Hello everyone, The following versions of Totara Learn have now been released:
- Evergreen 20170621
- 9.8
- 2.9.20
- 2.7.28
- 2.6.45
- 2.5.52
- 2.4.52
Each release also includes bug fixes and improvements. Thanks to the following people for their contributions to this release:
- Artur Rietz at Webanywhere - TL-14271
- Barry Oosthuizen at Learning Pool - TL-14445
- Eugene Venter at Catalyst NZ - TL-10502, TL-9300
- Francis Devine at Catalyst NZ - TL-14430
- Michael Trio at Kineo UK - TL-14357
- Russell England at Kineo US - TL-14144
Sam Hemelryk
| SHA1 Checksum | Size (M) | Package |
|---|---|---|
| 5fa3e6509531dc2fc1a56fd0b814427f2fcf6a63 | 49M | evergreen-20170621.tar.gz |
| 6e171d704ec6fdf017166fab2235f2edcc46a913 | 53M | totaralms-9.8.tar.gz |
| c0ec87b36d40ae90e14dd0b89de9fce537e4c8ea | 49M | totaralms-2.9.20.tar.gz |
| b61d714402b5a76f4cd26b9c3325f5519174698a | 56M | totaralms-2.7.28.tar.gz |
| f2985429f6a18e92790ba84136140804ff85c608 | 51M | totaralms-2.6.45.tar.gz |
| 3243d0d0ad9d6707b66f60fb07738d8b2277a7d6 | 44M | totaralms-2.5.52.tar.gz |
| 7f40e63269e8477fb59e8c27732c79e96472c7d7 | 32M | totaralms-2.4.52.tar.gz |
Release Evergreen (21st June 2017):
Security issues:
TL-7289 Added environment check for XML External Entity Expansion
On upgrade or install, a check will be made to determine whether the
server's environment could be vulnerable to attackers including the
contents of external files via entities in user-supplied XML files. A
warning will only be shown if a vulnerability is identified. This check is
also available via the security report.
New features:
TL-8169 Added placeholders to Appraisal messages
Appraisal messages can now use placeholders that will be replaced with the
relevant information immediately prior to sending the message.
Please review the inproduct help when creating and editing appraisal
messages for a list of available placeholders.
Improvements:
TL-6009 Added additional columns to the Previous Certifications report source
The following columns were added: Status, Renewal status, Progress
(displayed as a progress bar)
The following filters were added: Status, Renewal status
TL-6553 Added "Time to complete" columns to the Course Completions report
Two new columns have been added to the Course Completions report:
* Time to complete (since start date)
* Time to complete (since enrol date)
TL-7693 Changed the notification url when an Evidence Type is added/edited to the list of all Evidence Types
TL-8939 Added audience member filter to all report sources that have user fields
TL-9224 Improved consistency of program exception restrictions
Previously some Programs code was still being executed on users with
exceptions, those places now check for valid user assignments before
processing the users. Some places identified were, the program completion
cron, the certification window opening cron, and the programs course
enrolment plugin.
TL-9300 Updated the Date/time custom field so that it is not enabled by default
Making the Date/time custom fields disabled by default prevents the field
from being set inadvertently. When the custom field is marked as required
the field will always be enabled and default to the present date.
TL-9775 Added Behat tests for Dynamic Audience Based Learning Plan creation
TL-10502 Renamed Record of learning navigation block to "Learning" (from "Learning plans")
TL-11264 Improved Atto editor autosave messaging and draft revert workflow
When a draft is automatically applied to an Editor, there is now a
page-level alert to let users know what has happened. In addition, the
default arrangement of toolbar icons now includes Undo/Redo which, when a
Draft is auto-applied, will toggle between original Database-saved content
and the Draft.
TL-11323 Added HTML labels to inputs when creating and reviewing learning plans
TL-11325 Added labels to the manage learning plan templates page
TL-11444 Added table headings when showing current forum subscribers
TL-12849 Improved alignment of the manage badges table
TL-14187 New featured links blocks will now display without a border by default
TL-14271 Fixed dynamic audience performance issue for user profile custom fields
TL-14288 Added logs relating to program and certification assignment changes
TL-14367 The login page now allows the configured registration plugin to control the onscreen signup message
TL-14375 Embedded reports may now define custom required columns
TL-14383 Improved performance of reportbuilder job assignment content restraints
TL-14385 Added checks for missing program and certification completion records
The program and certification completion checkers have been extended to
detect missing and unneeded program and certification completion records.
Automated fixes have been provided to allow admins to correct these
problems. After upgrade, you should use the completion checker to fix all
"Files" category problems which are reported (if any). After all problems
on the site have been fixed, if new problems are discovered then they
should be reported to Totara support.
TL-14429 Added support for relative dates in new forms in behat tests
TL-14430 Converted the Reportbuilder source directory cache into a defined cache
TL-14445 Added full details link to review items in Appraisals
When goals, objectives or competencies are selected for review in an
appraisal, a link will now be available which opens the full details of
that item in a new window. This link will only be shown if the user has
permission to view those details normally outside the appraisal.
This feature has only been added for the aforementioned review types so
far.
When adding items for review for any review questions, these items no
longer have their own collapsible header and will instead be collapsible
under the entire review question. Non-question elements such as fixed text,
fixed image and profile information also no longer have a collapsible
header as part of this change.
For any custom themes that impact on Appraisals or Feedback 360, it is
recommended that you review the appearance of these areas following
upgrade.
