Hello everyone,
The following versions of Totara have now been released:
The stable releases above contain security fixes, and for this reason we strongly recommend upgrading.
Each release also includes bug fixes and improvements.
A big thanks to the following people for their contributions to this release:
- Michael Geering, Kineo UK - TL-29611
Kind regards
Sam Hemelryk
Sam Hemelryk
Release 14.0 (19th May 2021):
Important:
TL-28035 + In order to upgrade to Totara 14 or later releases sites must upgrade through Totara 13
Sites moving to Totara 14 or any later major releases must upgrade through
Totara 13.
Upgrade code has been cleaned up and optimised in Totara 14, leading to
this requirement.
For those who are moving from Totara 12 or below, to Totara 14 or above,
you will need to upgrade the site to the latest Totara 13, and then to the
latest Totara 14 or above.
You do not need to run the site at Totara 13, you can simply put the code
in place, run the upgrade, and then put the code you are aiming to upgrade
in place and run the upgrade again.
If you need further advice or information about this please reach out to us
via our help desk, http://totara.support
TL-28140 + The MNet integration has been removed
The MNet integration in Totara was deprecated in Totara 13, and has now
been removed.
The user.mnethostid column has been removed from the database. Any custom
plugins still referencing the field will need to be updated.
TL-28276 + Added support for PHP 8.0
Totara 14 is the first version to support PHP 8.0. Please be aware that
several core changes were required in order to add support. If you have
customisations or use third-party plugins you will need to ensure they also
support PHP 8.0 before choosing to use PHP 8.0.
TL-28280 + PHP 7.3.4 is the minimum required version
In order to run Totara 14 you will need to be running PHP 7.3.4, 7.4.x, or
8.0.x.
Information on our recommended system environments can be found on the help
site:
https://help.totaralearning.com/display/TPD/Recommended+hosting+environments
TL-28773 + All remaining code to support Flash has been removed from the product
Support for Flash has been removed from all supported browsers as of
December 2020. In light of this, all code within the platform and products
that supported Flash has now been removed. This includes the SWF media
plugin, and all settings related to playing Flash content.
New features:
TL-25434 + Implemented new question element to aggregate responses
This feature adds a new question element plugin to show aggregated values
from two or more other questions in the same activity. It can use only
numeric or custom rating scale questions as sources to ensure only numeric
values are used. The configuration of this element includes the source
questions to aggregate responses from. The referenced section or element
cannot be deleted while this connection exists. The question provides
different aggregation options which can be enabled in the configuration:
Average, Median, Minimum, and Maximum.
TL-28970 + Implemented new question element to redisplay question responses from previous instances
This feature adds a new question element plugin to redisplay responses of
other questions in previous subject instances of the same activity or other
activities. The configuration of this element includes the source question
to redisplay responses from. Previous responses from all participants are
shown, independent from the participants configured for the section the
redisplay question is in.
If an activity references another activity by using a redisplay question
element the referenced activity, section or element cannot be deleted while
this connection exists.
TL-29163 + New performance activity question type "Review items"
Configuration
--------------
With this new question type you can include content from other areas of
Totara into a performance activity. With this release we only support
competencies but support for Learning, Goals, and Evidence content types
will follow in the future.
Admins can set up a "Review items" question and choose which role can
select the content for the individual subject instances. All the perform
element types are available as sub questions that can be added to the
review question. E.g. to elicit comments and ratings.
A new "Rating scale: Competency" element has also been added. The rating
uses the selected competency's rating scale. This rating does not impact
on the competency, this only generates performance activity response
data.
The feature supports rating competencies via the performance activity. This
can be toggled on or off by the admin. This element uses the selected
competency's rating scale and on submission passes the selected scale value
to the competency.
Note; for this rating to be used in the competency's achievement
calculation admins also need to add the new "Performance activities"
achievement pathway to the competencies.
The configured set of sub questions is displayed for each competency
selected.
User Experience
----------------
After subject instances have been created users in the relationships
configured in the review question will be able to select competencies to
show up in their activity. Once this is complete participants are able to
answer the sub questions for each selected competency and complete the
activity.
The final "Competency Rating" can be given at any time in the activity
workflow by participants in the relationship configured in the question
settings.
Developer information
----------------------
More information about this new feature can be found in the help docs under
[https://help.totaralearning.com/display/TH14/Adding+review+item+question+type].
