Totara Release Notes

Totara TXP 13.5, Totara Learn 12.28, 11.37, 10.42, 9.52

 
David Curry (Core Developer)
Totara TXP 13.5, Totara Learn 12.28, 11.37, 10.42, 9.52
di David Curry (Core Developer) - Tuesday, 23 February 2021, 18:27
Gruppo Totara

Hello everyone,

The following versions of Totara Learn have now been released:

These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes bug fixes and improvements.

A big thanks to the following people for their contributions to this release:

  • Russell England - Kineo USA - TL-29635

Kind regards, David Curry

Release 13.5 (24th February 2021):

Security issues:

    TL-29223       Added sanitisation and filtering to customfield textarea output 

                   As part of an investigation into filtering of other custom field types, we
                   discovered that textarea custom field values were not being correctly
                   sanitised for output, and filtering (for example Multi-Language filtering)
                   was not being applied.
                   
                   User-submitted textarea values were sanitised on input, so it would be
                   difficult for users to exploit this bug for cross-site scripting without
                   access to the database.
                   
                   Textarea custom field values are now being sanitised and filtered on
                   output.


New features:

    TL-29235       Modified the recommender engine to use user profile data

Performance improvements:

    TL-29347       Improved performance of get_records_menu function

                   The get_records_menu function was calling array_shift a huge number of
                   times. All the _menu dml functions have be re-written to be more efficient.

    TL-29351       Added static cache to improve performance of the normalize_component function
    TL-29353       Improved performance of fix_table_names in Database Layer functions

                   This patch makes an improvement to a core function in the database layer to
                   reduce the number of expensive function calls.


Improvements:

    TL-11308       Added an aria-label attribute when setting link type to a course for a legacy competency
    TL-26729       Fixed Tui Modals so they now check for accessible models on every title change
    TL-28814       Moved Torara course completion import to an adhoc task

                   As part of this change a new 'Processed' column has been added to the
                   'Completion import: Certification status' and 'Completion import: Course
                   status' embedded reports. On upgrade, this will need to be manually added
                   or the report restored to default settings for it to show.

    TL-28971       Added Course completion status column to the Record of Learning: Courses report source
    TL-28978       Improved accessibility of admin menu settings page
    TL-29019       Added client-side validation when adding virtual rooms to a seminar session
    TL-29202       Added a discovery call to Zoom virtual meeting plugin so that it only attempts a meeting update if the date and/or duration have actually changed
    TL-29205       Improved location of 'expand all' and 'collapse all' links when using expanding course topics
    TL-29354       Changed is_numeric() to is_number() in normalise_limit_from_num() database layer function

                   A debugdeveloper notice will be generated if whole numbers are not used.

    TL-29377       Included an upload transcript button on audio file block

                   "Upload transcript" button appears on the weka audio file block when
                   uploaded only for the first time.

    TL-29422       Created a new notification when a new discussion is posted in the workspace

                   Workspace members will now receive a notifications when a new discussion is
                   posted in the workspace

    TL-29430       Converted reset tour link to a button to improve accessibility
    TL-29561       Improved alignment of topics with long names and collapsible topics
    TL-29563       Removed incorrect direct use of phpunit_util from tests

Bug fixes:

    TL-27159       Added the ability for the mobile plugin to remove rejected push notification tokens

                   Previously if AirNotifier rejected a push notification's token because
                   Google Firebase Cloud Messaging reported it as being invalid, the error was
                   ignored.
                   
                   Now it is logged, and the invalid token is removed from any devices using
                   it.

    TL-28418       Fixed unread message count badge on Totara Mobile iOS app when using push notifications
    TL-28472       Fixed theme settings not applying on Edge Legacy
    TL-28765       Fixed memory limit exceeded when loading performance activities with a large number of section elements
    TL-28942       Improved accessibility of course topics format
    TL-28962       Fixed competency criteria aggregation allowing 0 required items
    TL-28997       Fixed filtering of location custom field values

                   Previously, location custom field values were filtered on input. When the
                   Multi-Language filter was enabled, this resulted in a Multi-Language value
                   being saved in the user's current language only, while values in other
                   languages were lost.
                   
                   This has been fixed, and new Multi-Language values in location custom
                   fields will work as expected for users viewing the value in other
                   languages.

