Totara Talent Experience Platform Release Notes

Totara Learn Evergreen-20200226, 12.15, 11.24, 10.30, 9.41, 2.9.50, 2.7.57 and 2.6.74

 
Sam Hemelryk
Totara Learn Evergreen-20200226, 12.15, 11.24, 10.30, 9.41, 2.9.50, 2.7.57 and 2.6.74
by Sam Hemelryk - Wednesday, 26 February 2020, 11:50 AM
Group Totara

Hello everyone,

The following versions of Totara Learn have now been released:

These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes bug fixes and improvements.

A big thanks to the following people for their contributions to this release:

  • Russell England at Kineo USA - TL-23625

Kind regardsSam Hemelryk

Release Evergreen (26th February 2020):


Key:           + Evergreen only

Important:

    TL-23764       Chrome 80: SameSite=None is now only set if you are using secure cookies and HTTPS

                   Prior to this change if you were not running your Totara site over HTTPS,
                   and upgraded to Chrome 80 then you not be able to log into your site.
                   This was because Chrome 80 was rejecting the cookie as it had the SameSite
                   attribute set to None and the Secure flag was not set (as you were not
                   running over HTTPS).
                   
                   After upgrading SameSite will be left for Chrome to default a value for.
                   You will be able to log in, but may find that third party content on your
                   site does not work.
                   In order to ensure that your site performs correctly please upgrade your
                   site to use HTTPS and enable the Secure Cookies setting within Totara if it
                   is not already enabled.


Security issues:

    TL-23950       Added sanitisation of send messages before they are displayed in messaging interface
    TL-24133       Ensured content was encoded before being used within aria-labels when viewing the users list

Performance improvements:

    TL-22894       Added course, program, and certification visibility map tables to improve performance of visibility-related queries

                   Previously, the database query used to compute which learning items were
                   visible to the user involved a large number of joins and subqueries to
                   resolve the roles held by the user in each context, and whether those roles
                   had the capability to view hidden items. Additionally, it did not take into
                   account the ability of admins to prohibit roles in category contexts.
                   
                   In some database management systems, particularly with large numbers of
                   courses and deep category trees, this approach resulted in unacceptable
                   performance. This was especially noticeable when computing the number of
                   items visible in each category in the 'Category' catalogue.
                   
                   With this patch, we now pre-compute which roles can see each course,
                   program, and certification in the system, and store the resulting
                   visibility maps in the database. The creation of this map is quick, and
                   greatly simplifies queries that involve visibility. It also improves
                   accuracy in sites that prohibit the capability to view hidden learning
                   items in some categories. 
                   
                   There is a new scheduled
                   task, totara_core\task\visibility_map_regenerate_all, which regenerates
                   the visibility maps every hour by default. Also, whenever a category,
                   learning item, or roles is updated, an ad_hoc task is queued to regenerate
                   the appropriate map(s). As such, there may be a delay between when changes
                   are made, and when items are considered hidden/visible to particular roles
                   by queries which check visibility.


Improvements:

    TL-19290       HTTP only cookies are now enabled by default
    TL-22721       Backported MDL-57968 core_message: Remove multiple unnecessary AJAX requests
    TL-23127       Removed redundant 'Enable' checkbox for temporary manager expiry date

                   Temporary managers must always have an expiry date.

    TL-23158       Added a new option 'CSV Grade format' to the 'Upload Completion Records' page

                   Also improved the override method to be able to choose from 'Never',
                   'Always' and 'Only if more recent'

    TL-23278       Improved UI for attendees with course completion archive records

                   Previously, if a trainer tried to remove seminar attendees with archived
                   course completions from seminar sessions, an error message appeared without
                   much explanation.
                   
                   The behaviour of seminar signups when course completion records are
                   archived is unusual, as most activity records are removed during the
                   completion archive process. Seminar signups must be kept in the system for
                   reporting purposes, so they are flagged as archived and considered to be
                   locked and unalterable. 
                   
                   This patch makes the following clarifications for trainers and admins
                   around archived seminar signups:
                    * Attendees with archived course completions are disabled in the 'Remove
                   users' form, so a trainer cannot select and remove them from the past
                   seminar sessions.
                    * On the 'Take attendance' page, the attendance fields of attendees with
                   archived course completions are locked and disabled, signifying that they
                   may not be changed.
                    * A warning message appears at the top of the 'Take attendance' page if
                   attendees with archived course completions are present, explaining why
                   attendance fields are disabled for some or all attendees. 