Bug fixes:
TL-10374 Fixed an Appraisal bug when trying to add a question without selecting a type
TL-12672 Fixed a php notice when saving data in location and textarea unique custom fields
TL-12769 Fixed disabling of multi-select custom fields when set to locked
There was an issue with multi-select custom fields when they were set to
locked. This would result in only the first check box being disabled or
none of the check boxes being disabled (this depended on the browser).
TL-14048 Fixed a bug resulting in duplicate entries in the "Record of Learning: Courses" report source
Previously the "Record of Learning: Courses" report source would show
duplicate records if no Learning Plan columns had been added to the
report.
This has been fixed and the "Record of Learning: Courses" report source now
correctly eliminates duplicates.
TL-14140 Fixed security report check for whether Flash animation is enabled
The security report was checking for an outdated config setting when
checking whether Flash animation (using swf files) was enabled. The correct
config setting is now checked.
Flash animation is no longer enabled by default on new installations of
Totara, however this is not changed during upgrade for existing sites. If
Flash animation is not required on your site, you are encouraged to review
the security report and disable Flash animation and/or the Multimedia
plugin if they are not required.
Flash animations, when enabled, could only be added by trusted users who
had capabilities marked with XSS risk.
TL-14144 Fixed ambiguous id column in course dialog when completion criteria is required
TL-14161 Fixed location of dropdown arrow when editing tags
TL-14224 Fixed the instance_config_save method in the featured links block
TL-14251 Fixed the display order of goal scale values on the my goals page
TL-14252 Fixed debug error when sending program messages with certain placeholders
Previously, if a program message (such as enrolment message) was sent out
for a user who was enrolled via multiple methods, and the message used the
%completioncriteria% or %duedate% placeholders, a debugging error is
thrown. This has now been fixed.
The %completioncriteria% placeholder was only designed to work when only
one enrolment method is in place for a user. Previously, the criteria
substituted into the email when a user did have multiple enrolment methods
was chosen randomly. Now the criteria will be taken from the enrolment with
the most recent assignment date/time.
TL-14272 Fixed program and certification course enrolment suspension
Due to a recent change, users were being unenrolled from courses after
completing the primary certification path, when the courses were not part
of recertification. This has now been fixed, and any user enrolments
incorrectly suspended will be restored automatically by the "Clean
enrolment plugins" scheduled task. This patch also greatly improves the
performance of this task.
TL-14289 Improved the layout when requesting a program extension from inside of a learning plan
TL-14291 Fixed user unassignment from programs and certifications
This patch includes several changes to the way program and certification
completion records are handled when users are unassigned. It includes
a fix for a problem that could occur when users are reassigned. It also
ensures that program and certification completion records are correctly
archived when a user is deleted (with the possibility of being undeleted),
rather than being left active.
TL-14301 Fixed validation of date form fields when nested inside a fieldset
TL-14309 Fixed missing embedded fallback font causing error when viewing certificate
TL-14315 Added HR Import check to ensure user's country code is two charters in length
TL-14335 Backup annotation no longer tries to write to the temp table it is currently reading from
Backup annotation handling was opening a recordset to a temporary table,
annotating over the results and writing to the same table while the
recordset was still open.
This was causing significant performance issues and occasional failures on
MSSQL.
Only large complex backups would be affected.
This change removes the code sequence responsible replacing it with batch
handling for the temp table.
TL-14350 Fixed invalid program due date when a user is assigned with an exception
This patch includes automated fixes which can be triggered in the program
and certification completion editors to fix affected records.
TL-14357 Fixed a problem with the self-enrolment method not allowing unauthenticated users to enrol in a course
TL-14365 Added missing $PAGE->set_url() calls when setting up a single activity course wiki
TL-14366 Fixed reference to renamed Feedback module table feedback_tracking
TL-14369 Auth plugins may now define external setting pages that do not require site config capability
TL-14371 Added missing use of format_string() in hierarchy filter text
TL-14381 Ensured the hierarchy filter displays any saved selections on page reload
TL-14387 Changes to [2.9.20]Face-to-face[2.9.20][9.8+10.0]Seminar[9.8+10.0] notification templates now update unchanged notifications
TL-14389 Improved the handling of incomplete AJAX requests when navigating away from a page
TL-14390 Fixed inconsistency in icon markup on Report Builder columns when replaced via AJAX
The markup of the icons for Delete, Move up and Move down were different
when loading the page (after clicking "Save changes") and when the icons
were replace via AJAX (eg. when deleting a row).
TL-14399 Fixed the "Manage searches" button in the Audience view report
TL-14400 Form selection elements now accept integers in current values
TL-14401 Removed incorrect link to the user profile in Report builder for missing data
TL-14402 Type is not added automatically to embedded report columns with default heading
TL-14411 Fixed reportbuilder exports for reports with embedded parameters
TL-14414 Fixed auto-update of saved searches list in report table block editing form
TL-14419 Fixed problems when restoring users to certifications
There were some rare circumstances where the incorrect data was being set
when a user was reassigned to a certification. The most common problem was
that the due date was missing on records that were in the "expired" state.
The cause of the various problems has been prevented. Records which have
already been affected can be identified using the certification completion
checker and corrected using the certification completion editor and/or
automated fixes.
TL-14426 Fixed dialog scroll when adding "Fixed image" questions to an appraisal
TL-14437 Added an automated fix for expired certifications missing a due date
An automated fix has been added to the certification completion editor.
When applied to expired completion records which are missing a due date, it
automatically sets the date to the latest certification completion history
expiry date which is before the current date. If no appropriate history
record is found then the due date must be set manually.