To enable sub questions for performance activities the structure of the
VueJS components had to be changed quite significantly. For further details
please see
[https://help.totaralearning.com/display/DEV/Performance+activity+elements+changes+in+Totara+14].
TL-29311 + Implemented Centralised Notifications subsystem
Totara 14 introduces a new way of handling notifications throughout the
system. Currently, it works in parallel with the legacy notification system
for backwards compatibility, but the legacy notification system will be
deprecated. Existing notifications will be converted to the new system and
no new notifications will be created using the legacy notification
subsystem.
The main software design principles behind the new system are a centralised
approach to handling of notifications, high extensibility and ease of
integration.
Notifications are made context aware, which allows overrides of most
notification functionality aspects following standard context rules on the
API level. In other words, notification messages and settings can be
overridden in system, tenant, program, course and other contexts as well as
subcontext level.
The new notification system is based on notifiable events (something
happened) and configurable responses (notifications) to those events. While
events are hard-coded, notifications have default implementations that are
shipped with the system, but also can be extended and overridden by
administrators and content creators when required.
A notifiable event on its own does not produce notifications. An
administrator can create a notification based on the notifiable event,
through the interface. However, often notifiable events have some default
notifications attached to them.
Default notifications for specific events can be implemented in any
component; there is no strict coupling between component and notification,
so you can implement additional default notifications for core notifiable
events as part of your custom component.
Currently, centralised notifications are only used in Programs and
Certifications but plans are to gradually migrate all messages to this
subsystem in upcoming releases. Documentation for users and administrators
can be found in the Programs and Certifications section of user
documentation for Totara 14.
To get more technical details on how centralised notifications work and how
to implement new notifiable events, built-in notifications, delivery
channels, placeholders, receivers, or schedulers please visit our
developers documentation site:
[https://help.totaralearning.com/display/DEV]
TL-29343 + Implemented theme-based branding for email notifications
It is now possible to set an HTML header, HTML footer, and plaintext footer
for emails within Ventura, as well as any other themes using the same theme
settings engine.
TL-30212 + Added support for multilang filter in Weka editor
Enabled only in centralised notifications. Multilang isn't part of any of
the existing variants so it has to be enabled manually by a developer.
Details on how to enable it can be found in
[https://help.totaralearning.com/display/DEV/Weka+editor]
Once enabled, the multi_lang extension in filters /admin/filters.php needs
to be enabled as well.
Performance improvements:
TL-29730 + Updated the admin menu to now load content on demand
The admin quick access menu under the cog icon requires the administration
tree to be initialised in order to generate the HTML to display the menu.
This was happening on every page and slowing every page down.
The menu is now loaded via AJAX, and a 10-minute cache is used to optimise
the performance of the quick access menu. Because of the TTL on the cache,
the user may not see the correct menu items in situations where their
permissions change, giving them access to more admin configuration, or
removing items that are no longer accessible. This is rectified when the
menu TTL expires, or if the user logs out and logs back in again.
Improvements:
TL-27446 + Removed language references to 'Program' when managing a Certification
Prior to this improvement there were still a couple of interfaces that
didn't use separate language for programs and certifications. This has been
rectified and language is now consistent and correct.
TL-27551 + Improved display of search results on workspace discussions
Searching for a phrase in workspace discussions now shows all elements
(discussion posts, comments and replies) that contain the searched phrase
instead of showing only the discussion.
TL-28139 + Add Seminar "Declare interest" to "Seminar direct enrolment" method
The 'Declare interest' button is now available when using the Seminar
Direct Enrolment plugin. This means that learners can declare their
interest in a seminar event without already being enrolled on a course, so
a manager can get a better idea of the interest level across all users,
instead of just enrolled users.
TL-28197 + Multiple improvements of OAuth 2 authentication plugin
The OAuth 2 authentication plugin was refactored and improved in several
areas; the internal APIs are not fully backwards compatible.
The major changes are:
* user accounts are created after email confirmation instead of creation
of unconfirmed accounts
* there is a new Report builder source for linked logins with option
* there is a new capability for deletion of linked logins of other users
* two new plugin settings were added that control account creation and
automatic account linking
* linked logins are no longer deleted when user account is deleted; this
prevents recreation of these accounts during next login
* email confirmation was redesigned to improve security and user
experience
See /server/auth/oauth2/upgrade.txt for more information.
