Totara 2.5.11 is a "security" release, because it includes important fixes for potential security vulnerabilities. We recommend upgrading your site to this release.
Here's the changelog:
Release 2.5.11 (1st April 2014):
==================================================
Security Fixes:
T-11770 Only display users email address in Totara dialogs if settings allow it
T-11998 Removed security-risk YUI libraries that are no longer used
Improvements:
T-9899 Removed 8-hour restriction so cron and scheduler work properly in Totara Sync
Bug Fixes:
T-12076 Fixed 'Approval Required' tab for admin accessibility if admin is not a manager
T-12074 Fixed 'usernotfound' error string in Learning Plans
T-12046 Fixed Facetoface error when upgrading to 2.5.10 from earlier branches
T-11986 Fixed recipients validation in send_to_users function when sending emails in Facetoface
T-12047 Fixed the Required Learning page not always displaying certifications as expected
T-12050 Fixed typo in the Audience Management ruleset
T-12049 Fixed required learning using the wrong date for certifications due date
T-12041 Fixed undefined method when searching for a program/certification
T-11945 Fixed issue with 'SCORM format' courses when popup window is closed. Note that this fix may require clearing the Moodle cache and user browser caches