    TL-23683       Added support for activity tags in Seminar, SCORM, and Feedback modules
    TL-23691       Increased the width of the course selection menu in course completion settings so that longer course names are displayed in full
    TL-23832       Improved automated generation of label names

Bug fixes:

    TL-7631        Conditional fields when editing certification course sets are now correctly disabled when not relevant 
    TL-23072       Fixed columns and filters for course and audience tags in the report builder
    TL-23081       Prevented learners from requesting manager approval for seminar events that conflict with their existing approval requests

                   Previously when multiple seminar events existed with manager approval and
                   the same date and time, learners were able to request approval for
                   conflicting events. This caused confusion when managers tried to approve
                   the request but got date conflict errors instead.
                   
                   This patch ensures that learners can only request approval for seminars
                   that do not conflict with other seminars they have already requested
                   approval for.

    TL-23173       Fixed error displayed in report builder when user session timed out
    TL-23362       Stopped seminar manager reservation links from being displayed when sign-up period is not open
    TL-23420       Changed the 'Attendee name' column in seminar reports so that it displays 'Reserved' for manager reservations, instead of being blank
    TL-23577       Fixed URL validation in Totara Featured Links and Quick Links blocks to allow local URLs

                   With the release of Totara 12.9, URL validation in the Featured Link and
                   Quick Links blocks was changed to allow the use of grid catalogue URLs with
                   square brackets in the query part. The change removed the ability to use
                   local URLs (URIs starting with '/') in those blocks.
                   
                   This fix reenables support for local URLs. Any Featured Links static tiles
                   that were created with local URLs prior to Totara 12.9, and edited with
                   Totara 12.9+, will have been converted to a standard URL, and will need to
                   be manually edited after upgrade and converted back to a local URL.
                   
                   Additionally, this patch makes the URL field optional for Featured Links
                   static tiles, allowing the creation of tiles that are not linked.

    TL-23625       Fixed being able to uncheck 'Send to self' for Report Builder scheduled reports
    TL-23632       Removed access_token class which references invalid database table
    TL-23647       Fixed 'Declare interest' functionality when a user is booked onto a past event

                   Previously a "When no upcoming events are available" option is enabled for
                   Seminar, the "Declare interest" functionality worked for no upcoming events
                   and no past events if a user is booked onto a past event. Now it is fixed
                   and the user can declare interest if there are no upcoming events and the
                   user booked onto past events.

    TL-23654       Made sure that all courses (completed and in progress) are being reset during re-certification window open stage

                   The behaviour of manual completions archive remains unchanged (i.e. only
                   completions or completions via RPL are archived during manual course
                   reset).

    TL-23659       Fixed OAuth compatibility with login block
    TL-23672       The log in block now uses the correct Totara connect icon
    TL-23673       Made sure audience name is correctly formatted in the breadcrumbs on the Rule Sets page
    TL-23674       Fixed the display of server status on Totara Connect Servers page in administration

                   Previously the server status would not be correctly displayed for a server
                   where deletion was in progress.

    TL-23677       Changed the warning language string about column aggregations to soften the message
    TL-23740       Fixed compatibility with UUID PHP extension
    TL-23751       Made sure "Manage user reports" and "Manage embedded reports" can be added to the admin dropdown menu
    TL-23755       Prevent upload files link on HR Import CSV source settings pages showing when configuration is not complete

                   When the configuration is not complete clicking the link would result in an
                   error being shown. The link no longer shows until the minimum configuration
                   is completed.

    TL-23757       Blocks in the bottom region are now contained in a HTML element with "region-bottom" id

                   Previously this element had the HTML id "region-top"

    TL-23772       Made sure export controls in hierarchy frameworks are present only when at least one framework is exists and visible to a user
    TL-23776       Made sure aria-hidden works correctly on the YUI dialogues
    TL-23808       Fixed seminar manager reservations always being sent to booked state

                   Prior to this patch, seminar manager reservations were always given a
                   booked signup state, even if the seminar was set to send bookings to the
                   waitlist. 
                   
                   This has been fixed, and manager reservations are treated like other
                   signups. This patch also fixes a bug in the events dashboard that
                   misrepresented the number of wait-listed users on an overbooked event.