TL-14447 Fixed double html escaping when searching for course names that include special characters
TL-14672 Fixed permissions check for taking attendance within [2.7.28+2.9.20]Face-to-face sessions[2.7.28+2.9.20][9.8+10.0+Evergreen]Seminar events[9.8+10.0+Evergreen]
Previously it was not allowed to submit Seminar attendance without
mod/facetoface:addattendees or mod/facetoface:removeattendees permission.
Now mod/facetoface:takeattendance is enough.
TL-14686 Fixed a typo in a variable name used in organisation file type custom fields
TL-14690 Fixed error when creating a plan where a user has multiple jobs with duplicate position competencies.
API changes:
TL-14413 Added two new methods to the DML to fetch recordsets and a total count at the same time
Two new methods have been added to the DML that allow for a recordset to be
fetched and simultaneously a total count returned in single query.
The two new methods are:
* moodle_database::get_counted_recordset_sql
* moodle_database::get_counted_records_sql
Miscellaneous Moodle fixes:
TL-14565 MDL-57658: Fixed calendar unit tests
TL-14568 MDL-57429: Badges now uses the new openbadges authentication service
TL-14571 MDL-57994: Fixed "Number of announcements" course setting not reloading correctly
TL-14572 MDL-57254: Ensured Choice activity checks correctly when results should be displayed
TL-14573 MDL-57419: Hitting enter no longer sends messages within the messaging interfaces
TL-14575 MDL-37168: Fixed LTI activity quick edit title
TL-14576 MDL-58273: Fixed incorrect capability name used when enabling and disabling LDAP enrolment instances
TL-14579 MDL-58050: Fixes message transaction handling when the user has no messages
TL-14586 MDL-58257: Fixed course search when search query contains a hyphen
TL-14588 MDL-58160: Improved the performance of category caching
TL-14589 MDL-58325: Changes to site text editor settings are recorded in the config log
TL-14590 MDL-58227: Fixed error when getting most recently completed answers in feedback module
TL-14592 MDL-58264: Fixed incorrect SQL syntax in question engine
TL-14594 MDL-41809: Course grade items are now formatted using the course context
TL-14595 MDL-55499: Forum emails are now formatted using the correct context
TL-14598 MDL-58180: Ensured Statistics Role names are passed through the format_text function
TL-14599 MDL-58104: Fixed assignment bug in which attempt settings disappears when switching between attempts in grader interface
TL-14600 MDL-55939: Removed unnecessary permission check on site course during external service call
TL-14601 MDL-56370: Added back ability to change answers in Feedback module when not anonymous
TL-14602 MDL-57858: Fixed assignment bug in a scale grade was not updated
TL-14603 MDL-55950: Emails regarding completed feedbacks now link to only completed feedbacks
TL-14605 MDL-58489: Fixed coding bug in the OAuth upgrade token process when the authentication server cannot be reached
TL-14607 MDL-58461: Upgraded the MathJax library use a fixed CDN version
TL-14608 MDL-57616: Fixed drag and drop of media files to course page.
TL-14609 MDL-58555: Included web service name when making ajax requests
TL-14612 MDL-58171: Fixed use of multilang in Course participation report headers.
TL-14613 MDL-58244: Improved the logout process when using Shibboleth for authentication
TL-14616 MDL-58394: Fixed filter processing not respecting sort order in some cases
TL-14619 MDL-58486: Fixed lingering references to unset user preferences on the current user object
TL-14622 MDL-58559: Fixed a missing string error in the community block
TL-14624 MDL-58116: Forum emails are no longer sent by the noreply email address when they shouldn't be
TL-14626 MDL-58096: Optimised performance of Course statistics report when loading list of courses
TL-14628 MDL-58278: Fixed assignment bug in which data was not saved when marking workflow state as not released
TL-14633 MDL-58613: Prevented debug messages from being displayed in Workshop random allocation.
TL-14634 MDL-58636: Fixed incorrect drag and drop constraint in course management
TL-14636 MDL-57793: Improved Calendar repeating rule unit tests
TL-14637 MDL-58556: Fixed LDAP authentication creating forced password change loop
TL-14638 MDL-58668: Fixed how multi choice answers are processed in Lesson activity
TL-14639 MDL-54849: Fixed the 'move to next question' option in the Lesson activity
TL-14640 MDL-58691: Fixed define checking for external_settings used by web services
TL-14641 MDL-58372: Fixed error when loading files via WebDAV
TL-14642 MDL-57807: Fixed search in database activity when not selecting an option in a menu field type
When performing a search in the database activity leaving the option on
"custom-select" which is the default option will result in no results being
returned in the search. The change will now correctly return all matching
records treating the unselected option for the menu as a wildcard.
TL-14643 MDL-58698: JavaScript loads from language packs with 2 underscores (eg. en_us_k12)
TL-14644 MDL-58701: Used proper defaults for serving files when webserver is used in externallib constructor
TL-14645 MDL-58628: Fixed incorrect values being returned by mod_quiz_get_quizzes_by_courses quiz webservice when quiz is closed
TL-14650 MDL-55468: Added the option to export analysis to Excel back to the Feedback module
TL-14651 MDL-57704: Stopped forcing SSLv3 in LTI provider
SSLv3 is considered outdated and insecure so we shouldn't be enforcing the
use of it.
TL-14652 MDL-58172: Ensured responses export respects user identity fields setting and viewuseridentity capability
TL-14653 MDL-58635: Ensured external blog edits belongs to current user.
