Totara Release Notes

Totara 1.1.28, 2.2.33, 2.4.24, 2.5.21 and 2.6.14 released 17th November 2014 (Security releases)

 
Simon Coggins
Totara 1.1.28, 2.2.33, 2.4.24, 2.5.21 and 2.6.14 released 17th November 2014 (Security releases)
von Simon Coggins – Sunday, 16 November 2014, 6:51 PM
Gruppe Totara
Today we are doing an extra release of all supported branches as a new Moodle release has been announced which includes quite a few important security fixes.
 
We are also announcing some changes to our minor release schedule. From now on we are moving to monthly minor releases, with simultaneous releases of all supported branches on the same day.
 
This approach is better for managing security releases (since all versions are released together), will allow us to streamline our release processes and improve QA. It should also make it easier for partners to manage upgrades as they can rely on one update each month, rather than staggered releases almost every week.
 
As before, we will provide unscheduled 'emergency' releases if a particularly critical bug or security issue is discovered between scheduled releases. We are also happy to provide patch files for specific bugs if required so you can apply them to your own site before the official release.
 
Totara 1.1.28, Totara 2.2.33, Totara 2.4.24, Totara 2.5.21 and Totara 2.6.14 are all "security” releases because they include security fixes from Moodle. We recommend upgrading to these versions.
 
Here are the change logs:
 
 
Release 1.1.28 (14th November 2014):

==================================================
 
Security Fixes:
    
    Backported relevant security fixes from MoodleHQ 2.5.9. http://docs.moodle.org/dev/Moodle_2.5.9_release_notes
 
 
Release 2.2.33 (14th November 2014):
==================================================
 
Security Fixes:
    Backported relevant security fixes from MoodleHQ 2.5.9. http://docs.moodle.org/dev/Moodle_2.5.9_release_notes
 
Bug Fixes:
    T-13400        Fixed Program Completion report source displaying deleted programs
 
 
Release 2.4.24 (14th November 2014):
==================================================
 
Security issues:
    Backported relevant security fixes from MoodleHQ 2.5.9. http://docs.moodle.org/dev/Moodle_2.5.9_release_notes
 
Bug Fixes:
    T-10554        Fixed reportbuilder reports for old (2.2) and new Assignment modules
    T-13400        Fixed Program Completion report source displaying deleted programs
 
 
Release 2.5.21 (14th November 2014):
==================================================
 
Security issues:
    MoodleHQ       Security fixes from MoodleHQ http://docs.moodle.org/dev/Moodle_2.5.9_release_notes
    T-13465        Fixed access control when viewing archived certificates
    T-13145        Fixed potential security vulnerabilities when editing saved searches in Reportbuilder
    T-13146        Prevent guests from using the saved search feature in Reportbuilder
 
                   Totara's data manipulation policy is that guest users cannot make any
                   changes that will alter data
 
Improvements:
    T-11144        Backported MDL-39726 to improve performance of quiz backup/restoration
 
Bug Fixes:
    T-13462        Fixed Program assignments based on the position start event.
 
                   This fixes a bug that was introduced recently. To fix affected
                   programs (those with "Completion time unknown" exceptions, where the
                   students have valid positions and start times), click "Save changes" in the
                   assignments tab of each affected program.
 
    T-13375        Fixed restoring deleted users and assigning them as managers in the same user sync
 
                   When syncing users and position assignments, sync will now process the
                   position assignments after all user creation/updates/deletion.
 
    T-13371        Fixed incorrect calculation of manual course enrolment durations
 
                   SCOPE: when users were enrolled onto a course manually and an enrollment
                   duration was set, the calculation of the end date was incorrect if the
                   enrollment period crossed a daylight-savings boundary.
 
                   IMPACT: manual enrollment periods may have had an end date that was
                   incorrect by one hour
 
    T-13137        Fixed capability check in totara_course_is_viewable function
    T-13406        Ensured url property is set on reports before displaying report list
    T-13229        Fixed RPL course completion records being deleted when activity is updated
    T-13400        Fixed Program Completion report source displaying deleted programs
    T-12985        Fixed setting of default user for course badge creators when restoring a course backup
    T-13404        Fixed evidence filter not working in the Evidence report source
    T-13358        Fixed program extension requests which had been approved being overriden by cron
    T-13457        Fixed incorrect enrolment start dates when uploading course completion records
 
                   When course completion records were uploaded using the coursecompletion
                   import tool, any user enrolment records created had a random start date in
                   2000. The enrolment start date is now the date of the course completion
                   import upload.
 
    T-12300        Fixed incorrect visibility of Facetoface sessions in the calendar
 
                   Made visibility of Facetoface sessions in the calendar match the visibility
                   of the course containing the Facetoface session, when audience visibility
                   is enabled.
 
    T-13511        Fixed upgrade errors when the activitynames filter is enabled
 
 
Release 2.6.14 (14th November 2014):
==================================================
 
Security issues:
    MoodleHQ       Security fixes from MoodleHQ http://docs.moodle.org/dev/Moodle_2.6.6_release_notes
    T-13465        Fixed access control when viewing archived certificates
    T-13145        Fixed potential security vulnerabilities when editing saved searches in Reportbuilder
    T-13146        Prevent guests from using the saved search feature in Reportbuilder
 
                   Totara's data manipulation policy is that guest users cannot make any
                   changes that will alter data
 
Bug Fixes:
    T-13529        Fixed fatal error when trying to view Course Completion Report
    T-13219        Fixed undefined index error when caching user report
    T-12300        Fixed incorrect visibility of Facetoface sessions in the calendar
 
                   Made visibility of Facetoface sessions in the calendar match the visibility
                   of the course containing the Facetoface session, when audience visibility
                   is enabled.
 
    T-13511        Fixed upgrade errors when the activitynames filter is enabled