    TL-23834       Added horizontal scrolling to wiki revisions table
    TL-23852       The current learning block no longer triggers a re-aggregation of program courseset completion

                   The current learning block in some situations was causing program courseset
                   completion to be re-aggregated, leading to courseset completion time being
                   incorrectly updated if the courseset had already been completed.
                   This has been fixed and the courseset completion date is no longer updated
                   after it has been initially set.

    TL-23903       Fixed slot id generation when displaying multianswer (cloze) questions
    TL-23949       Added missing task name string for OAuth system token refresh task 

                   The name string for the OAuth2 system token refresh task was omitted from
                   TL-20583.


Contributions:

    *  Russell England at Kineo USA - TL-23625

Release 12.15 (26th February 2020):



Important:

    TL-23764       Chrome 80: SameSite=None is now only set if you are using secure cookies and HTTPS

                   Prior to this change if you were not running your Totara site over HTTPS,
                   and upgraded to Chrome 80 then you not be able to log into your site.
                   This was because Chrome 80 was rejecting the cookie as it had the SameSite
                   attribute set to None and the Secure flag was not set (as you were not
                   running over HTTPS).
                   
                   After upgrading SameSite will be left for Chrome to default a value for.
                   You will be able to log in, but may find that third party content on your
                   site does not work.
                   In order to ensure that your site performs correctly please upgrade your
                   site to use HTTPS and enable the Secure Cookies setting within Totara if it
                   is not already enabled.


Security issues:

    TL-23950       Added sanitisation of send messages before they are displayed in messaging interface
    TL-24133       Ensured content was encoded before being used within aria-labels when viewing the users list

Performance improvements:

    TL-22894       Added course, program, and certification visibility map tables to improve performance of visibility-related queries

                   Previously, the database query used to compute which learning items were
                   visible to the user involved a large number of joins and subqueries to
                   resolve the roles held by the user in each context, and whether those roles
                   had the capability to view hidden items. Additionally, it did not take into
                   account the ability of admins to prohibit roles in category contexts.
                   
                   In some database management systems, particularly with large numbers of
                   courses and deep category trees, this approach resulted in unacceptable
                   performance. This was especially noticeable when computing the number of
                   items visible in each category in the 'Category' catalogue.
                   
                   With this patch, we now pre-compute which roles can see each course,
                   program, and certification in the system, and store the resulting
                   visibility maps in the database. The creation of this map is quick, and
                   greatly simplifies queries that involve visibility. It also improves
                   accuracy in sites that prohibit the capability to view hidden learning
                   items in some categories. 
                   
                   There is a new scheduled
                   task, totara_core\task\visibility_map_regenerate_all, which regenerates
                   the visibility maps every hour by default. Also, whenever a category,
                   learning item, or roles is updated, an ad_hoc task is queued to regenerate
                   the appropriate map(s). As such, there may be a delay between when changes
                   are made, and when items are considered hidden/visible to particular roles
                   by queries which check visibility.


Improvements:

    TL-19290       HTTP only cookies are now enabled by default
    TL-22721       Backported MDL-57968 core_message: Remove multiple unnecessary AJAX requests
    TL-23127       Removed redundant 'Enable' checkbox for temporary manager expiry date

                   Temporary managers must always have an expiry date.

    TL-23158       Added a new option 'CSV Grade format' to the 'Upload Completion Records' page

    TL-23278       Improved UI for attendees with course completion archive records

                   Previously, if a trainer tried to remove seminar attendees with archived
                   course completions from seminar sessions, an error message appeared without
                   much explanation.
                   
                   The behaviour of seminar signups when course completion records are
                   archived is unusual, as most activity records are removed during the
                   completion archive process. Seminar signups must be kept in the system for
                   reporting purposes, so they are flagged as archived and considered to be
                   locked and unalterable. 
                   
                   This patch makes the following clarifications for trainers and admins
                   around archived seminar signups:
                    * Attendees with archived course completions are disabled in the 'Remove
                   users' form, so a trainer cannot select and remove them from the past
                   seminar sessions.
                    * On the 'Take attendance' page, the attendance fields of attendees with
                   archived course completions are locked and disabled, signifying that they
                   may not be changed.
                    * A warning message appears at the top of the 'Take attendance' page if
                   attendees with archived course completions are present, explaining why
                   attendance fields are disabled for some or all attendees. 