TL-14656 MDL-58650: Fixed messages being marked as read when user receives emails about them
TL-14657 MDL-50670: Fixed some default options not being correctly applied with custom course formats
TL-14658 MDL-58434: Correct display of user responses to numeric question type in Lessons.
TL-14659 MDL-35913: Front page layout is set before any output is sent
In some rare occurrences, the front page layout was being set after some
code had been displayed. This fix ensures the layout is set before any
output is sent
TL-14660 MDL-58772: Prevented anonymous answers from being overwritten in feedback module
TL-14663 MDL-58514: The assignment submission page and grading table now use consistent override logic
TL-14664 MDL-56675: Memcache is no longer used as the cache store in known bad configurations
There is a compatibility bug between the Memcached extension and the
Memcached server.
If you are using php-memcached extension > 3.0.1 and Memcached library >
1.4.22.
In this situation the cache will not be purged when required if the
configuration has been configured to facilitate a shared cache.
As this could lead to stale caches code has been amended to prevent the
memcached cache store from being used in situations where we know it is
affected.
TL-14665 MDL-58431: Fixed error in Lesson activity for the Jump to random content page option
TL-14670 MDL-58259: Added permission check for adding attachments to forum posts via web services
TL-14671 MDL-58807: The activity results block now correctly formats the activity name
Contributions:
* Artur Rietz at Webanywhere - TL-14271
* Barry Oosthuizen at Learning Pool - TL-14445
* Eugene Venter at Catalyst NZ - TL-9300, TL-10502
* Francis Devine at Catalyst NZ - TL-14430
* Michael Trio at Kineo UK - TL-14357
* Russell England at Kineo US - TL-14144
Release 9.8 (21st June 2017):
Security issues:
TL-7289 Added environment check for XML External Entity Expansion
On upgrade or install, a check will be made to determine whether the
server's environment could be vulnerable to attackers including the
contents of external files via entities in user-supplied XML files. A
warning will only be shown if a vulnerability is identified. This check is
also available via the security report.
Improvements:
TL-9224 Improved consistency of program exception restrictions
Previously some Programs code was still being executed on users with
exceptions, those places now check for valid user assignments before
processing the users. Some places identified were, the program completion
cron, the certification window opening cron, and the programs course
enrolment plugin.
TL-9300 Updated the Date/time custom field so that it is not enabled by default
Making the Date/time custom fields disabled by default prevents the field
from being set inadvertently. When the custom field is marked as required
the field will always be enabled and default to the present date.
TL-9775 Added Behat tests for Dynamic Audience Based Learning Plan creation
TL-10502 Renamed Record of learning navigation block to "Learning" (from "Learning plans")
TL-11264 Improved Atto editor autosave messaging and draft revert workflow
When a draft is automatically applied to an Editor, there is now a
page-level alert to let users know what has happened. In addition, the
default arrangement of toolbar icons now includes Undo/Redo which, when a
Draft is auto-applied, will toggle between original Database-saved content
and the Draft.
TL-11325 Added labels to the manage learning plan templates page
TL-11444 Added table headings when showing current forum subscribers
TL-14271 Fixed dynamic audience performance issue for user profile custom fields
TL-14288 Added logs relating to program and certification assignment changes
TL-14367 The login page now allows the configured registration plugin to control the onscreen signup message
TL-14375 Embedded reports may now define custom required columns
TL-14383 Improved performance of reportbuilder job assignment content restraints
TL-14385 Added checks for missing program and certification completion records
The program and certification completion checkers have been extended to
detect missing and unneeded program and certification completion records.
Automated fixes have been provided to allow admins to correct these
problems. After upgrade, you should use the completion checker to fix all
"Files" category problems which are reported (if any). After all problems
on the site have been fixed, if new problems are discovered then they
should be reported to Totara support.
TL-14429 Added support for relative dates in new forms in behat tests
TL-14430 Converted the Reportbuilder source directory cache into a defined cache
TL-14445 Added full details link to review items in Appraisals
When goals, objectives or competencies are selected for review in an
appraisal, a link will now be available which opens the full details of
that item in a new window. This link will only be shown if the user has
permission to view those details normally outside the appraisal.
This feature has only been added for the aforementioned review types so
far.
When adding items for review for any review questions, these items no
longer have their own collapsible header and will instead be collapsible
under the entire review question. Non-question elements such as fixed text,
fixed image and profile information also no longer have a collapsible
header as part of this change.
For any custom themes that impact on Appraisals or Feedback 360, it is
recommended that you review the appearance of these areas following
upgrade.
Bug fixes:
TL-10374 Fixed an Appraisal bug when trying to add a question without selecting a type
TL-12672 Fixed a php notice when saving data in location and textarea unique custom fields
TL-12769 Fixed disabling of multi-select custom fields when set to locked
There was an issue with multi-select custom fields when they were set to
locked. This would result in only the first check box being disabled or
none of the check boxes being disabled (this depended on the browser).
TL-14048 Fixed a bug resulting in duplicate entries in the "Record of Learning: Courses" report source
Previously the "Record of Learning: Courses" report source would show
duplicate records if no Learning Plan columns had been added to the
report.
This has been fixed and the "Record of Learning: Courses" report source now
correctly eliminates duplicates.
TL-14140 Fixed security report check for whether Flash animation is enabled
The security report was checking for an outdated config setting when
checking whether Flash animation (using swf files) was enabled. The correct
config setting is now checked.