TL-28539 + Added a report source for competencies
This new report source gives an overview of all the competencies in the
system. It can be filtered by competency framework and has configurable
columns for related data like scale, type, assignment availability and
parent competency. It is intended to be a user-friendly complement to the
existing CSV export on the competency framework administration, which was
more focused on machine readability.
TL-28839 + Added warning messages when a competency does not have a valid achievement path
Whenever there are errors in achievement paths linked to a competency (e.g.
no achievement path defined that will result in the user being considered
proficient, or user is required to complete a course that no longer exists,
etc.), users assigned to the competency will never be able to become
proficient in the competency.
In order to assist administrators in identifying such competencies,
additional warning icons and messages were added to the following pages to
highlight existing problems:
* List of competency frameworks - identifies frameworks containing
competencies with errors
* List competencies within a specific framework - identifies actual
competencies with errors
* Assigning user groups to competencies - identifies competencies with
errors in the list of competencies being assigned
TL-29071 + Added a 'Copy room link' feature to copy a seminar's virtual meeting join URL to the clipboard
A 'Copy room link' feature has been added to the virtual meeting room card
so that the 'Join room' URL can be easily copied and pasted to other
applications.
TL-29162 + Improved ad hoc task that manages seminar virtual meetings
Seminar virtual meeting rooms are now managed with a state management
system, which provides better error handling and communication with other
parts of the system. We are now better able to handle cases where the room
information stored in Totara is out of sync with, or unable to be updated
by, the meeting provider's API.
TL-29203 + Improved display of seminar virtual rooms when editing an event
Seminar virtual meeting rooms that cannot be changed by the user, because
they are owned by another user, are displayed with a lock icon. It is
possible for the user to delete these rooms and re-create them using the
user's own meeting provider account.
Virtual meeting rooms that were unable to be created using the room
provider's API are shown with the room name struck-through, to indicate
that the room needs to be re-created. This usually means that the room
owner needs to edit the room and press the 'Connect' button, which
re-connects the room to their meeting provider account.
TL-29253 + Added a report source for competency ratings
This new report source provides information on all manual competency
ratings in the system. Competency user assignments that have been manually
rated or potentially can be manually rated are reported on, including
archived assignments. By default this shows one row per rating with columns
for the user's name, competency, rating value, rating role and time rated.
Configurable columns and filters are available for related data like
competency framework, scale, type and all the user data fields.
TL-29432 + Reworked performance activities participant view structure to support element grouping
Reworked the structure of the participant view page components reducing
duplication and allowing sub-plugins to support child elements. The
sub-plugin elements are now responsible for handling their form and
read-only displays making them a lot more customisable.
This introduces breaking changes to the question element components. Any
existing custom participant sub-plugins will need to be restructured to
work with the new components as described in
client/component/mod_perform/src/upgrade.txt
TL-29645 + Migrated all program and certification messages to new notifications
All program and certification messages that were previously configurable in
the 'Messages' tab have been migrated to the new notifications system and
can now be configured in the 'Notifications' tab. The 'Extension request'
notification was not configured through the 'Messages' tab and continues to
function as before.
New program and certification notifications have been created in the system
context and can be configured by going to Notifications in the Quick Access
admin menu. These notifications will be inherited in new programs and
certifications. Changes made here will apply in all programs and
certifications. Changes can be made within individual programs or
certifications in the 'Notifications' tab within each program or
certification.
On upgrade, all existing program and certification messages will be
converted to new custom notifications, and all inherited notifications will
be disabled within existing programs and certifications. This results in
existing programs and certifications continuing to send the same
notifications as they would have sent before upgrade.
If custom message types have been implemented on a site then they will not
be migrated automatically on upgrade and can still be configured using the
old 'Messages' tab. The old 'Messages' tab is hidden unless any old
messages still exist or if the $CFG->show_program_message_tab setting is
enabled in config.php.
TL-29666 + Improved the "force new attempts" setting in the SCORM activity
This is a backport of MDL-32585.
Added a new option to the force new attempts setting.
Now the options are:
- No
- When completed/passed/failed (this is how the existing option works)
- Always (new option) - It does not comply with the SCORM specification
but allows to always force a new attempt. Useful for the case when a
learner is in the middle of viewing the SCORM and has not completed, passed
or failed.