    TL-23683       Added support for activity tags in Seminar, SCORM, and Feedback modules
    TL-23691       Increased the width of the course selection menu in course completion settings so that longer course names are displayed in full
    TL-23832       Improved automated generation of label names

Bug fixes:

    TL-7631        Conditional fields when editing certification course sets are now correctly disabled when not relevant 
    TL-23072       Fixed columns and filters for course and audience tags in the report builder
    TL-23081       Prevented learners from requesting manager approval for seminar events that conflict with their existing approval requests

                   Previously when multiple seminar events existed with manager approval and
                   the same date and time, learners were able to request approval for
                   conflicting events. This caused confusion when managers tried to approve
                   the request but got date conflict errors instead.
                   
                   This patch ensures that learners can only request approval for seminars
                   that do not conflict with other seminars they have already requested
                   approval for.

    TL-23173       Fixed error displayed in report builder when user session timed out
    TL-23362       Stopped seminar manager reservation links from being displayed when sign-up period is not open
    TL-23420       Changed the 'Attendee name' column in seminar reports so that it displays 'Reserved' for manager reservations, instead of being blank
    TL-23577       Fixed URL validation in Totara Featured Links and Quick Links blocks to allow local URLs

                   With the release of Totara 12.9, URL validation in the Featured Link and
                   Quick Links blocks was changed to allow the use of grid catalogue URLs with
                   square brackets in the query part. The change removed the ability to use
                   local URLs (URIs starting with '/') in those blocks.
                   
                   This fix reenables support for local URLs. Any Featured Links static tiles
                   that were created with local URLs prior to Totara 12.9, and edited with
                   Totara 12.9+, will have been converted to a standard URL, and will need to
                   be manually edited after upgrade and converted back to a local URL.

    TL-23625       Fixed being able to uncheck 'Send to self' for Report Builder scheduled reports
    TL-23632       Removed access_token class which references invalid database table
    TL-23647       Fixed 'Declare interest' functionality when a user is booked onto a past event

                   Previously a "When no upcoming events are available" option is enabled for
                   Seminar, the "Declare interest" functionality worked for no upcoming events
                   and no past events if a user is booked onto a past event. Now it is fixed
                   and the user can declare interest if there are no upcoming events and the
                   user booked onto past events.

    TL-23654       Made sure that all courses (completed and in progress) are being reset during re-certification window open stage

                   The behaviour of manual completions archive remains unchanged (i.e. only
                   completions or completions via RPL are archived during manual course
                   reset).

    TL-23659       Fixed OAuth compatibility with login block
    TL-23672       The log in block now uses the correct Totara connect icon
    TL-23673       Made sure audience name is correctly formatted in the breadcrumbs on the Rule Sets page
    TL-23674       Fixed the display of server status on Totara Connect Servers page in administration

                   Previously the server status would not be correctly displayed for a server
                   where deletion was in progress.

    TL-23677       Changed the warning language string about column aggregations to soften the message
    TL-23740       Fixed compatibility with UUID PHP extension
    TL-23751       Made sure "Manage user reports" and "Manage embedded reports" can be added to the admin dropdown menu
    TL-23755       Prevent upload files link on HR Import CSV source settings pages showing when configuration is not complete

                   When the configuration is not complete clicking the link would result in an
                   error being shown. The link no longer shows until the minimum configuration
                   is completed.

    TL-23757       Blocks in the bottom region are now contained in a HTML element with "region-bottom" id

                   Previously this element had the HTML id "region-top"

    TL-23772       Made sure export controls in hierarchy frameworks are present only when at least one framework is exists and visible to a user
    TL-23776       Made sure aria-hidden works correctly on the YUI dialogues
    TL-23808       Fixed seminar manager reservations always being sent to booked state

                   Prior to this patch, seminar manager reservations were always given a
                   booked signup state, even if the seminar was set to send bookings to the
                   waitlist. 
                   
                   This has been fixed, and manager reservations are treated like other
                   signups. This patch also fixes a bug in the events dashboard that
                   misrepresented the number of wait-listed users on an overbooked event.

    TL-23834       Added horizontal scrolling to wiki revisions table
    TL-23852       The current learning block no longer triggers a re-aggregation of program courseset completion

                   The current learning block in some situations was causing program courseset
                   completion to be re-aggregated, leading to courseset completion time being
                   incorrectly updated if the courseset had already been completed.
                   This has been fixed and the courseset completion date is no longer updated
                   after it has been initially set.