Flash animation is no longer enabled by default on new installations of
Totara, however this is not changed during upgrade for existing sites. If
Flash animation is not required on your site, you are encouraged to review
the security report and disable Flash animation and/or the Multimedia
plugin if they are not required.
Flash animations, when enabled, could only be added by trusted users who
had capabilities marked with XSS risk.
TL-14144 Fixed ambiguous id column in course dialog when completion criteria is required
TL-14251 Fixed the display order of goal scale values on the my goals page
TL-14252 Fixed debug error when sending program messages with certain placeholders
Previously, if a program message (such as enrolment message) was sent out
for a user who was enrolled via multiple methods, and the message used the
%completioncriteria% or %duedate% placeholders, a debugging error is
thrown. This has now been fixed.
The %completioncriteria% placeholder was only designed to work when only
one enrolment method is in place for a user. Previously, the criteria
substituted into the email when a user did have multiple enrolment methods
was chosen randomly. Now the criteria will be taken from the enrolment with
the most recent assignment date/time.
TL-14272 Fixed program and certification course enrolment suspension
Due to a recent change, users were being unenrolled from courses after
completing the primary certification path, when the courses were not part
of recertification. This has now been fixed, and any user enrolments
incorrectly suspended will be restored automatically by the "Clean
enrolment plugins" scheduled task. This patch also greatly improves the
performance of this task.
TL-14289 Improved the layout when requesting a program extension from inside of a learning plan
TL-14291 Fixed user unassignment from programs and certifications
This patch includes several changes to the way program and certification
completion records are handled when users are unassigned. It includes
a fix for a problem that could occur when users are reassigned. It also
ensures that program and certification completion records are correctly
archived when a user is deleted (with the possibility of being undeleted),
rather than being left active.
TL-14309 Fixed missing embedded fallback font causing error when viewing certificate
TL-14315 Added HR Import check to ensure user's country code is two charters in length
TL-14335 Backup annotation no longer tries to write to the temp table it is currently reading from
Backup annotation handling was opening a recordset to a temporary table,
annotating over the results and writing to the same table while the
recordset was still open.
This was causing significant performance issues and occasional failures on
MSSQL.
Only large complex backups would be affected.
This change removes the code sequence responsible replacing it with batch
handling for the temp table.
TL-14350 Fixed invalid program due date when a user is assigned with an exception
This patch includes automated fixes which can be triggered in the program
and certification completion editors to fix affected records.
TL-14357 Fixed a problem with the self-enrolment method not allowing unauthenticated users to enrol in a course
TL-14365 Added missing $PAGE->set_url() calls when setting up a single activity course wiki
TL-14369 Auth plugins may now define external setting pages that do not require site config capability
TL-14371 Added missing use of format_string() in hierarchy filter text
TL-14381 Ensured the hierarchy filter displays any saved selections on page reload
TL-14387 Changes to [2.9.20]Face-to-face[2.9.20][9.8+10.0]Seminar[9.8+10.0] notification templates now update unchanged notifications
TL-14389 Improved the handling of incomplete AJAX requests when navigating away from a page
TL-14390 Fixed inconsistency in icon markup on Report Builder columns when replaced via AJAX
The markup of the icons for Delete, Move up and Move down were different
when loading the page (after clicking "Save changes") and when the icons
were replace via AJAX (eg. when deleting a row).
TL-14399 Fixed the "Manage searches" button in the Audience view report
TL-14400 Form selection elements now accept integers in current values
TL-14401 Removed incorrect link to the user profile in Report builder for missing data
TL-14411 Fixed reportbuilder exports for reports with embedded parameters
TL-14414 Fixed auto-update of saved searches list in report table block editing form
TL-14419 Fixed problems when restoring users to certifications
There were some rare circumstances where the incorrect data was being set
when a user was reassigned to a certification. The most common problem was
that the due date was missing on records that were in the "expired" state.
The cause of the various problems has been prevented. Records which have
already been affected can be identified using the certification completion
checker and corrected using the certification completion editor and/or
automated fixes - see TL-14437.
TL-14426 Fixed dialog scroll when adding "Fixed image" questions to an appraisal
TL-14437 Added an automated fix for expired certifications missing a due date
An automated fix has been added to the certification completion editor.
When applied to expired completion records which are missing a due date, it
automatically sets the date to the latest certification completion history
expiry date which is before the current date. If no appropriate history
record is found then the due date must be set manually.
TL-14447 Fixed double html escaping when searching for course names that include special characters
TL-14672 Fixed permissions check for taking attendance within [2.7.28+2.9.20]Face-to-face sessions[2.7.28+2.9.20][9.8+10.0+Evergreen]Seminar events[9.8+10.0+Evergreen]
Previously it was not allowed to submit Seminar attendance without
mod/facetoface:addattendees or mod/facetoface:removeattendees permission.
Now mod/facetoface:takeattendance is enough.
TL-14686 Fixed a typo in a variable name used in organisation file type custom fields
TL-14690 Fixed error when creating a plan where a user has multiple jobs with duplicate position competencies.
API changes:
TL-14413 Added two new methods to the DML to fetch recordsets and a total count at the same time
Two new methods have been added to the DML that allow for a recordset to be
fetched and simultaneously a total count returned in single query.
