Totara 1.1.29, Totara 2.2.34, Totara 2.4.26, Totara 2.5.23 and Totara 2.6.16 are all "security” releases because they include security fixes from Moodle. We recommend upgrading to these versions. These versions also contain bug fixes and improvements.
Thanks to the team at Kineo UK for contributing to T-13477 Improved scalability for the program cron and reports
Here are the changelogs:
Release 2.6.16 (21st January 2015):
==================================================
Security issues:
MoodleHQ Security fixes from MoodleHQ http://docs.moodle.org/dev/Moodle_2.6.7_release_notes
Improvements:
T-12100 Added the ability to assign a certification to an audience under enrolled learning
T-13477 Improved scalability for the program cron and reports
Thanks to Kineo UK for providing the core of this patch
T-11141 Added the ability to use spaces in field names in a CSV file for Totara Sync
T-13653 Improved behaviour of Facetoface session duration in relation to session date/time
The session duration field is now disabled when session date/time is known,
and is automatically recalculated (as before) when the session is saved
API Changes:
T-13636 Fixed "from" address in Face-to-face waitlist emails when a user cancels their booking
The optional param $fromuser has been added to several
facetoface_user_signup and several Face-to-face notification functions.
Bug Fixes:
T-13647 Fixed Overall Total columns in Appraisal Detail report source
T-13552 Fixed duplicate records in Program Completion reports
This patch removes duplicate records from tables prog_completion and
prog_user_assignment. Deleted program completion records are archived in
prog_completion_history. Indexes are added to these tables to prevent
future duplication of records and discrepancies in the record of learning
and required learning reports.
T-13880 Fixed missing language string in Facetoface notifications
T-12679 Fixed completion date on a course with multiple Facetoface sessions
If a course contained a Facetoface session with multiple sessions where a
user could complete the activity multiple times (for example a course used
as part of a recurring certification) the course completion date would
always use the date of the earliest session the user completed, not their
most recent completion
T-13422 Fixed archiving of completion on certifications containing a Facetoface
In some circumstances if a certification path contained a course with a
Facetoface activity, course and activity completions would not be reset
properly when the recertification window opened, making it impossible to
recertify.
T-13819 Changed course completion criteria unlocking - no records are changed until save changes is clicked
Existing course completion records were being removed immediately upon
clicking the "Unlock criteria and delete existing completion data" button.
This change causes the deletion of data to be delayed until the Save
changes button is clicked. If the users changes their mind, they can click
Cancel to abort the data reset.
T-13835 Fixed SCORM retriggering course completion during certification archive
In some circumstances if a certification contained a course with a SCORM
activity, when the certification window opened course completion would not
be archived and reset properly.
T-13725 Fixed incorrect check when unassigning users from a program/certification
When removing users from certifications that were uploaded via the upload
completion tool, the role_assignments table was being checked, when the
correct check should be on prog_user_assignment.
T-13794 Fixed Face-to-face session dialog search for pre-defined rooms
T-13612 Made program position completion criteria consistent with audience rules
The existing Position Start Date program completion criteria was being
calculated using the time that the position was saved to the database, not
the Start Date field. Existing Position Start Date completion criteria have
been renamed to Position Assigned Date to reflect the actual behaviour. New
Position Start Date completion criteria will be calculated from the Start
Date field (which must be set, otherwise a "Completion time unknown"
exception will occur).
T-11643 Fixed display of error message if a program extension request fails
T-13822 Fixed additional name fields error on Learning Plan tab of Audiences
T-13756 Fixed email filters on User report source
Added a filter "User's Email (Ignoring user display setting)" and fixed
filtering on email addresses where the search term contained the @ symbol
T-13877 Fixed highlighting of signed-up sessions in Facetoface
T-13748 Fixed alert block visibility if configured to display when no alerts exist
T-13723 Fixed deletion of program categories
When managing the program catalog, trying to delete a program category
would not actually delete the category, and would also not give any error
message.
