values from unrelated components which use the same identifier. When the system deleted a component using this identifier value alone *all* components associated with it were removed. Hence the data loss. The system now checks component type in addition to ID to prevent this happening. Security issues: TL-10752 Implemented additional checks within the Appraisal review ajax script TL-5178 Added a missing sesskey check to feedback/assignments.php TL-6615 Added a check for HTTP only cookies to the security report The HTTP only cookies setting restricts access to cookies by client side scripts in supported browsers making it more difficult to exploit any potential XSS vulnerabilities. Improvements: TL-10681 Added an environment test for mbstring.func_overload to ensure it is not set Multibyte function overloading is not compatible with Totara. TL-9730 Allowed assign_user_position to manage roles in tests Previously when running tests, role assignments had to be set up manually, rather than using assign_user_position. Now, this function can set up the roles during tests. This will improve testing, as the roles can now be set up in tests using the same function that is used on live sites, rather than having to simulate that functionality, avoiding possible discrepancies between live code and test setup. Bug fixes: TL-10360 Competency completion calculations now correctly look at previously completed courses Courses completed before the last time a competency is modified are now correctly considered for competency assignment TL-10819 Added code to re-run an upgrade step to delete report data for deleted users The issue was caused by TL-8711 and fixed by TL-10804 TL-10837 Added workaround for iOS 10 bug causing problems with video playback TL-10891 Fixed overactive validation of Face-to-face cutoff against dates Previously when editing a Face-to-face event in which the current date was already within the cutoff period, if you attempted to edit the event you could not save because the cutoff was too close, even in situations when you were not changing the dates or the cutoff. Cutoff validation is now only applied when the dates are changing, or when the cutoff period is changing. TL-10901 Fixed missing course events from calendar when viewing all Previously, many events were being excluded from the calendar when being viewed by a user with the capability, moodle/calendar:manageentries, while the site setting, 'calendar_adminseesall' was turned on. The process of selecting events from courses to show in the calendar to fix this has been improved. However, for performance reasons, there is still a limit on how many courses have events shown in the calendar. This limit has been set at 50 courses by default. The limit can be adjusted using a new setting, calendar_adminallcourseslimit. See config-dist.php for more information on that setting. TL-10910 Fixed required permissions for appraisals aggregate questions TL-10955 Fixed database error when generating a report with search columns TL-10972 Deleting a Face-to-face now correctly removes orphaned notification records TL-11070 Fixed disabled Appraisal message entry fields TL-11102 Fixed a timing issue in totara_core_webservice PHPUnit tests TL-11118 Fixed the display of the Declare Interest button for past Face-to-face sessions TL-11127 Fixed embedded images used within the description of a personal goal Previously when editing a personal goal which had an embedded image in its description the image would be broken within the editor. It would display correctly however when viewing the personal goal. It is now displayed correctly when editing as well. TL-1944 Corrected move left / right feature in the Face-to-face activity menu on the course page TL-9301 Fixed Face-to-face event functionality when the cancellationnote default custom field has been deleted API changes: TL-9726 Added the system requirements for upgrades to Totara 10dev Contributions: * Jo Jones at Kineo - TL-11157
Release 2.6.38 (22nd November 2016): Important: TL-11157 Fixed data loss bug when learning plans are deleted under certain conditions This bug occurs under very specific circumstances. Due to the structure of the repository table involved, it is possible to have relationship data from different learning plans and even different components within the same learning plan co-existing within the same table. Originally, the system deleted relationships between learning plan components (e.g. course and objectives) using just the component identifier e.g. objective ID. However, in very rare situations, it is possible for the table to hold values from unrelated components which use the same identifier. When the system deleted a component using this identifier value alone *all* components associated with it were removed. Hence the data loss. The system now checks component type in addition to ID to prevent this happening. Security issues: TL-10752 Implemented additional checks within the Appraisal review ajax script TL-5174 Fixed access controls around feedback360 requests TL-5178 Added a missing sesskey check to feedback/assignments.php TL-6615 Added a check for HTTP only cookies to the security report The HTTP only cookies setting restricts access to cookies by client side scripts in supported browsers making it more difficult to exploit any potential XSS vulnerabilities. Improvements: TL-10681 Added an environment test for mbstring.func_overload to ensure it is not set Multibyte function overloading is not compatible with Totara. TL-9730 Allowed assign_user_position to manage roles in tests Previously when running tests, role assignments had to be set up manually, rather than using assign_user_position. Now, this function can set up the roles during tests. This will improve testing, as the roles can now be set up in tests using the same function that is used on live sites, rather than having to simulate that functionality, avoiding possible discrepancies between live code and test setup. Bug fixes: TL-10360 Competency completion calculations now correctly look at previously completed courses Courses completed before the last time a competency is modified are now correctly considered for competency assignment TL-10837 Added workaround for iOS 10 bug causing problems with video playback TL-10955 Fixed database error when generating a report with search columns TL-11065 Fixed zip archive handling edge case when using PHP 5.6 TL-11066 Backported compatibility fixes for PostgreSQL 9.5 TL-11127 Fixed embedded images used within the description of a personal goal Previously when editing a personal goal which had an embedded image in its description the image would be broken within the editor. It would display correctly however when viewing the personal goal. It is now displayed correctly when editing as well. API changes: TL-9726 Added the system requirements for upgrades to Totara 10dev Contributions: * Jo Jones at Kineo - TL-11157