    TL-23903       Fixed slot id generation when displaying multianswer (cloze) questions
    TL-23949       Added missing task name string for OAuth system token refresh task 

                   The name string for the OAuth2 system token refresh task was omitted from
                   TL-20583.


Contributions:

    *  Russell England at Kineo USA - TL-23625

Release 11.24 (26th February 2020):



Important:

    TL-23764       Chrome 80: SameSite=None is now only set if you are using secure cookies and HTTPS

                   Prior to this change if you were not running your Totara site over HTTPS,
                   and upgraded to Chrome 80 then you not be able to log into your site.
                   This was because Chrome 80 was rejecting the cookie as it had the SameSite
                   attribute set to None and the Secure flag was not set (as you were not
                   running over HTTPS).
                   
                   After upgrading SameSite will be left for Chrome to default a value for.
                   You will be able to log in, but may find that third party content on your
                   site does not work.
                   In order to ensure that your site performs correctly please upgrade your
                   site to use HTTPS and enable the Secure Cookies setting within Totara if it
                   is not already enabled.


Security issues:

    TL-23950       Added sanitisation of send messages before they are displayed in messaging interface
    TL-24133       Ensured content was encoded before being used within aria-labels when viewing the users list

Improvements:

    TL-23127       Removed redundant 'Enable' checkbox for temporary manager expiry date

                   Temporary managers must always have an expiry date.

    TL-23683       Added support for activity tags in Seminar, SCORM, and Feedback modules
    TL-23691       Increased the width of the course selection menu in course completion settings so that longer course names are displayed in full
    TL-23832       Improved automated generation of label names

Bug fixes:

    TL-7631        Conditional fields when editing certification course sets are now correctly disabled when not relevant 
    TL-23072       Fixed columns and filters for course and audience tags in the report builder
    TL-23173       Fixed error displayed in report builder when user session timed out
    TL-23625       Fixed being able to uncheck 'Send to self' for Report Builder scheduled reports
    TL-23647       Fixed 'Declare interest' functionality when a user is booked onto a past event

                   Previously a "When no upcoming events are available" option is enabled for
                   Seminar, the "Declare interest" functionality worked for no upcoming events
                   and no past events if a user is booked onto a past event. Now it is fixed
                   and the user can declare interest if there are no upcoming events and the
                   user booked onto past events.

    TL-23673       Made sure audience name is correctly formatted in the breadcrumbs on the Rule Sets page
    TL-23740       Fixed compatibility with UUID PHP extension
    TL-23768       Added manager reservations to seminar wait-list report
    TL-23852       The current learning block no longer triggers a re-aggregation of program courseset completion

                   The current learning block in some situations was causing program courseset
                   completion to be re-aggregated, leading to courseset completion time being
                   incorrectly updated if the courseset had already been completed.
                   This has been fixed and the courseset completion date is no longer updated
                   after it has been initially set.

    TL-23871       The quiz navigation block now correctly scrolls you to a question when clicking on the question navigation link

                   This is a backport of Moodle MDL-65883

    TL-23903       Fixed slot id generation when displaying multianswer (cloze) questions

Contributions:

    *  Russell England at Kineo USA - TL-23625

Release 10.30 (26th February 2020):



Important:

    TL-23764       Chrome 80: SameSite=None is now only set if you are using secure cookies and HTTPS

                   Prior to this change if you were not running your Totara site over HTTPS,
                   and upgraded to Chrome 80 then you not be able to log into your site.
                   This was because Chrome 80 was rejecting the cookie as it had the SameSite
                   attribute set to None and the Secure flag was not set (as you were not
                   running over HTTPS).
                   
                   After upgrading SameSite will be left for Chrome to default a value for.
                   You will be able to log in, but may find that third party content on your
                   site does not work.
                   In order to ensure that your site performs correctly please upgrade your
                   site to use HTTPS and enable the Secure Cookies setting within Totara if it
                   is not already enabled.


