Hello everyone,
The following versions of Totara Learn have now been released:
- Release Evergreen
- Release 12.19
- Release 11.28
- Release 10.34
- Release 9.45
- Release 2.9.52
- Release 2.7.59
- Release 2.6.76
- Release 2.5.81
- Release 2.4.76
- Release 2.2.77
Versions 9.45, 10.34, 11.28, 12.19 and Evergreen contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes bug fixes and improvements.
A big thanks to the following people for their contributions to this release:
- Bhoj Raj Bhatta at Xtractor - TL-25220
- John Phoon at Kineo Pacific - TL-10390
- Russell England at Kineo USA - TL-25320
Kind regards
Riana Rossouw
Release Evergreen (25th June 2020):
Key: + Evergreen only
Security issues:
TL-25145 Backported MDL-68410 to prevent remote code execution by malformed SCORM package
TL-25269 Updated default CDN of MathJax filter library to version 2.7.8
Improvements:
TL-10390 Fixed upload users tool to validate duplicated IDnumbers
TL-22591 + Improved accessibility of create menu in the grid catalogue
TL-24134 Moved Certification completion import to adhoc task and optimised import
Certification completion import now only does a basic import of the records
immediately on CSV file upload in the UI. The records are then processed in
an adhoc task which is executed on the next cron run.
TL-24976 Increased the maximum number of multi-select custom field options to 128
TL-25020 + Added new "details content" setting to the grid catalogue general settings
If this setting is enabled, as it will be automatically for any upgrading
sites, there should be no change in current behaviour. When a catalogue
item is clicked a details pop-up will be displayed with a view or enrol
button.
If the setting is disabled, as it will be automatically for any new
installations, when you click an item on the catalogue it will redirect you
immediately to the URL used by the view button in the details pop-up
instead of displaying the details.
TL-25239 Updated PHPMailer to the latest security release
PHPMailer library has been updated to version 6.1.6.
TL-25253 Removed restriction limiting items shown in drop-down for 'Time uploaded' report filter in the Completion import reports
In the completion upload reports for both Course and Certification the
'Time uploaded' drop-down filter was missing the option for an import if it
had errors or if the records were uploaded as evidence (for the
Certification report). These restrictions have been removed and all upload
times are now shown.
TL-25275 Improved reliability of SCORM packages saving progress
TL-25321 + Added new native MySQL locking factory
TL-25334 + Added new native MS SQL Server locking factory
TL-25358 Improved compatibility with MySQL 8.0.20
Fixed MySQL 8 integer length calculation
Bug fixes:
TL-21424 Fixed multiple checkbox filters in Report Builder reports not working as expected when excluding options
TL-22016 Fixed typo in Badges status_help string
TL-24747 Fixed broken error detection when uploading course completion history for a course without manual enrolment
In a very specific circumstance uploading course completion history records
for a course without the manual enrolment plugin succeeds where it should
have failed. The error detection has been fixed.
TL-25083 Made sure completed programs do not appear in the Current Learning block when added via a user's learning plan
TL-25108 Fixed report builder select filters to matching the search when a value contains an ampersand
TL-25141 Fixed validation of custom profile menu values when uploading user accounts via a CSV file
TL-25147 + Fixed an issue where session attendance report could not be exported by an editing trainer or trainer roles
TL-25153 Fixed user tours not working on the user profile editing page when site policy requiring consent is set up
TL-25200 Ensured content displayed in a due dates dialog stays inside the dialog
When on the enrolled learning tab when viewing a cohort, clicking any link
inside a view due dates dialog caused the content to be loaded outside the
dialog. This has now been changed so that it stays inside the dialog.
TL-25216 Fixed compatibility of theme rendering with non-standard authentication methods
This fixes fatal errors stating that the layout file does not contain the
main content placeholder.
TL-25220 Fixed inactive tabs when creating a new program or certification
Previously, when a new program or certification was being created it was
possible to access "Overview" tab which would result in an error. This has
now been fixed and "Overview" tab is no longer active until the program or
certification exist.
