Totara Release Notes

Security releases for Totara 9.9, 2.9.21, 2.7.29, 2.6.46, 2.5.53, 2.4.53, and 2.2.58 released 19th July 2017

Security releases for Totara Evergreen 20170621, 9.8, 2.9.20, 2.7.28, 2.6.45, 2.5.52, and 2.4.52 released 21st June 2017
Security releases for Totara Learn 9.11, 2.9.23, 2.7.31, 2.6.48, 2.5.55, 2.4.55, and 2.2.60

Release 2.2.58 (19th July 2017):

Important:

TL-14946 The webdav_locks table has been dropped from the database

The webdav_locks table has been dropped from the database.
It is a legacy table from Totara 1.1 and has never been used in Totara 2 or
above.
It had already been dropped from Totara 9 and 10.
The decision was made to drop the table from stable branches as it
contained a field that was using a name that had become a reserved word in
modern databases.
By dropping this unused table we can help ensure that database upgrades
will not be problematic in the supported stable releases.

Security issues:

TL-12940 Applied account lockout threshold when using webservice authentication

Previously, the account lockout threshold, for number of incorrect
passwords, was not taken into account when webservice authentication was
being used. The account lockout functionality now applies to webservice
authentication. Please note that this refers to the authentication type
that allows users to log in with username and password, not when accessing
their account using a webservice token.

TL-12942 Stopped the supplied passwords being logged in failed web services authentication

When web service authentication was used, entries recorded to the logs for
failed log in attempts included the supplied password in plain text. This
is no longer recorded.

Enlace permanente | Mostrar mensaje anterior