Security issues:

    TL-23950       Added sanitisation of send messages before they are displayed in messaging interface
    TL-24133       Ensured content was encoded before being used within aria-labels when viewing the users list

Bug fixes:

    TL-7631        Conditional fields when editing certification course sets are now correctly disabled when not relevant 
    TL-23740       Fixed compatibility with UUID PHP extension
    TL-23852       The current learning block no longer triggers a re-aggregation of program courseset completion

                   The current learning block in some situations was causing program courseset
                   completion to be re-aggregated, leading to courseset completion time being
                   incorrectly updated if the courseset had already been completed.
                   This has been fixed and the courseset completion date is no longer updated
                   after it has been initially set.

    TL-23871       The quiz navigation block now correctly scrolls you to a question when clicking on the question navigation link

                   This is a backport of Moodle MDL-65883

    TL-23903       Fixed slot id generation when displaying multianswer (cloze) questions

Release 9.41 (26th February 2020):



Important:

    TL-23764       Chrome 80: SameSite=None is now only set if you are using secure cookies and HTTPS

                   Prior to this change if you were not running your Totara site over HTTPS,
                   and upgraded to Chrome 80 then you not be able to log into your site.
                   This was because Chrome 80 was rejecting the cookie as it had the SameSite
                   attribute set to None and the Secure flag was not set (as you were not
                   running over HTTPS).
                   
                   After upgrading SameSite will be left for Chrome to default a value for.
                   You will be able to log in, but may find that third party content on your
                   site does not work.
                   In order to ensure that your site performs correctly please upgrade your
                   site to use HTTPS and enable the Secure Cookies setting within Totara if it
                   is not already enabled.


Security issues:

    TL-24133       Ensured content was encoded before being used within aria-labels when viewing the users list

Bug fixes:

    TL-7631        Conditional fields when editing certification course sets are now correctly disabled when not relevant 
    TL-23740       Fixed compatibility with UUID PHP extension
    TL-23852       The current learning block no longer triggers a re-aggregation of program courseset completion

                   The current learning block in some situations was causing program courseset
                   completion to be re-aggregated, leading to courseset completion time being
                   incorrectly updated if the courseset had already been completed.
                   This has been fixed and the courseset completion date is no longer updated
                   after it has been initially set.


Release 2.9.50 (26th February 2020):



Important:

    TL-23764       Chrome 80: SameSite=None is now only set if you are using secure cookies and HTTPS

                   Prior to this change if you were not running your Totara site over HTTPS,
                   and upgraded to Chrome 80 then you not be able to log into your site.
                   This was because Chrome 80 was rejecting the cookie as it had the SameSite
                   attribute set to None and the Secure flag was not set (as you were not
                   running over HTTPS).
                   
                   After upgrading SameSite will be left for Chrome to default a value for.
                   You will be able to log in, but may find that third party content on your
                   site does not work.
                   In order to ensure that your site performs correctly please upgrade your
                   site to use HTTPS and enable the Secure Cookies setting within Totara if it
                   is not already enabled.


Security issues:

    TL-24133       Ensured content was encoded before being used within aria-labels when viewing the users list

Release 2.7.57 (26th February 2020):



Important:

    TL-23764       Chrome 80: SameSite=None is now only set if you are using secure cookies and HTTPS

                   Prior to this change if you were not running your Totara site over HTTPS,
                   and upgraded to Chrome 80 then you not be able to log into your site.
                   This was because Chrome 80 was rejecting the cookie as it had the SameSite
                   attribute set to None and the Secure flag was not set (as you were not
                   running over HTTPS).
                   
                   After upgrading SameSite will be left for Chrome to default a value for.
                   You will be able to log in, but may find that third party content on your
                   site does not work.
                   In order to ensure that your site performs correctly please upgrade your
                   site to use HTTPS and enable the Secure Cookies setting within Totara if it
                   is not already enabled.


Release 2.6.74 (26th February 2020):



Important:

    TL-23764       Chrome 80: SameSite=None is now only set if you are using secure cookies and HTTPS

                   Prior to this change if you were not running your Totara site over HTTPS,
                   and upgraded to Chrome 80 then you not be able to log into your site.
                   This was because Chrome 80 was rejecting the cookie as it had the SameSite
                   attribute set to None and the Secure flag was not set (as you were not
                   running over HTTPS).
                   
                   After upgrading SameSite will be left for Chrome to default a value for.
                   You will be able to log in, but may find that third party content on your
                   site does not work.
                   In order to ensure that your site performs correctly please upgrade your
                   site to use HTTPS and enable the Secure Cookies setting within Totara if it
                   is not already enabled.