TL-25271 Fixed language strings being incorrectly concatenated in the heading of the My Bookings page
TL-25289 Fixed various typos in the language strings
TL-25295 + Fixed image location when creating a report in Chrome
TL-25301 Fixed regression preventing dot notation being used to access object properties in mustache helper functions
TL-25303 Stopped mustache escape helper incorrectly throwing debugging warning
TL-25313 Changed sort order of rooms and assets in seminar edit event page
The lists of rooms and assets available to be assigned to a seminar session
were inadvertently changed in Totara 12 to be sorted by order of creation.
This change has been reverted, and they are now sorted alphabetically.
TL-25338 Made sure years are accounted in relative date calculations when the date is more than 1 but less than 2 years in the past
TL-25399 Removed user-related content options from the Seminar Events report
API changes:
TL-24762 Added new user_can_view() function in the block_base class
This new function is used to check correct access when blocks are displayed
on Totara Dashboards ensuring against exploits. Prior to this addition,
blocks were not aware of access control for the dashboard they are added
on.
The plugin_file function of the HTML and Featured Links block also now uses
the user_can_view() function to ensure correct access.
TL-25277 + Memcache session handler was deprecated, use Memcached handler instead
Contributions:
* Bhoj Raj Bhatta at Xtractor - TL-25220
* John Phoon at Kineo Pacific - TL-10390
Release 12.19 (25th June 2020):
Security issues:
TL-25145 Backported MDL-68410 to prevent remote code execution by malformed SCORM package
TL-25269 Updated default CDN of MathJax filter library to version 2.7.8
Improvements:
TL-10390 Fixed upload users tool to validate duplicated IDnumbers
TL-24134 Moved Certification completion import to adhoc task and optimised import
Certification completion import now only does a basic import of the records
immediately on CSV file upload in the UI. The records are then processed in
an adhoc task which is executed on the next cron run.
TL-24976 Increased the maximum number of multi-select custom field options to 128
TL-25239 Updated PHPMailer to the latest security release
PHPMailer library has been updated to version 5.2.28.
TL-25253 Removed restriction limiting items shown in drop-down for 'Time uploaded' report filter in the Completion import reports
In the completion upload reports for both Course and Certification the
'Time uploaded' drop-down filter was missing the option for an import if it
had errors or if the records were uploaded as evidence (for the
Certification report). These restrictions have been removed and all upload
times are now shown.
TL-25275 Improved reliability of SCORM packages saving progress
TL-25358 Improved compatibility with MySQL 8.0.20
Fixed MySQL 8 integer length calculation
Bug fixes:
TL-21424 Fixed multiple checkbox filters in Report Builder reports not working as expected when excluding options
TL-22016 Fixed typo in Badges status_help string
TL-24747 Fixed broken error detection when uploading course completion history for a course without manual enrolment
In a very specific circumstance uploading course completion history records
for a course without the manual enrolment plugin succeeds where it should
have failed. The error detection has been fixed.
TL-25083 Made sure completed programs do not appear in the Current Learning block when added via a user's learning plan
TL-25108 Fixed report builder select filters to matching the search when a value contains an ampersand
TL-25141 Fixed validation of custom profile menu values when uploading user accounts via a CSV file
TL-25153 Fixed user tours not working on the user profile editing page when site policy requiring consent is set up
TL-25200 Ensured content displayed in a due dates dialog stays inside the dialog
When on the enrolled learning tab when viewing a cohort, clicking any link
inside a view due dates dialog caused the content to be loaded outside the
dialog. This has now been changed so that it stays inside the dialog.
TL-25216 Fixed compatibility of theme rendering with non-standard authentication methods
This fixes fatal errors stating that the layout file does not contain the
main content placeholder.
TL-25220 Fixed inactive tabs when creating a new program or certification
Previously, when a new program or certification was being created it was
possible to access "Overview" tab which would result in an error. This has
now been fixed and "Overview" tab is no longer active until the program or
certification exist.
TL-25271 Fixed language strings being incorrectly concatenated in the heading of the My Bookings page
TL-25289 Fixed various typos in the language strings
TL-25301 Fixed regression preventing dot notation being used to access object properties in mustache helper functions
TL-25303 Stopped mustache escape helper incorrectly throwing debugging warning
TL-25313 Changed sort order of rooms and assets in seminar edit event page
The lists of rooms and assets available to be assigned to a seminar session
were inadvertently changed in Totara 12 to be sorted by order of creation.