Release 2.5.23 (21st January 2015):
==================================================
Security issues:
MDL-47920 mod/lti/ajax.php security problems
MDL-48368 XSS in course request pending approval page
MDL-48329 Messages external functions doesn't check if messaging is enabled
MDL-48106 Multiple CSRF in mod glossary
MDL-48017 calendar/externallib.php lacks self::validate_context($context);
MDL-47964 Forced logout via auth/shibboleth/logout.php
MDL-48546 ReDOS in the multimedia filter
MDL-48748 Import fixed English strings (en_fix) into the main English pack
Improvements:
T-12100 Added the ability to assign a certification to an audience under enrolled learning
T-13477 Improved scalability for the program cron and reports
Thanks to Kineo UK for providing the core of this patch
T-11141 Added the ability to use spaces in field names in a CSV file for Totara Sync
T-13653 Improved behaviour of Facetoface session duration in relation to session date/time
The session duration field is now disabled when session date/time is known,
and is automatically recalculated (as before) when the session is saved
API Changes:
T-13636 Fixed "from" address in Face-to-face waitlist emails when a user cancels their booking
The optional param $fromuser has been added to several
facetoface_user_signup and several Face-to-face notification functions.
Bug Fixes:
T-13647 Fixed Overall Total columns in Appraisal Detail report source
T-13552 Fixed duplicate records in Program Completion reports
This patch removes duplicate records from tables prog_completion and
prog_user_assignment. Deleted program completion records are archived in
prog_completion_history. Indexes are added to these tables to prevent
future duplication of records and discrepancies in the record of learning
and required learning reports.
T-13880 Fixed missing language string in Facetoface notifications
T-12679 Fixed completion date on a course with multiple Facetoface sessions
If a course contained a Facetoface session with multiple sessions where a
user could complete the activity multiple times (for example a course used
as part of a recurring certification) the course completion date would
always use the date of the earliest session the user completed, not their
most recent completion
T-13422 Fixed archiving of completion on certifications containing a Facetoface
In some circumstances if a certification path contained a course with a
Facetoface activity, course and activity completions would not be reset
properly when the recertification window opened, making it impossible to
recertify.
T-13819 Changed course completion criteria unlocking - no records are changed until save changes is clicked
Existing course completion records were being removed immediately upon
clicking the "Unlock criteria and delete existing completion data" button.
This change causes the deletion of data to be delayed until the Save
changes button is clicked. If the users changes their mind, they can click
Cancel to abort the data reset.
T-13835 Fixed SCORM retriggering course completion during certification archive
In some circumstances if a certification contained a course with a SCORM
activity, when the certification window opened course completion would not
be archived and reset properly.
T-13725 Fixed incorrect check when unassigning users from a program/certification
When removing users from certifications that were uploaded via the upload
completion tool, the role_assignments table was being checked, when the
correct check should be on prog_user_assignment.
T-11643 Fixed display of error message if a program extension request fails
T-13756 Fixed email filters on User report source
Added a filter "User's Email (Ignoring user display setting)" and fixed
filtering on email addresses where the search term contained the @ symbol
Release 2.4.26 (21st January 2015):
==================================================
Security issues:
MDL-47920 mod/lti/ajax.php security problems
MDL-48106 Multiple CSRF in mod glossary
MDL-47964 Forced logout via auth/shibboleth/logout.php
MDL-48748 Import fixed English strings (en_fix) into the main English pack
MDL-48546 ReDOS in the multimedia filter
MDL-48368 XSS in course request pending approval page
API Changes:
T-13636 Fixed "from" address in Face-to-face waitlist emails when a user cancels their booking
The optional param $fromuser has been added to several
facetoface_user_signup and several Face-to-face notification functions.
Bug Fixes:
T-13552 Fixed duplicate records in Program Completion reports
This patch removes duplicate records from tables prog_completion and
prog_user_assignment. Deleted program completion records are archived in
prog_completion_history. Indexes are added to these tables to prevent
future duplication of records and discrepancies in the record of learning
and required learning reports.
T-13880 Fixed missing language string in Facetoface notifications
T-11643 Fixed display of error message if a program extension request fails
Release 2.2.34 (21st January 2015):
==================================================
Security Fixes:
MDL-47920 mod/lti/ajax.php security problems
MDL-48106 Multiple CSRF in mod glossary
MDL-47964 Forced logout via auth/shibboleth/logout.php
MDL-48748 Import fixed English strings (en_fix) into the main English pack
MDL-48368 XSS in course request pending approval page
Bug Fixes:
T-13552 Fixed duplicate records in Program Completion reports
This patch removes duplicate records from tables prog_completion and
prog_user_assignment. Deleted program completion records are archived in
prog_completion_history. Indexes are added to these tables to prevent
future duplication of records and discrepancies in the record of learning
and required learning reports.
Release 1.1.29 (21st January 2015):
==================================================
Security Fixes:
MDL-48106 Multiple CSRF in mod glossary
MDL-47964 Forced logout via auth/shibboleth/logout.php