Totara Release Notes

Totara TXP 13.4, Totara Learn 12.27, 11.36, 10.41, 9.51

 
Riana Rossouw
Totara TXP 13.4, Totara Learn 12.27, 11.36, 10.41, 9.51
بواسطة Tuesday, 26 January 2021, 11:54 AM - Riana Rossouw
مجموعة Totara

Hello everyone,

The following versions of Totara TXP and Learn have now been released:

These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes bug fixes and improvements.

A big thanks to the following people for their contributions to this release:

  • Russell England, Kineo USA - TL-29159

Kind regardsRiana Rossouw

Release 13.4 (26th January 2021):

Important:

    TL-29285       Fixed incorrect seminar notification for users with event role in other courses when event is cancelled

                   In Totara 13 prior to this patch, when a seminar event was cancelled or
                   deleted, the code that generated the cancellation notification mistakenly
                   loaded a list of users who held an event role on any seminar event, rather
                   than the current event.
                   
                   This caused an event cancellation notification to be sent to users (and
                   their managers) who had nothing to do with the affected seminar. This has
                   now been fixed.
                   
                   Sites that use seminar event roles are strongly encouraged to upgrade.


Security issues:

    TL-21540       Fixed potential XSS bug in developer debugging messages

                   Prior to this patch, the debuginfo part of developer debugging messages was
                   not properly escaped, which could lead to a situation where a cross-site
                   scripting attack was possible. The debuginfo message is only ever sent to
                   output when 'Debug messages' is set to developer, and
                   'Display debug messages' is on. This should never be the case on a
                   production site. Nevertheless, it is a potential attack vector on staging
                   or development sites and has been fixed.


New features:

    TL-28886       Created Zoom Meeting virtualmeeting plugin for use with seminar sessions

                   See
                   https://help.totaralearning.com/display/TH13/Working+with+virtual+rooms for
                   more information on using the new virtualmeeting plugins with seminars.


Improvements:

    TL-17516       Added a 'course end date' column and filter to course report sources
    TL-24483       Improved accessibility of selected items area in the competency assignments list
    TL-28474       Added a placeholder text and changed icon colour in taglist component for consistency
    TL-28523       Added 'Activity viewed' GraphQL mutation for Totara mobile app
    TL-28606       Added aria attributes for Totara form elements when there is a validation error
    TL-28658       Added GraphQL/DB performance metrics in the footer 
    TL-28738       Added a warning on competency profile and detail pages when a relevant competency aggregation task is pending
    TL-28806       Added a 'Tenant login link' column to the manage tenants report source
    TL-28822       Added support for migration from Moodle 3.5.15, 3.7.9, 3.8.6 and 3.9.3
    TL-28914       Added support for PUT and PATCH requests to Totara cURL client
    TL-29011       Updated tag form fields to use background and accent colours from the theme
    TL-29020       Added GDPR support for virtualmeeting plugins and seminar virtual meeting rooms
    TL-29035       Improved Engage 'Your resources' page performance by loading filters via page loads 
    TL-29102       Added an error message to be displayed when single sign-on is not working on MS Teams
    TL-29109       Added visual indicators for seminar virtual meeting rooms that are not editable by the current user, because they were created by someone else
    TL-29228       Added Byte-Order-Mark to CSV optimised for Excel to improve Unicode detection in MS Excel
    TL-29256       Improved performance of the badge award cron job when using audience criteria when just one of multiple audiences is needed to be completed
    TL-29270       Improved reliability of Behat test step "I run all adhoc tasks"

Bug fixes:

    TL-25650       Updated width rules on "Recently viewed" dashboard block to not be affected by title length
    TL-26557       Fixed random PHPUnit failures caused by missing content file
    TL-27368       Fixed highlighting of the toggle switch to indicate when it has focus
    TL-28007       Fixed race condition when creating universal cache file

                   This patch fixes an issue where parallel requests try to write to the same
                   universal cache file. Previously, during installation of a fresh instance
                   all the CSS files were requested which caused the system to write to cache.
                   During cache creation the system will try to create a universal cache file
                   which stores all the cache's metadata. Due to the CSS file being requested
                   this process was triggered in parallel. This caused debugging messages
                   being triggered as the locks could not be acquired for the universal cache
                   file could to be written.