The two new methods are:
* moodle_database::get_counted_recordset_sql
* moodle_database::get_counted_records_sql
Contributions:
* Artur Rietz at Webanywhere - TL-14271
* Barry Oosthuizen at Learning Pool - TL-14445
* Eugene Venter at Catalyst NZ - TL-9300, TL-10502
* Francis Devine at Catalyst NZ - TL-14430
* Michael Trio at Kineo UK - TL-14357
* Russell England at Kineo US - TL-14144
Release 2.9.20 (21st June 2017):
Security issues:
TL-7289 Added environment check for XML External Entity Expansion
On upgrade or install, a check will be made to determine whether the
server's environment could be vulnerable to attackers including the
contents of external files via entities in user-supplied XML files. A
warning will only be shown if a vulnerability is identified. This check is
also available via the security report.
Improvements:
TL-9224 Improved consistency of program exception restrictions
Previously some Programs code was still being executed on users with
exceptions, those places now check for valid user assignments before
processing the users. Some places identified were, the program completion
cron, the certification window opening cron, and the programs course
enrolment plugin.
TL-9300 Updated the Date/time custom field so that it is not enabled by default
Making the Date/time custom fields disabled by default prevents the field
from being set inadvertently. When the custom field is marked as required
the field will always be enabled and default to the present date.
TL-10502 Renamed Record of learning navigation block to "Learning" (from "Learning plans")
TL-11264 Improved Atto editor autosave messaging and draft revert workflow
When a draft is automatically applied to an Editor, there is now a
page-level alert to let users know what has happened. In addition, the
default arrangement of toolbar icons now includes Undo/Redo which, when a
Draft is auto-applied, will toggle between original Database-saved content
and the Draft.
TL-14288 Added logs relating to program and certification assignment changes
TL-14385 Added checks for missing program and certification completion records
The program and certification completion checkers have been extended to
detect missing and unneeded program and certification completion records.
Automated fixes have been provided to allow admins to correct these
problems. After upgrade, you should use the completion checker to fix all
"Files" category problems which are reported (if any). After all problems
on the site have been fixed, if new problems are discovered then they
should be reported to Totara support.
Bug fixes:
TL-10374 Fixed an Appraisal bug when trying to add a question without selecting a type
TL-14140 Fixed security report check for whether Flash animation is enabled
The security report was checking for an outdated config setting when
checking whether Flash animation (using swf files) was enabled. The correct
config setting is now checked.
Flash animation is no longer enabled by default on new installations of
Totara, however this is not changed during upgrade for existing sites. If
Flash animation is not required on your site, you are encouraged to review
the security report and disable Flash animation and/or the Multimedia
plugin if they are not required.
Flash animations, when enabled, could only be added by trusted users who
had capabilities marked with XSS risk.
TL-14144 Fixed ambiguous id column in course dialog when completion criteria is required
TL-14251 Fixed the display order of goal scale values on the my goals page
TL-14252 Fixed debug error when sending program messages with certain placeholders
Previously, if a program message (such as enrolment message) was sent out
for a user who was enrolled via multiple methods, and the message used the
%completioncriteria% or %duedate% placeholders, a debugging error is
thrown. This has now been fixed.
The %completioncriteria% placeholder was only designed to work when only
one enrolment method is in place for a user. Previously, the criteria
substituted into the email when a user did have multiple enrolment methods
was chosen randomly. Now the criteria will be taken from the enrolment with
the most recent assignment date/time.
TL-14272 Fixed program and certification course enrolment suspension
Due to a recent change, users were being unenrolled from courses after
completing the primary certification path, when the courses were not part
of recertification. This has now been fixed, and any user enrolments
incorrectly suspended will be restored automatically by the "Clean
enrolment plugins" scheduled task. This patch also greatly improves the
performance of this task.
TL-14291 Fixed user unassignment from programs and certifications
This patch includes several changes to the way program and certification
completion records are handled when users are unassigned. It includes
a fix for a problem that could occur when users are reassigned. It also
ensures that program and certification completion records are correctly
archived when a user is deleted (with the possibility of being undeleted),
rather than being left active.
TL-14309 Fixed missing embedded fallback font causing error when viewing certificate
TL-14335 Backup annotation no longer tries to write to the temp table it is currently reading from
Backup annotation handling was opening a recordset to a temporary table,
annotating over the results and writing to the same table while the
recordset was still open.
This was causing significant performance issues and occasional failures on
MSSQL.
Only large complex backups would be affected.
This change removes the code sequence responsible replacing it with batch
handling for the temp table.
TL-14350 Fixed invalid program due date when a user is assigned with an exception
This patch includes automated fixes which can be triggered in the program
and certification completion editors to fix affected records.
TL-14351 Ensured all images in appraisal print previews are responsive
TL-14371 Added missing use of format_string() in hierarchy filter text
TL-14387 Changes to [2.9.20]Face-to-face[2.9.20][9.8+10.0]Seminar[9.8+10.0] notification templates now update unchanged notifications
TL-14389 Improved the handling of incomplete AJAX requests when navigating away from a page
TL-14399 Fixed the "Manage searches" button in the Audience view report
TL-14411 Fixed reportbuilder exports for reports with embedded parameters
TL-14419 Fixed problems when restoring users to certifications
There were some rare circumstances where the incorrect data was being set
when a user was reassigned to a certification. The most common problem was
that the due date was missing on records that were in the "expired" state.
The cause of the various problems has been prevented. Records which have
already been affected can be identified using the certification completion
checker and corrected using the certification completion editor and/or
automated fixes - see TL-14437.
TL-14426 Fixed dialog scroll when adding "Fixed image" questions to an appraisal
TL-14437 Added an automated fix for expired certifications missing a due date
An automated fix has been added to the certification completion editor.