TL-29769 + Added minimum proficiency override on individual competency assignments
It is now possible for admins to override the default minimum proficiency
values for an individual assignment within a competency. This allows users
with different assignments within the same competency to become proficient
by achieving different scale levels.
To set a custom minimum proficiency value for an assignment, go to the
"Manage competency assignments" page, click the "Edit proficiency value by
assignment" button, select the assignments to override, click "Edit" and
then choose the custom minimum proficiency value. Several assignments
within the same framework can be updated at the same time.
In the competency profile, users will see their competencies measured
against either the default minimum proficiency value or the custom minimum
proficiency value if one has been set for their assignment. If a user has a
competency with more than one assignment, they will see their proficiency
status for each assignment.
TL-30043 + Brought default product styling in line with our branding
The default accent theme colour, default mobile theme colour, and default
learning item images have been brought in line with our branding colours.
API changes:
TL-23343 + Updated LDAP API functions to server controls in PHP 7.3 and above
Functions ldap_control_paged_result_response and ldap_control_paged_result
have been deprecated in PHP 7.4. This change updates functionality that
used these functions to use server controls instead. PHP 7.3 and below
still uses these functions.
TL-26250 + PHP warnings will now be detected by PHPUnit and will cause it to report a failure
Prior to this change warnings triggered during PHPUnit runs were simply
being ignored.
Warnings now cause the test scenario to be marked as a failure. This makes
it easier to identify deprecations across PHP versions.
TL-27939 + PHPUnit initialisation no longer depends on shifting the current working directory
TL-28144 + Plugin and core versioning is now fully independent from Moodle
In past releases we have kept the main version number, and plugin version
numbers in sync with Moodle.
Given sites moving from Moodle to Totara must migrate using the provided
tool we have broken the dependence on Moodle version numbers and can now
move versions freely as required.
This enables us to simplify instructions for our core developers, to shift
essential install.xml changes from totara_core to core, write upgrades into
lib/db/upgrade.php, and makes it easier to both backport and make changes
in Moodle plugins.
TL-28405 + Added support in the DML for composed unique indexes with NULL values
TL-28407 + Persistent abstraction consistency was improved to fetch data after insert and to automatically cast all data to strings
The core\persistent abstract class now ensures that after every insertion
the object is reset using the data from the database.
This ensures proper defaults are loaded into object after it has been
written to the database.
TL-28432 + PHPUnit has been upgraded to version 9.5.1
TL-29085 + Create new tables for messages and notifications and convert existing API to use these
Previously, messages and notifications were both stored together, in the
"message" and "message_read" tables. This patch separates them into tables
"messages" and "notifications". Several APIs were updated, and sites with
customisations should consult the upgrade.txt files for details.
This work was based upon MDL-36941.
TL-29306 + Replaced MDN es6 polyfills withe core-js polyfills
TL-29337 + All deprecated trusttext-related features and APIs have been removed
TL-29437 + Deprecated the creation of some mod_facetoface\xxx_list classes with no parameters passed
Creating one of the following list classes with no parameters is
deprecated. If it is absolutely necessary, please pass an empty
string/array to its condition parameter:
The following classes have been affected:
* mod_facetoface\interest_list
* mod_facetoface\role_list
* mod_facetoface\room_list
* mod_facetoface\seminar_list
* mod_facetoface\signup_list
* mod_facetoface\signup_status_list
TL-29533 + Improved the consistency of PHPUnit test naming and namespacing
TL-29564 + Testing data generators were migrated to standardised \testing\ namespace
TL-29611 + Added theme_config to the properties available in the tenant_customizable_theme_settings hook
TL-29695 + PHPUnit support classes were refactored to use core_phpunit namespace
TL-29729 Improved cursor paginator to support queries sorted by joined columns
TL-30377 + Any plugin within Totara can now define report builder sources
Previously, report builder rb_sources directories were only allowed for
eight plugin types: 'auth', 'mod',
'block', 'tool', 'totara', 'local', 'enrol', and 'repository'. This
meant that other types of plugins and sub-plugins could not provide their
own report sources.
This has been changed so that any type of plugin can now provide report
sources.
This may lead to unexpected report sources being detected in custom
plugins, and installed on upgrade.