    TL-29052       Fixed email mustache template to use colours from theme settings
    TL-29153       Fixed theme settings capability issue during site upgrade

                   During site upgrade, using the web interface and upgrading from versions
                   earlier than 13.0, debug messages are thrown in the error logs and the HTTP
                   request for styles might fail because of a capability check for a
                   capability that might not be installed yet.

    TL-29221       Indicated user's preferred language when making Microsoft Graph API calls

                   This patch forwards the user's language when creating MS Teams virtual
                   meeting rooms, so that the resulting room info, which is generated by the
                   Graph API, is in the room creator's language.

    TL-29323       Fixed theme settings to use theme assigned to user instead of theme defined in config
    TL-29368       Stopped an 'Unsaved changes' message when saving a form after uploading files via an atto editor
    TL-29384       Hook added to extend list of categories with CSS variables in theme settings

                   Clients can now use the hook \core\hook\theme_settings_css_categories to
                   extend the list of categories in theme settings that contains CSS variable
                   settings

    TL-29391       Fixed the ability to use a default category

                   Since we added new hidden system categories in Totara 13.0 it has been
                   possible to enter a broken state by deleting the default "Miscellaneous"
                   category, in some cases this would lead to the system categories being used
                   as defaults. This caused several issues, the most notable of which is the
                   create course/program/certification forms would be broken. We've rectified
                   the issue by setting the default category to a non-system category,
                   recreating "Miscellaneous" if necessary. And making sure that system
                   categories are not used by default.

    TL-29392       Fixed an issue with Microsoft Teams where the 'tap area' of a card was preventing contents being inserted via the messaging extension

                   The tap area has been replaced by a button matching the catalogue details,
                   'View' or 'Go to'

    TL-29393       Added missing admin_externalpage_setup() to scheduledtasks.php
    TL-29406       Fixed badge notifications created with Weka editor displaying as JSON code
    TL-29409       Added missing language strings for recent versions of Totara Mobile app

                   Several new language strings were added to the Totara Mobile app since the
                   release of Totara 13, but not added to Totara and AMOS to be translated.
                   These have now been added and will be available in the translation and
                   language string customisation systems.

    TL-29415       Fixed virtual meeting information display on seminar room details page

                   Several fixes have been made to the virtual meeting information card:
                    * Made card visible to managers approving booking requests
                    * Prevented showing the card to learners when they should not see virtual
                   meeting information
                    * Hid the 'Host meeting' button from non-owners as only the meeting owner
                   can access the host URL
                   * Fixed some accessibility issues

    TL-29417       Fixed inconsistent filtering of custom field text values

                   As part of an investigation into filtering of other custom field types, we
                   discovered that filtering (for example Multi-Language filtering) was being
                   applied to text custom field values when displayed in report builder, but
                   not in other areas.
                   
                   Text custom field values are now consistently formatted for display.

    TL-29429       Fixed memory issues and improved performance of evidence migration 
    TL-29431       Fixed 'Number of Attendees' report builder column for seminar event report
    TL-29433       Fixed 'Can not find data record in database' error when seminar virtualmeeting room was used
    TL-29434       Fixed 'Booking status' report builder column for seminar event report
    TL-29436       Fixed theme_config loading issues in theme settings
    TL-29443       Fixed a redirection problem of the Find learning tab on Microsoft Teams
    TL-29444       Fixed rendering of graphs when exporting reports to PDF
    TL-29445       Fixed redirection to home page after adding missing required profile data when user logs in via OAuth 2
    TL-29446       Added custom CSS and log in image to tenant-customisable theme config
    TL-29464       Fixed upgrade step issue when creating Learning Plan assignment types for Programs introduced via TL-24703
    TL-29465       Fixed a typo for seminar manager approval help string
    TL-29560       Fixed caseless searching of seminar room, asset, and facilitator dialogs when non-ascii characters are used
    TL-29562       Ensured the learner is returned to the course when using guest enrolment
    TL-29576       Fixed the display of questions in a quiz activity for the Basis theme
    TL-29583       Fixed missing aria-label when adding new groups on admin menu settings page
    TL-29609       Fixed breadcrumbs on the certification details page
    TL-29610       Fixed missing escaping of table names in ORM has_many_through and has_one_through relations
    TL-29618       Fixed incorrect event observers and hook watchers reset in PHPUnit tests
    TL-29619       Updated link to event page in seminar notification for virtual meeting creation failure

                   This patch contains an upgrade step which replaces the
                   '[session:room:link]' placeholder in the global 'Virtual meeting creation
                   failure' notification template with '[seminareventdetailslink]', and also
                   updates the placeholder in any seminar activity notifications linked to
                   that template. If you have customised the 'Virtual meeting creation
                   failure' notification in any seminar activities, we recommend replacing the
                   placeholder by hand.

