Totara 2.2.30 has been released. It includes bug fixes, security fixes and the latest security patches from Moodle. We recommend upgrading to this version.


Release 2.2.30 (5th August 2014):
==================================================

Security issues:
    MDL-45616      Switched to json encoding instead of serialization in Repositories
    MDL-46148      Fixed potential remote code execution in Quiz
    MDL-45485      Fixed potential to take over another user's session in Shibboleth Authentication
    MDL-45760      Fixed the permissions check to occur before setting header in Course Notes
    MDL-45417      Fixed potential entity injections from package content in the imscp Module
    MDL-45463      Fixed potential XML entity injections from provider in the lti Module
    MDL-46223      Improved the rubric output of Grading
    T-12619        Improved sesskey checks throughout the system
    T-12745        Improved capability checks around Reportbuilder scheduled reports

Bug Fixes:
    T-12763        Fixed an undefined variable warning showing on the main page after install
    T-12568        Fixed blank password fields causing failures in Totara Sync