Tui front end framework:
TL-29757 + Added a pagination component
TL-29758 + Added an OverflowContainer component
TL-29962 + Transparency and alignment can now be set for the CollapsibleGroupToggle component
TL-29963 + Added indented and stealth props to the DataTable component
TL-30018 + Multiple rows within the Table component can now be expanded simultaneously
TL-30078 + The responsive component can now have its internal ResizeObserver paused and resumed
TL-30138 + Allowed the contents of the Collapsible component to be indented
TL-30139 + Updated indented styles for the Table component and its children
TL-30197 + Replaced the success icon with a tick
The success icon has been replaced by a tick. The previous success icon has
been renamed to SuccessSolid for those who still require that icon.
TL-30697 + Improved the display of SurveyCard components when lots of text was used in the content
Recommendations engine:
TL-29237 + Added additional user profile fields to user data export
Additional user-related data is exported to the recommendation system. No
names, family names, or any contact details are exported.
* User database id
* Language (language code)
* City (plain text)
* Country (country code)
* Interests (ids)
* Aspirational position (id)
* Positions (ids)
* Organisations (ids)
* Competency proficiencies (ids and level)
* Badges (ids)
* User description (plain text)
This update also changes some of the recommender system's default settings.
These changes serve to optimise the machine learning uploads and to ensure
that the additional user profile fields will be utilised when
recommendations are being computed.
TL-29271 + Implemented lemmatization support in the recommender engine before transforming the raw text into TF-IDF matrix
This implementation will help better match texts on the basis of their
context (or lemmas) instead of raw words.
Contributions:
* Michael Geering, Kineo UK - TL-29611
Release 13.8 (19th May 2021):
Important:
TL-30681 Fixed several issues in the migration of competencies
During the upgrade to Totara 13 existing competencies and the values users
achieved in those are migrated to the new competency achievement system. If
a competency was assigned to a Learning Plan prior to this patch, the
migration would not have created the necessary records in the new tables
and as such it would appear to users that they do not have any values for
their competencies in their Learning Plans set anymore. Furthermore, the
Record of Learning did not show the previously achieved values due to the
new achievements being set to an archived state.
This patch fixes this migration issue and all future migrations will create
the data in the new tables correctly and thus the Learning Plans and Record
of Learning will show the right values for users.
If Perform is not enabled, this patch also changes the aggregation method
used for competencies in Totara 13 to "Highest". Previously the default
method was "Latest achieved". It turned out that "Latest achieved" does not
match the behaviour of Totara 12 and earlier versions exactly. With
"Highest" as aggregation method the behaviour to achieve values in
competencies now matches the previous behaviour. The main difference to
"Latest achieved" is that once users completed a course linked to the
competency or achieved proficiency via proficiency in child competencies
they cannot be given a value lower than the minimum proficiency value. The
aggregation will always set it back to the higher value.
Another issue fixed in this patch is that the aggregation now considers the
actual achievement date of pathways and criteria rather than using the time
the task was run. This only affects the "Latest achieved" aggregation
method. For example, if a user completed a linked course first and then the
value gets changed in a Learning Plan, they will now correctly been given
the Learning Plan value whereas before, it depended completely on the order
in which the competency pathways were processed.
If a site has already been upgraded to Totara 13 without this patch, this
patch will leave the aggregation method on "Latest achieved". This patch
introduces a setting "legacy_aggregation_method" to change the method for
all existing and new competencies. Admins can change this setting to
"Highest" but should consider that depending on the amount of competencies
and achievements in the system the aggregation task on the next cron run
might take some time to reaggregate all existing competencies. Modifying
the aggregation method can lead to changes to already achieved values for
users.
Security issues:
TL-30569 Hardened security around block config data retrieval to prevent object injection
This change hardens the unserializing of block config data in the backup
and restore code and when instantiating block instances in order to protect
against unknown and potentially dangerous classes being injected.
TL-30682 Backported two minor jQuery security fixes
The following two security fixes have been backported from jQuery 3.5.0:
* https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
* https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
Performance improvements:
TL-30540 Improved the performance of the workspace page when loading discussions
This patch adds missing indexes on the totara_comment table and drastically
reduces the amount of unnecessary queries being triggered. In addition,
where possible, GraphQL queries on the workspace page are now requested in
batch to reduce the amount of Ajax requests on that page. Overall, this
will improve the performance on this page significantly, especially if
there are a lot of discussions and comments in the database tables.