Release 2.5.45 (22nd November 2016): Important: TL-11157 Fixed data loss bug when learning plans are deleted under certain conditions This bug occurs under very specific circumstances. Due to the structure of the repository table involved, it is possible to have relationship data from different learning plans and even different components within the same learning plan co-existing within the same table. Originally, the system deleted relationships between learning plan components (e.g. course and objectives) using just the component identifier e.g. objective ID. However, in very rare situations, it is possible for the table to hold values from unrelated components which use the same identifier. When the system deleted a component using this identifier value alone *all* components associated with it were removed. Hence the data loss. The system now checks component type in addition to ID to prevent this happening. Security issues: TL-10752 Implemented additional checks within the Appraisal review ajax script TL-5174 Fixed access controls around feedback360 requests TL-5178 Added a missing sesskey check to feedback/assignments.php TL-6615 Added a check for HTTP only cookies to the security report The HTTP only cookies setting restricts access to cookies by client side scripts in supported browsers making it more difficult to exploit any potential XSS vulnerabilities. Improvements: TL-10681 Added an environment test for mbstring.func_overload to ensure it is not set Multibyte function overloading is not compatible with Totara. TL-9730 Allowed assign_user_position to manage roles in tests Previously when running tests, role assignments had to be set up manually, rather than using assign_user_position. Now, this function can set up the roles during tests. This will improve testing, as the roles can now be set up in tests using the same function that is used on live sites, rather than having to simulate that functionality, avoiding possible discrepancies between live code and test setup. Bug fixes: TL-10837 Added workaround for iOS 10 bug causing problems with video playback TL-11065 Fixed zip archive handling edge case when using PHP 5.6 TL-11066 Backported compatibility fixes for PostgreSQL 9.5 TL-11127 Fixed embedded images used within the description of a personal goal Previously when editing a personal goal which had an embedded image in its description the image would be broken within the editor. It would display correctly however when viewing the personal goal. It is now displayed correctly when editing as well. API changes: TL-9726 Added the system requirements for upgrades to Totara 10dev Contributions: * Jo Jones at Kineo - TL-11157
Release 2.4.47 (22nd November 2016): Important: TL-11157 Fixed data loss bug when learning plans are deleted under certain conditions This bug occurs under very specific circumstances. Due to the structure of the repository table involved, it is possible to have relationship data from different learning plans and even different components within the same learning plan co-existing within the same table. Originally, the system deleted relationships between learning plan components (e.g. course and objectives) using just the component identifier e.g. objective ID. However, in very rare situations, it is possible for the table to hold values from unrelated components which use the same identifier. When the system deleted a component using this identifier value alone *all* components associated with it were removed. Hence the data loss. The system now checks component type in addition to ID to prevent this happening. Security issues: TL-6615 Added a check for HTTP only cookies to the security report The HTTP only cookies setting restricts access to cookies by client side scripts in supported browsers making it more difficult to exploit any potential XSS vulnerabilities. Improvements: TL-10681 Added an environment test for mbstring.func_overload to ensure it is not set Multibyte function overloading is not compatible with Totara. Bug fixes: TL-11065 Fixed zip archive handling edge case when using PHP 5.6 TL-11066 Backported compatibility fixes for PostgreSQL 9.5 API changes: TL-9726 Added the system requirements for upgrades to Totara 10dev Contributions: * Jo Jones at Kineo - TL-11157
Release 2.2.53 (22nd November 2016): Important: TL-11157 Fixed data loss bug when learning plans are deleted under certain conditions This bug occurs under very specific circumstances. Due to the structure of the repository table involved, it is possible to have relationship data from different learning plans and even different components within the same learning plan co-existing within the same table. Originally, the system deleted relationships between learning plan components (e.g. course and objectives) using just the component identifier e.g. objective ID. However, in very rare situations, it is possible for the table to hold values from unrelated components which use the same identifier. When the system deleted a component using this identifier value alone *all* components associated with it were removed. Hence the data loss. The system now checks component type in addition to ID to prevent this happening. Security issues: TL-6615 Added a check for HTTP only cookies to the security report The HTTP only cookies setting restricts access to cookies by client side scripts in supported browsers making it more difficult to exploit any potential XSS vulnerabilities. Improvements: TL-10681 Added an environment test for mbstring.func_overload to ensure it is not set Multibyte function overloading is not compatible with Totara. API changes: TL-9726 Added the system requirements for upgrades to Totara 10dev Contributions: * Jo Jones at Kineo - TL-11157