Totara 2.5.10 is a "security" release, because it includes important fixes for potential security vulnerabilities. We recommend upgrading your site to this release.
Here's the changelog:
Release 2.5.10 (18th March 2014):
==================================================
Security Fixes:
MoodleHQ http://docs.moodle.org/dev/Moodle_2.5.5_release_notes
T-11970 Fixed defaults on upgrade settings page when execution paths are disabled
T-11770 Only display users email address in Totara dialogs if settings allow it
Improvements:
T-11936 Empty categories are no longer displayed when audience visibility enabled
T-11902 Improved performance of course import functionality for large sites
T-11877 Added an approval requested notification to the Facetoface sign up page if manage approval is required
T-11722 Made org and pos content restrictions consistent across report sources
T-11904 Improved performance of sql query deleting orphaned message metadata
Bug Fixes:
MDL-44547 Fixed incorrect version bump on Alfresco Repository plugin
T-10473 Fixed issues with scheduled report builder reports timing when sending across multiple timezones
T-11958 Fixed completion duration rules in Audiences
T-11960 Fixed issue when upgrading from 2.4 to 2.5 and isfilter field doesn't exist
T-11959 Added the right default values to the 'Default' label in Facetoface calendar filters settings
T-10159 Ensure course completion is turned on by default on installation
T-11838 Allowed position assign/start/end date rules to be used without position set
T-11953 Fixed issue with Program Completion rule in dynamic Audiences
T-11941 Global $CFG variable is now set in print_totara_user_profile function
T-11913 Fixed a tinyMCE layout issue in the 'Standard Totara Responsive' theme
T-11868 Fixed default capabilities allowing everyone to set their own temporary manager
T-11881 Feedback activity is now reset correctly when feedback hasn't been submitted but activity is still complete
T-11648 Ensure face to face activity completion is marked as soon as activity is complete
T-11937 List of audiences is now filtered by context
T-11952 Removed unnecessary tooltips to prevent secure content warning
T-11934 Fixed 'page not found' exception when marking courses as complete via RPL
T-11817 Fixed the 'Unlock completion criteria' option deleting RPL completion records
T-11572 Raised MSSQL environment check to 2008
T-11908 Fixed completion tracking when assigning courses to an Audience
T-11638 Fixed issue with multiple "Show editing tools" tabs appearing in TinyMCE
T-11849 Fixed Facetoface notifications being sent to all booked recipients when 'No shows only' option is selected
T-11863 Fixed Facetoface notifications not being sent to managers when users choose not to receive notifications