When applied to expired completion records which are missing a due date, it
automatically sets the date to the latest certification completion history
expiry date which is before the current date. If no appropriate history
record is found then the due date must be set manually.
TL-14447 Fixed double html escaping when searching for course names that include special characters
TL-14672 Fixed permissions check for taking attendance within [2.7.28+2.9.20]Face-to-face sessions[2.7.28+2.9.20][9.8+10.0+Evergreen]Seminar events[9.8+10.0+Evergreen]
Previously it was not allowed to submit Seminar attendance without
mod/facetoface:addattendees or mod/facetoface:removeattendees permission.
Now mod/facetoface:takeattendance is enough.
TL-14708 Fixed course id for the notifications when restoring a Face-to-face
API changes:
TL-14413 Added two new methods to the DML to fetch recordsets and a total count at the same time
Two new methods have been added to the DML that allow for a recordset to be
fetched and simultaneously a total count returned in single query.
The two new methods are:
* moodle_database::get_counted_recordset_sql
* moodle_database::get_counted_records_sql
Contributions:
* Eugene Venter at Catalyst NZ - TL-9300, TL-10502
* Russell England at Kineo US - TL-14144
Release 2.7.28 (21st June 2017):
Security issues:
TL-7289 Added environment check for XML External Entity Expansion
On upgrade or install, a check will be made to determine whether the
server's environment could be vulnerable to attackers including the
contents of external files via entities in user-supplied XML files. A
warning will only be shown if a vulnerability is identified. This check is
also available via the security report.
Improvements:
TL-9224 Improved consistency of program exception restrictions
Previously some Programs code was still being executed on users with
exceptions, those places now check for valid user assignments before
processing the users. Some places identified were, the program completion
cron, the certification window opening cron, and the programs course
enrolment plugin.
TL-14385 Added checks for missing program and certification completion records
The program and certification completion checkers have been extended to
detect missing and unneeded program and certification completion records.
Automated fixes have been provided to allow admins to correct these
problems. After upgrade, you should use the completion checker to fix all
"Files" category problems which are reported (if any). After all problems
on the site have been fixed, if new problems are discovered then they
should be reported to Totara support.
Bug fixes:
TL-14140 Fixed security report check for whether Flash animation is enabled
The security report was checking for an outdated config setting when
checking whether Flash animation (using swf files) was enabled. The correct
config setting is now checked.
Flash animation is no longer enabled by default on new installations of
Totara, however this is not changed during upgrade for existing sites. If
Flash animation is not required on your site, you are encouraged to review
the security report and disable Flash animation and/or the Multimedia
plugin if they are not required.
Flash animations, when enabled, could only be added by trusted users who
had capabilities marked with XSS risk.
TL-14272 Fixed program and certification course enrolment suspension
Due to a recent change, users were being unenrolled from courses after
completing the primary certification path, when the courses were not part
of recertification. This has now been fixed, and any user enrolments
incorrectly suspended will be restored automatically by the "Clean
enrolment plugins" scheduled task. This patch also greatly improves the
performance of this task.
TL-14291 Fixed user unassignment from programs and certifications
This patch includes several changes to the way program and certification
completion records are handled when users are unassigned. It includes
a fix for a problem that could occur when users are reassigned. It also
ensures that program and certification completion records are correctly
archived when a user is deleted (with the possibility of being undeleted),
rather than being left active.
TL-14335 Backup annotation no longer tries to write to the temp table it is currently reading from
Backup annotation handling was opening a recordset to a temporary table,
annotating over the results and writing to the same table while the
recordset was still open.
This was causing significant performance issues and occasional failures on
MSSQL.
Only large complex backups would be affected.
This change removes the code sequence responsible replacing it with batch
handling for the temp table.
TL-14350 Fixed invalid program due date when a user is assigned with an exception
This patch includes automated fixes which can be triggered in the program
and certification completion editors to fix affected records.
TL-14399 Fixed the "Manage searches" button in the Audience view report
TL-14419 Fixed problems when restoring users to certifications
There were some rare circumstances where the incorrect data was being set
when a user was reassigned to a certification. The most common problem was
that the due date was missing on records that were in the "expired" state.
The cause of the various problems has been prevented. Records which have
already been affected can be identified using the certification completion
checker and corrected using the certification completion editor and/or
automated fixes - see TL-14437.
TL-14426 Fixed dialog scroll when adding "Fixed image" questions to an appraisal
TL-14437 Added an automated fix for expired certifications missing a due date
An automated fix has been added to the certification completion editor.
When applied to expired completion records which are missing a due date, it
automatically sets the date to the latest certification completion history
expiry date which is before the current date. If no appropriate history
record is found then the due date must be set manually.
TL-14672 Fixed permissions check for taking attendance within [2.7.28+2.9.20]Face-to-face sessions[2.7.28+2.9.20][9.8+10.0+Evergreen]Seminar events[9.8+10.0+Evergreen]
Previously it was not allowed to submit Seminar attendance without
mod/facetoface:addattendees or mod/facetoface:removeattendees permission.
Now mod/facetoface:takeattendance is enough.
TL-14708 Fixed course id for the notifications when restoring a Face-to-face
API changes:
TL-14413 Added two new methods to the DML to fetch recordsets and a total count at the same time
Two new methods have been added to the DML that allow for a recordset to be
fetched and simultaneously a total count returned in single query.