    TL-28025       Updated mobile current learning GraphQL query to use theme default images for courses, programs and certifications
    TL-28070       Fixed cache not being updated after using the course completion editor
    TL-28508       Ensured keyboard controls are trapped in Totara dialogues when opened
    TL-28510       Added correct aria attributes when viewing report builder tables to improve accessibility
    TL-28555       Increased margin between radio button and date selector form input
    TL-28657       Modified the size of the close 'x' button to 300 on the notification banner
    TL-28659       Fixed wrong size and colour for close 'x' button on toast 
    TL-28687       Fixed invalid page URL in LTI enrolment proxy page
    TL-28703       Updated form autocomplete hover background to use a standard colour
    TL-28718       Increased the width of the decorator separator line in posting new discussion form by involving the new normal prop
    TL-28769       Replaced label and form tag with div for performance activity print page and fixed style
    TL-28849       Added aria-disabled on side panel toggle button for better accessibility support 
    TL-28900       Ensured the PDF annotation review panel is hidden for 'Online text' only assignment submissions
    TL-28954       Fixed misalignment of labels when creating seminar rooms, assets, and facilitators
    TL-28989       Fixed Weka editor error on course edit page in IE11
    TL-29000       Fixed a JavaScript error when rearranging a playlist by dragging the resource image
    TL-29004       Added user-friendly error when attempting to view a hidden category in the grid catalogue
    TL-29007       Fixed conditions for displaying a warning about pending updates for appraisal assignments

                   Previously, a warning about pending updates was wrongly displayed in the
                   assignments tab of the appraisal administration when there were users that
                   had completed that appraisal, even when no updates were pending. This has
                   been fixed with this patch.

    TL-29016       Fixed formatting of multi-lang names used in competency types, scales and frameworks
    TL-29027       Fixed error creating Engage reports when Engage feature is disabled
    TL-29028       Updated workspace delete endpoint to not queue duplicate delete tasks
    TL-29032       Fixed Engage notifications to observe the recipient's language preference
    TL-29042       Fixed Vimeo video not being responsive when placed in dashboard block
    TL-29072       Fixed PHPUnit failures caused by incorrect PostgreSQL database snapshot reset
    TL-29086       Added a pending js to the Weka editor initialisation code and made the long text question response saving more robust
    TL-29095       Fixed theme settings validation for tenants
    TL-29098       Fixed popover content not being clickable
    TL-29112       Added missing 'Join now' buttons to seminar events dashboard for seminar virtual meeting rooms
    TL-29114       Prevented Totara sending any notifications to a bot when bot feature is disabled

                   Previously, when a bot was disabled, it still received a message about
                   sign-in into the system. Now to send notifications, you need to enable the
                   bot feature first.

    TL-29122       Fixed an issue that caused out-of-date course images to appear in the catalogue
    TL-29150       Fixed an error message which displayed above seminar events when event roles were enabled, but no users were enrolled with those roles
    TL-29159       Ensured notifications count is not displayed if notifications are disabled for the user
    TL-29160       Fixed the ordering of Engage content on the grid catalogue

                   When a site has multiple languages installed and potentially uses the
                   multi-lang filter, we can not alphabetically sort catalogue items by their
                   name and default to sorting by the timecreated field instead. Previously
                   the Engage resource and playlist items were not getting this value set in
                   the catalogue data, this has been rectified.
                   
                   Note: The catalogue data will not be updated until the next time the
                   "refresh_catalog_data" scheduled task runs.

    TL-29161       Fixed an exception when attempting to edit a seminar facilitator without permission
    TL-29187       Added presentation role to tables when approving changes to a learning plan
    TL-29212       Fixed bug causing the recommendation engine to skip non-tenants when multitenancy is enabled
    TL-29217       Fixed updating of usernames when using user upload functionality

                   When updating usernames using 'oldusername' and the idnumber was present
                   the duplicate idnumber validation check would incorrectly report that the
                   username was a duplicate for users who were having their username changed.
                   The idnumber validation now works correctly with updating usernames.

    TL-29218       Fixed incorrect string component for 'noposition' and 'noorganisation' in the signup form

                   When using email based self registration and there are no positions set up
                   on the site, the signup form no longer uses an invalid string when users
                   try to sign up.

    TL-29219       Fixed keyboard accessibility of grid catalogue category drop down

                   Shift-tabbing in the category selector now moves to the previous option as
                   expected.

    TL-29244       Fixed PHPUnit failures occurring when zlib compression is not enabled

                   When zlib compression is not enabled on a test site tests will no longer
                   expect Content-Length headers.