TL-30547 Improved the initial load times for the grid catalogue on sites with large numbers of categories
We identified that one of the main culprits slowing down the initial page
load on larger sites was the default category filter. This patch updates
the catalogue caches so that the first time you visit the page they will
prime via bulk queries rather than running several queries per category in
the system. For any sites with a large number of categories that still
experience performance issues after upgrading, we recommend turning off the
category filter. Simply by viewing the catalogue, clicking the "Configure
catalogue" button, navigating to the "General" tab, and setting "Browse
menu" to none.
Improvements:
TL-27036 Added setting to use X-Accel-Redirect for NGINX to server content files directly from S3 cloud
TL-30509 Hyphenation applied to Engage user-generated text
Before this change, no hyphenation was applied when words were broken into
pieces to wrap onto new lines. This can be difficult to read for some
people, and so hyphenation has been added when the browser cannot safely
force a whole word onto a new line.
TL-30729 Adjusted some settings for the Learn Professional flavour
These changes were made for the Learn Professional flavour:
- Added Programs to the enabled features.
- Removed Certifications from the enabled features.
- Removed Position hierarchies from the enabled features.
Bug fixes:
TL-28867 Fixed modal backdrop issue caused by overlapping modals
TL-29284 Weka editor ImageBlock node context menu is no longer cut off
Incorrect CSS positioning was applied to the ImageBlock, by wrapping the
desired elements and setting position on that wrapper, we can avoid working
against how Weka and overflow/positioning techniques work.
TL-30013 Fixed 'Lock after final attempt' setting not working properly
TL-30023 Updated two MSTeams bot command strings
TL-30037 Updated help text for MSTeams messaging extension
TL-30047 Fixed theme settings being rendered with the UI for the currently active theme instead of the theme being edited
TL-30236 Fixed incorrect URL saved when images are used in workspace replies
Previously, when images are used in replies in Engage workspaces, an
incorrect URL was saved, resulting in errors being shown when trying to
edit these replies.
This has now been fixed. New discussion replies that include images will
now result in a valid image URL being saved. However, replies created
previously might still have an invalid URL.
TL-30403 Fixed JavaScript error when uploading files into a course using drag-and-drop
TL-30411 Fixed a bug preventing the reordering of playlist cards via drag-and-drop
TL-30412 Fixed username encoding in Engage and Perform
Previously, in several places throughout Engage and Perform special
characters in the fullname for users were displayed in an encoded form.
This has been fixed in the core user resolver and will affect all places
where the core_user GraphQL type is used and the requested field is
'fullname'.
TL-30424 Fixed an issue where the Weka editor was not clickable in Safari when editing static content in a performance activity
TL-30435 The Perform module is no longer displayed in the "activity type" filter in the Grid catalogue
TL-30437 Fixed accessibility issues on Engage survey cards
TL-30438 Changed theme settings controller to admin controller
TL-30458 Fixed wrong encoding in filter options on 'Your resources' page
TL-30469 Fixed archive assignment button not showing on the competency details page for active assignment when the user also has archived assignments
TL-30472 Fixed multilang filter in report titles not being applied
TL-30473 Fixed inconsistencies for type description labels in all hierarchy items
TL-30475 Updated the user search SQL used when adding seminar attendees to use named parameters
Previously there was an issue when multitenancy was enabled where the wrong
parameters would be used for the wrong arguments in the SQL. Changing these
to explicitly named parameters makes sure this no longer happens.
TL-30495 After opening a tui dropdown menu, right clicking outside of it now closes it
TL-30503 Removed excessive filtering of Weka editor content in playlists, workspaces, and comments
Fixed bug with removing content between < and > brackets when using the
Weka editor in playlist summaries, workspace descriptions, workspace
discussions, and comments across Engage.
TL-30518 Fixed Engage survey options sometimes appearing in a random order
TL-30522 Prevented the sending of notifications in a muted workspace
TL-30523 Deleting a custom tenant logo now correctly reverts the logo the custom site logo rather than the default Totara logo
TL-30526 Fixed image URL showing incorrectly in new discussion notifications
TL-30538 Fixed mislabelling of time created resource field when configuring the Grid catalogue
TL-30543 The comment entry box now scrolls to the correct location after clicking the Comments link
TL-30545 Replying to a comment now scrolls to the Weka editor window
TL-30548 Fixed the Tui style resolver to format content based on dev/prod mode
TL-30550 Fixed the accessibility of the dialogue used when adding a private resource to a public playlist
When adding a private resource to a public playlist, a modal appears
warning the user that the resource is to be made public. This modal now has
an appropriate ARIA label.
