Today we are doing an extra release of all supported branches as a new Moodle release has been announced which includes quite a few important security fixes.
We are also announcing some changes to our minor release schedule. From now on we are moving to monthly minor releases, with simultaneous releases of all supported branches on the same day.
This approach is better for managing security releases (since all versions are released together), will allow us to streamline our release processes and improve QA. It should also make it easier for partners to manage upgrades as they can rely on one update each month, rather than staggered releases almost every week.
As before, we will provide unscheduled 'emergency' releases if a particularly critical bug or security issue is discovered between scheduled releases. We are also happy to provide patch files for specific bugs if required so you can apply them to your own site before the official release.
Totara 1.1.28, Totara 2.2.33, Totara 2.4.24, Totara 2.5.21 and Totara 2.6.14 are all "security” releases because they include security fixes from Moodle. We recommend upgrading to these versions.
Here are the change logs:
Release 1.1.28 (14th November 2014):
==================================================
Security Fixes:
Backported relevant security fixes from MoodleHQ 2.5.9. http://docs.moodle.org/dev/Moodle_2.5.9_release_notes
Release 2.2.33 (14th November 2014):
==================================================
Security Fixes:
Backported relevant security fixes from MoodleHQ 2.5.9. http://docs.moodle.org/dev/Moodle_2.5.9_release_notes
Bug Fixes:
T-13400 Fixed Program Completion report source displaying deleted programs
Release 2.4.24 (14th November 2014):
==================================================
Security issues:
Backported relevant security fixes from MoodleHQ 2.5.9. http://docs.moodle.org/dev/Moodle_2.5.9_release_notes
Bug Fixes:
T-10554 Fixed reportbuilder reports for old (2.2) and new Assignment modules
T-13400 Fixed Program Completion report source displaying deleted programs
Release 2.5.21 (14th November 2014):
==================================================
Security issues:
MoodleHQ Security fixes from MoodleHQ http://docs.moodle.org/dev/Moodle_2.5.9_release_notes
T-13465 Fixed access control when viewing archived certificates
T-13145 Fixed potential security vulnerabilities when editing saved searches in Reportbuilder
T-13146 Prevent guests from using the saved search feature in Reportbuilder
Totara's data manipulation policy is that guest users cannot make any
changes that will alter data
Improvements:
T-11144 Backported MDL-39726 to improve performance of quiz backup/restoration
Bug Fixes:
T-13462 Fixed Program assignments based on the position start event.
This fixes a bug that was introduced recently. To fix affected
programs (those with "Completion time unknown" exceptions, where the
students have valid positions and start times), click "Save changes" in the
assignments tab of each affected program.
T-13375 Fixed restoring deleted users and assigning them as managers in the same user sync
When syncing users and position assignments, sync will now process the
position assignments after all user creation/updates/deletion.
T-13371 Fixed incorrect calculation of manual course enrolment durations
SCOPE: when users were enrolled onto a course manually and an enrollment
duration was set, the calculation of the end date was incorrect if the
enrollment period crossed a daylight-savings boundary.
IMPACT: manual enrollment periods may have had an end date that was
incorrect by one hour
T-13137 Fixed capability check in totara_course_is_viewable function
T-13406 Ensured url property is set on reports before displaying report list
T-13229 Fixed RPL course completion records being deleted when activity is updated
T-13400 Fixed Program Completion report source displaying deleted programs
T-12985 Fixed setting of default user for course badge creators when restoring a course backup
T-13404 Fixed evidence filter not working in the Evidence report source
T-13358 Fixed program extension requests which had been approved being overriden by cron
T-13457 Fixed incorrect enrolment start dates when uploading course completion records
When course completion records were uploaded using the coursecompletion
import tool, any user enrolment records created had a random start date in
2000. The enrolment start date is now the date of the course completion
import upload.
T-12300 Fixed incorrect visibility of Facetoface sessions in the calendar
Made visibility of Facetoface sessions in the calendar match the visibility
of the course containing the Facetoface session, when audience visibility
is enabled.
T-13511 Fixed upgrade errors when the activitynames filter is enabled
Release 2.6.14 (14th November 2014):
==================================================
Security issues:
MoodleHQ Security fixes from MoodleHQ http://docs.moodle.org/dev/Moodle_2.6.6_release_notes
T-13465 Fixed access control when viewing archived certificates
T-13145 Fixed potential security vulnerabilities when editing saved searches in Reportbuilder
T-13146 Prevent guests from using the saved search feature in Reportbuilder
Totara's data manipulation policy is that guest users cannot make any
changes that will alter data
Bug Fixes:
T-13529 Fixed fatal error when trying to view Course Completion Report
T-13219 Fixed undefined index error when caching user report
T-12300 Fixed incorrect visibility of Facetoface sessions in the calendar
Made visibility of Facetoface sessions in the calendar match the visibility
of the course containing the Facetoface session, when audience visibility
is enabled.
T-13511 Fixed upgrade errors when the activitynames filter is enabled