    TL-29625       Added inline documentation to explain the purpose of, and ensured that $PAGE->context is set for, the server error page.
    TL-29635       Ensured that the correct method to detect whether tags are enabled is used in modedit.php

API changes:

    TL-29345       Updated PHPUnit to prime and store the GraphQL schema cache between tests

Contributions:

    * Russell England - Kineo USA - TL-29635

Release 12.28 (24th February 2021):

Security issues:

    TL-29223       Added sanitisation and filtering to customfield textarea output 

                   As part of an investigation into filtering of other custom field types, we
                   discovered that textarea custom field values were not being correctly
                   sanitised for output, and filtering (for example Multi-Language filtering)
                   was not being applied.
                   
                   User-submitted textarea values were sanitised on input, so it would be
                   difficult for users to exploit this bug for cross-site scripting without
                   access to the database.
                   
                   Textarea custom field values are now being sanitised and filtered on
                   output.


Improvements:

    TL-28971       Added Course completion status column to the Record of Learning: Courses report source

Bug fixes:

    TL-28997       Fixed filtering of location custom field values

                   Previously, location custom field values were filtered on input. When the
                   Multi-Language filter was enabled, this resulted in a Multi-Language value
                   being saved in the user's current language only, while values in other
                   languages were lost.
                   
                   This has been fixed, and new Multi-Language values in location custom
                   fields will work as expected for users viewing the value in other
                   languages.

    TL-29368       Stopped an 'Unsaved changes' message when saving a form after uploading files via an atto editor
    TL-29417       Fixed inconsistent filtering of custom field text values

                   As part of an investigation into filtering of other custom field types, we
                   discovered that filtering (for example Multi-Language filtering) was being
applied to text custom field values when displayed in report builder, but not in other areas. Text custom field values are now consistently formatted for display. TL-29562 Ensured the learner is returned to the course when using guest enrolment TL-29576 Fixed the display of questions in a quiz activity for the Basis theme TL-29609 Fixed breadcrumbs on the certification details page TL-29618 Fixed incorrect event observers and hook watchers reset in PHPUnit tests TL-29635 Ensured that the correct method to detect whether tags are enabled is used in modedit.php Contributions: * Russell England - Kineo USA - TL-29635

Release 11.37 (24th February 2021):

Security issues:

    TL-29613       Added sanitisation to customfield textarea output 

                   As part of an investigation into filtering of other custom field types, we
                   discovered that textarea custom field values were not being correctly
                   sanitised for output.
                   
                   User-submitted textarea values were sanitised on input, so it would be
                   difficult for users to exploit this bug for cross-site scripting without
                   access to the database.
                   
                   Textarea custom field values are now being sanitised on output.


Bug fixes:

    TL-29618       Fixed incorrect event observers and hook watchers reset in PHPUnit tests
    TL-29635       Ensured that the correct method to detect whether tags are enabled is used in modedit.php

Contributions:

    * Russell England - Kineo USA - TL-29635

Release 10.42 (24th February 2021):

Security issues:

    TL-29613       Added sanitisation to customfield textarea output 

                   As part of an investigation into filtering of other custom field types, we
                   discovered that textarea custom field values were not being correctly
                   sanitised for output.
                   
                   User-submitted textarea values were sanitised on input, so it would be
                   difficult for users to exploit this bug for cross-site scripting without
                   access to the database.
                   
                   Textarea custom field values are now being sanitised on output.


Bug fixes:

    TL-29618       Fixed incorrect event observers and hook watchers reset in PHPUnit tests

Release 9.52 (24th February 2021):

Bug fixes:

    TL-29618       Fixed incorrect event observers and hook watchers reset in PHPUnit tests

Valerii Kuznetsov
Re: Totara TXP 13.5, Totara Learn 12.28, 11.37, 10.42, 9.52
di Valerii Kuznetsov - Monday, 8 March 2021, 16:27
Gruppo Totara
Amendment for changelog entry.

We've made mistake in changelog regarding TL-29446.

"Added custom CSS and log in image to tenant-customisable theme config" has no CSS customisations on tenant level. 

Commit only adds log in image and footer to tenant-customisable theme config. There are no custom CSS support in tenants.
We apologize for inconvenience and will fix changelog in upcoming release.