This change has been reverted, and they are now sorted alphabetically.
TL-25320 Fixed the order of courses display in Program and Certification Overview reports to be consistent across all columns
TL-25338 Made sure years are accounted in relative date calculations when the date is more than 1 but less than 2 years in the past
TL-25399 Removed user-related content options from the Seminar Events report
API changes:
TL-24762 Added new user_can_view() function in the block_base class
This new function is used to check correct access when blocks are displayed
on Totara Dashboards ensuring against exploits. Prior to this addition,
blocks were not aware of access control for the dashboard they are added
on.
The plugin_file function of the HTML and Featured Links block also now uses
the user_can_view() function to ensure correct access.
Contributions:
* Bhoj Raj Bhatta at Xtractor - TL-25220
* John Phoon at Kineo Pacific - TL-10390
* Russell England at Kineo USA - TL-25320
Release 11.28 (25th June 2020):
Security issues:
TL-25145 Backported MDL-68410 to prevent remote code execution by malformed SCORM package
TL-25269 Updated default CDN of MathJax filter library to version 2.7.8
Improvements:
TL-25275 Improved reliability of SCORM packages saving progress
TL-25358 Improved compatibility with MySQL 8.0.20
Fixed MySQL 8 integer length calculation
Bug fixes:
TL-22016 Fixed typo in Badges status_help string
TL-25083 Made sure completed programs do not appear in the Current Learning block when added via a user's learning plan
TL-25108 Fixed report builder select filters to matching the search when a value contains an ampersand
TL-25141 Fixed validation of custom profile menu values when uploading user accounts via a CSV file
TL-25216 Fixed compatibility of theme rendering with non-standard authentication methods
This fixes fatal errors stating that the layout file does not contain the
main content placeholder.
TL-25271 Fixed language strings being incorrectly concatenated in the heading of the My Bookings page
TL-25272 Fixed permission check when sending plan approval request message to manager
Note: This is a backport of TL-23458.
The permissions check done when sending a plan approval request message to
a manager was only checking if they had the 'Allow' permission in the plan
template for the Approve setting. The 'Approve' option for the setting is
also now checked.
TL-25338 Made sure years are accounted in relative date calculations when the date is more than 1 but less than 2 years in the past
Release 10.34 (25th June 2020):
Security issues:
TL-25145 Backported MDL-68410 to prevent remote code execution by malformed SCORM package
TL-25269 Updated default CDN of MathJax filter library to version 2.7.8
Improvements:
TL-25275 Improved reliability of SCORM packages saving progress
TL-25358 Improved compatibility with MySQL 8.0.20
Fixed MySQL 8 integer length calculation
Bug fixes:
TL-25108 Fixed report builder select filters to matching the search when a value contains an ampersand
TL-25141 Fixed validation of custom profile menu values when uploading user accounts via a CSV file
TL-25216 Fixed compatibility of theme rendering with non-standard authentication methods
This fixes fatal errors stating that the layout file does not contain the
main content placeholder.
Release 9.45 (25th June 2020):
Security issues:
TL-25145 Backported MDL-68410 to prevent remote code execution by malformed SCORM package
Improvements:
TL-25275 Improved reliability of SCORM packages saving progress
Bug fixes:
TL-25108 Fixed report builder select filters to matching the search when a value contains an ampersand
TL-25216 Fixed compatibility of theme rendering with non-standard authentication methods
This fixes fatal errors stating that the layout file does not contain the
main content placeholder.
Release 2.9.52 (25th June 2020):
Improvements:
TL-25275 Improved reliability of SCORM packages saving progress
Release 2.7.59 (25th June 2020):
Improvements:
TL-25275 Improved reliability of SCORM packages saving progress
Release 2.6.76 (25th June 2020):
Improvements:
TL-25275 Improved reliability of SCORM packages saving progress
Release 2.5.81 (25th June 2020):
Improvements:
TL-25275 Improved reliability of SCORM packages saving progress
Release 2.4.76 (25th June 2020):
Improvements:
TL-25275 Improved reliability of SCORM packages saving progress
Release 2.2.77 (25th June 2020):
Improvements:
TL-25275 Improved reliability of SCORM packages saving progress