TL-30552 Fixed display of preview images for resources, workspaces, course, programs, and certifications uploaded as SVG images
TL-30556 Fixed invalid upload issue resetting theme image back to its default
TL-30557 Fixed an overflow issue with the at-mention popover within the comment area in Weka editor
TL-30573 Fixed theme inheritance for custom theme images
A theme should not inherit any custom theme settings applied to any of its
parents. This functionality has been removed.
TL-30579 Added XSS risk to theme settings capability
TL-30581 Fixed cleaning content when updating an article
TL-30583 Share and like buttons on a resource are now circular in IE11
TL-30585 Fixed updating resource name when updating question
TL-30600 Added a maximum length validation for perform section title in the GraphQL mutation
TL-30601 Added a maximum length validation for performance activity respondable element title in the GraphQL mutation
TL-30611 Fixed JSON parsing with an empty string in the performance activity section content Vue page
TL-30613 Added a maximum length validation for perform element identifier in the UI and in the GraphQL mutation
TL-30621 Added a maximum length validation for workspace name on the update GraphQL mutation
TL-30626 Fixed Vue warning when adding a private resource to a public playlist
TL-30639 Fixed an error when reviewing a lesson activity with an essay page
TL-30642 Fixed HTML cleaning issue when returning the empty message for the quick access menu
The quick access menu webservice triggered an error during the validation
of the return values for some languages due to clean_text modifying the
HTML in the message.
TL-30655 Engage survey title now takes up the full width when answers are short
TL-30663 Fixed Weka editor console error when saved embedded video were still loading
TL-30668 Fixed undefined functions within the exception handler on early exceptions
TL-30695 Fixed display of survey answers at narrow widths in IE11
TL-30761 Embedded audio files in the Weka editor can now be deleted
TL-30764 User tours URL matching changed to anchor to the end of string
Previously, URL matching in user tours was done as a substring search. This
resulted in URL pattern "index.php?id=1" to be matched to
"index.php?id=11".
The fix anchors patterns to the end of the string, so pattern
"index.php?id=1" will match only URLs ending on "index.php?id=1" but not
"index.php?id=11". To allow that specifically, the pattern should have
wildcard "%" in the end (index.php?id=1%).
To maintain the old behaviour for existing user tours, "%" will be added to
the end of the existing patterns during upgrade.
TL-30777 Fixed an issue where DDL queries were missing table name and database name conditions
On MySQL some DDL queries to determine the existing constraints on a table
did not include the table name and the database name. This could have led
to issues on upgrades when there are multiple sites on the same database
server with different versions.
TL-30828 Fixed an error showing when opening the long text question preview in performance response reporting
TL-30848 Removed additional spacing under the footer when there are a lot of related items associated with a resource
TL-30856 Fixed text containing HTML elements being stripped from Weka content
TL-30857 Fixed quotation marks in Weka editor in Learn being converted to HTML entities
TL-30871 Fixed reaggregation of assigned users not being triggered if aggregation method of competency changes
TL-30882 Fixed visibility checks for allocated users when viewing submissions in assignments
Release 12.31 (19th May 2021):
Security issues:
TL-30569 Hardened security around block config data retrieval to prevent object injection
This change hardens the unserializing of block config data in the backup
and restore code and when instantiating block instances in order to protect
against unknown and potentially dangerous classes being injected.
TL-30682 Backported two minor jQuery security fixes
The following two security fixes have been backported from jQuery 3.5.0:
* https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
* https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
Bug fixes:
TL-30882 Fixed visibility checks for allocated users when viewing submissions in assignments
Release 11.40 (19th May 2021):
Security issues:
TL-30569 Hardened security around block config data retrieval to prevent object injection
This change hardens the unserializing of block config data in the backup
and restore code and when instantiating block instances in order to protect
against unknown and potentially dangerous classes being injected.
Improvements:
TL-30887 Improved performance of badge award cron job when using programs criteria when just one of multiple programs is needed to be completed