The two new methods are:
* moodle_database::get_counted_recordset_sql
* moodle_database::get_counted_records_sql
Release 2.6.45 (21st June 2017):
Security issues:
TL-7289 Added environment check for XML External Entity Expansion
On upgrade or install, a check will be made to determine whether the
server's environment could be vulnerable to attackers including the
contents of external files via entities in user-supplied XML files. A
warning will only be shown if a vulnerability is identified. This check is
also available via the security report.
Improvements:
TL-9224 Improved consistency of program exception restrictions
Previously some Programs code was still being executed on users with
exceptions, those places now check for valid user assignments before
processing the users. Some places identified were, the program completion
cron, the certification window opening cron, and the programs course
enrolment plugin.
TL-14385 Added checks for missing program and certification completion records
The program and certification completion checkers have been extended to
detect missing and unneeded program and certification completion records.
Automated fixes have been provided to allow admins to correct these
problems. After upgrade, you should use the completion checker to fix all
"Files" category problems which are reported (if any). After all problems
on the site have been fixed, if new problems are discovered then they
should be reported to Totara support.
Bug fixes:
TL-14140 Fixed security report check for whether Flash animation is enabled
The security report was checking for an outdated config setting when
checking whether Flash animation (using swf files) was enabled. The correct
config setting is now checked.
Flash animation is no longer enabled by default on new installations of
Totara, however this is not changed during upgrade for existing sites. If
Flash animation is not required on your site, you are encouraged to review
the security report and disable Flash animation and/or the Multimedia
plugin if they are not required.
Flash animations, when enabled, could only be added by trusted users who
had capabilities marked with XSS risk.
TL-14291 Fixed user unassignment from programs and certifications
This patch includes several changes to the way program and certification
completion records are handled when users are unassigned. It includes
a fix for a problem that could occur when users are reassigned. It also
ensures that program and certification completion records are correctly
archived when a user is deleted (with the possibility of being undeleted),
rather than being left active.
TL-14350 Fixed invalid program due date when a user is assigned with an exception
This patch includes automated fixes which can be triggered in the program
and certification completion editors to fix affected records.
TL-14399 Fixed the "Manage searches" button in the Audience view report
TL-14419 Fixed problems when restoring users to certifications
There were some rare circumstances where the incorrect data was being set
when a user was reassigned to a certification. The most common problem was
that the due date was missing on records that were in the "expired" state.
The cause of the various problems has been prevented. Records which have
already been affected can be identified using the certification completion
checker and corrected using the certification completion editor and/or
automated fixes.
TL-14708 Fixed course id for the notifications when restoring a Face-to-face
API changes:
TL-14413 Added two new methods to the DML to fetch recordsets and a total count at the same time
Two new methods have been added to the DML that allow for a recordset to be
fetched and simultaneously a total count returned in single query.
The two new methods are:
* moodle_database::get_counted_recordset_sql
* moodle_database::get_counted_records_sql
Release 2.5.52 (21st June 2017):
Improvements:
TL-9224 Improved consistency of program exception restrictions
Previously some Programs code was still being executed on users with
exceptions, those places now check for valid user assignments before
processing the users. Some places identified were, the program completion
cron, the certification window opening cron, and the programs course
enrolment plugin.
TL-14385 Added checks for missing program and certification completion records
The program and certification completion checkers have been extended to
detect missing and unneeded program and certification completion records.
Automated fixes have been provided to allow admins to correct these
problems. After upgrade, you should use the completion checker to fix all
"Files" category problems which are reported (if any). After all problems
on the site have been fixed, if new problems are discovered then they
should be reported to Totara support.
Bug fixes:
TL-14140 Fixed security report check for whether Flash animation is enabled
The security report was checking for an outdated config setting when
checking whether Flash animation (using swf files) was enabled. The correct
config setting is now checked.
Flash animation is no longer enabled by default on new installations of
Totara, however this is not changed during upgrade for existing sites. If
Flash animation is not required on your site, you are encouraged to review
the security report and disable Flash animation and/or the Multimedia
plugin if they are not required.
Flash animations, when enabled, could only be added by trusted users who
had capabilities marked with XSS risk.
TL-14291 Fixed user unassignment from programs and certifications
This patch includes several changes to the way program and certification
completion records are handled when users are unassigned. It includes
a fix for a problem that could occur when users are reassigned. It also
ensures that program and certification completion records are correctly
archived when a user is deleted (with the possibility of being undeleted),
rather than being left active.
TL-14350 Fixed invalid program due date when a user is assigned with an exception
This patch includes automated fixes which can be triggered in the program
and certification completion editors to fix affected records.
TL-14419 Fixed problems when restoring users to certifications
There were some rare circumstances where the incorrect data was being set
when a user was reassigned to a certification. The most common problem was
that the due date was missing on records that were in the "expired" state.
The cause of the various problems has been prevented. Records which have
already been affected can be identified using the certification completion
checker and corrected using the certification completion editor and/or
automated fixes.
TL-14708 Fixed course id for the notifications when restoring a Face-to-face
Release 2.4.52 (21st June 2017):
Bug fixes:
TL-14140 Fixed security report check for whether Flash animation is enabled
The security report was checking for an outdated config setting when
checking whether Flash animation (using swf files) was enabled. The correct
config setting is now checked.
Flash animation is no longer enabled by default on new installations of
Totara, however this is not changed during upgrade for existing sites. If
Flash animation is not required on your site, you are encouraged to review
the security report and disable Flash animation and/or the Multimedia
plugin if they are not required.
Flash animations, when enabled, could only be added by trusted users who
had capabilities marked with XSS risk.
TL-14708 Fixed course id for the notifications when restoring a Face-to-face