    TL-29255       Removed aggressive user session cleanup code to eliminate some session timeouts on login page
    TL-29261       Fixed inability to remove custom room link from a seminar room
    TL-29264       Prevented changing the virtualmeeting provider for a seminar room
    TL-29269       Fixed TUI CSS being cached when caching was disabled in development mode
    TL-29342       Fixed "expand/collapse all" link showing when Collapsible topics is not enabled
    TL-29357       Restored the ability to create and edit site-wide seminar rooms with custom virtual room links

Contributions:

    * Russell England, Kineo USA - TL-29159

Release 12.27 (26th January 2021):

Security issues:

    TL-21540       Fixed potential XSS bug in developer debugging messages

                   Prior to this patch, the debuginfo part of developer debugging messages was
                   not properly escaped, which could lead to a situation where a cross-site
                   scripting attack was possible. The debuginfo message is only ever sent to
                   output when 'Debug messages' is set to developer, and
                   'Display debug messages' is on. This should never be the case on a
                   production site. Nevertheless, it is a potential attack vector on staging
                   or development sites and has been fixed.


Improvements:

    TL-29256       Improved performance of the badge award cron job when using audience criteria when just one of multiple audiences is needed to be completed

Bug fixes:

    TL-28070       Fixed cache not being updated after using the course completion editor
    TL-28900       Ensured the PDF annotation review panel is hidden for 'Online text' only assignment submissions
    TL-29004       Added user-friendly error when attempting to view a hidden category in the grid catalogue
    TL-29007       Fixed conditions for displaying a warning about pending updates for appraisal assignments

                   Previously, a warning about pending updates was wrongly displayed in the
                   assignments tab of the appraisal administration when there were users that
                   had completed that appraisal, even when no updates were pending. This has
                   been fixed with this patch.

    TL-29016       Fixed formatting of multi-lang names used in competency types, scales and frameworks
    TL-29159       Ensured notifications count is not displayed if notifications are disabled for the user
    TL-29217       Fixed updating of usernames when using user upload functionality

                   When updating usernames using 'oldusername' and the idnumber was present
                   the duplicate idnumber validation check would incorrectly report that the
                   username was a duplicate for users who were having their username changed.
                   The idnumber validation now works correctly with updating usernames.

    TL-29255       Removed aggressive user session cleanup code to eliminate some session timeouts on login page

Contributions:

    * Russell England, Kineo USA - TL-29159

Release 11.36 (26th January 2021):

Security issues:

    TL-21540       Fixed potential XSS bug in developer debugging messages

                   Prior to this patch, the debuginfo part of developer debugging messages was
                   not properly escaped, which could lead to a situation where a cross-site
                   scripting attack was possible. The debuginfo message is only ever sent to
                   output when 'Debug messages' is set to developer, and
                   'Display debug messages' is on. This should never be the case on a
                   production site. Nevertheless, it is a potential attack vector on staging
                   or development sites and has been fixed.


Bug fixes:

    TL-29007       Fixed conditions for displaying a warning about pending updates for appraisal assignments

                   Previously, a warning about pending updates was wrongly displayed in the
                   assignments tab of the appraisal administration when there were users that
                   had completed that appraisal, even when no updates were pending. This has
                   been fixed with this patch.

    TL-29016       Fixed formatting of multi-lang names used in competency types, scales and frameworks

Release 10.41 (26th January 2021):

Security issues:

    TL-21540       Fixed potential XSS bug in developer debugging messages

                   Prior to this patch, the debuginfo part of developer debugging messages was
                   not properly escaped, which could lead to a situation where a cross-site
                   scripting attack was possible. The debuginfo message is only ever sent to
                   output when 'Debug messages' is set to developer, and
                   'Display debug messages' is on. This should never be the case on a
                   production site. Nevertheless, it is a potential attack vector on staging
                   or development sites and has been fixed.


Bug fixes:

    TL-29007       Fixed conditions for displaying a warning about pending updates for appraisal assignments

                   Previously, a warning about pending updates was wrongly displayed in the
                   assignments tab of the appraisal administration when there were users that
                   had completed that appraisal, even when no updates were pending. This has
                   been fixed with this patch.

    TL-29016       Fixed formatting of multi-lang names used in competency types, scales and frameworks

Release 9.51 (26th January 2021):

Bug fixes:

    TL-29007       Fixed conditions for displaying a warning about pending updates for appraisal assignments

                   Previously, a warning about pending updates was wrongly displayed in the
                   assignments tab of the appraisal administration when there were users that
                   had completed that appraisal, even when no updates were pending. This has
                   been fixed with this patch.