Totara Release Notes

Totara TXP 14.0, 13.8; Totara Learn 12.31, and 11.40 are now available

 
Sam Hemelryk
Totara TXP 14.0, 13.8; Totara Learn 12.31, and 11.40 are now available
door Sam Hemelryk - Thursday, 20 May 2021, 00:10 AM
Groep Totara

Hello everyone,

The following versions of Totara have now been released:

The stable releases above contain security fixes, and for this reason we strongly recommend upgrading.
Each release also includes bug fixes and improvements.

A big thanks to the following people for their contributions to this release:

  • Michael Geering, Kineo UK - TL-29611
Kind regards
Sam Hemelryk

Release 14.0 (19th May 2021):

Important:

    TL-28035   +   In order to upgrade to Totara 14 or later releases sites must upgrade through Totara 13

                   Sites moving to Totara 14 or any later major releases must upgrade through
                   Totara 13.
                   Upgrade code has been cleaned up and optimised in Totara 14, leading to
                   this requirement.
                   
                   For those who are moving from Totara 12 or below, to Totara 14 or above,
                   you will need to upgrade the site to the latest Totara 13, and then to the
                   latest Totara 14 or above.
                   You do not need to run the site at Totara 13, you can simply put the code
                   in place, run the upgrade, and then put the code you are aiming to upgrade
                   in place and run the upgrade again.
                   
                   If you need further advice or information about this please reach out to us
                   via our help desk, http://totara.support

    TL-28140   +   The MNet integration has been removed

                   The MNet integration in Totara was deprecated in Totara 13, and has now
                   been removed.
                   The user.mnethostid column has been removed from the database. Any custom
                   plugins still referencing the field will need to be updated.

    TL-28276   +   Added support for PHP 8.0

                   Totara 14 is the first version to support PHP 8.0. Please be aware that
                   several core changes were required in order to add support. If you have
                   customisations or use third-party plugins you will need to ensure they also
                   support PHP 8.0 before choosing to use PHP 8.0.

    TL-28280   +   PHP 7.3.4 is the minimum required version

                   In order to run Totara 14 you will need to be running PHP 7.3.4, 7.4.x, or
                   8.0.x.
                   Information on our recommended system environments can be found on the help
                   site:
                   https://help.totaralearning.com/display/TPD/Recommended+hosting+environments

    TL-28773   +   All remaining code to support Flash has been removed from the product

                   Support for Flash has been removed from all supported browsers as of
                   December 2020. In light of this, all code within the platform and products
                   that supported Flash has now been removed. This includes the SWF media
                   plugin, and all settings related to playing Flash content.


New features:

    TL-25434   +   Implemented new question element to aggregate responses

                   This feature adds a new question element plugin to show aggregated values
                   from two or more other questions in the same activity. It can use only
                   numeric or custom rating scale questions as sources to ensure only numeric
                   values are used. The configuration of this element includes the source
                   questions to aggregate responses from. The referenced section or element
                   cannot be deleted while this connection exists. The question provides
                   different aggregation options which can be enabled in the configuration:
                   Average, Median, Minimum, and Maximum.

    TL-28970   +   Implemented new question element to redisplay question responses from previous instances

                   This feature adds a new question element plugin to redisplay responses of
                   other questions in previous subject instances of the same activity or other
                   activities. The configuration of this element includes the source question
                   to redisplay responses from. Previous responses from all participants are
                   shown, independent from the participants configured for the section the
                   redisplay question is in.
                   
                   If an activity references another activity by using a redisplay question
                   element the referenced activity, section or element cannot be deleted while
                   this connection exists.

    TL-29163   +   New performance activity question type "Review items"

                   Configuration
                   --------------
                   
                   With this new question type you can include content from other areas of
                   Totara into a performance activity. With this release we only support
                   competencies but support for Learning, Goals, and Evidence content types
                   will follow in the future.
                   
                   Admins can set up a "Review items" question and choose which role can
                   select the content for the individual subject instances.  All the perform
                   element types are available as sub questions that can be added to the
                   review question.  E.g. to elicit comments and ratings. 
                   
                   A new "Rating scale: Competency" element has also been added.  The rating
                   uses the selected competency's rating scale.  This rating does not impact
                   on the competency, this only generates performance activity response
                   data.  
                   
                   The feature supports rating competencies via the performance activity. This
                   can be toggled on or off by the admin.  This element uses the selected
                   competency's rating scale and on submission passes the selected scale value
                   to the competency.
                   
                   Note; for this rating to be used in the competency's achievement
                   calculation admins also need to add the new "Performance activities"
                   achievement pathway to the competencies.
                   
                   The configured set of sub questions is displayed for each competency
                   selected.
                   
                   User Experience
                   ----------------
                   
                   After subject instances have been created users in the relationships
                   configured in the review question will be able to select competencies to
                   show up in their activity. Once this is complete participants are able to
                   answer the sub questions for each selected competency and complete the
                   activity.
                   
                   The final "Competency Rating" can be given at any time in the activity
                   workflow by participants in the relationship configured in the question
                   settings.
                   
                   Developer information
                   ----------------------
                   
                   More information about this new feature can be found in the help docs under
                   [https://help.totaralearning.com/display/TH14/Adding+review+item+question+type].
                   
                   To enable sub questions for performance activities the structure of the
                   VueJS components had to be changed quite significantly. For further details
                   please see
                   [https://help.totaralearning.com/display/DEV/Performance+activity+elements+changes+in+Totara+14].

    TL-29311   +   Implemented Centralised Notifications subsystem

                   Totara 14 introduces a new way of handling notifications throughout the
                   system. Currently, it works in parallel with the legacy notification system
                   for backwards compatibility, but the legacy notification system will be
                   deprecated. Existing notifications will be converted to the new system and
                   no new notifications will be created using the legacy notification
                   subsystem.
                   
                   The main software design principles behind the new system are a centralised
                   approach to handling of notifications, high extensibility and ease of
                   integration.
                   
                   Notifications are made context aware, which allows overrides of most
                   notification functionality aspects following standard context rules on the
                   API level. In other words, notification messages and settings can be
                   overridden in system, tenant, program, course and other contexts as well as
                   subcontext level.
                   
                   The new notification system is based on notifiable events (something
                   happened) and configurable responses (notifications) to those events. While
                   events are hard-coded, notifications have default implementations that are
                   shipped with the system, but also can be extended and overridden by
                   administrators and content creators when required.
                   
                   A notifiable event on its own does not produce notifications. An
                   administrator can create a notification based on the notifiable event,
                   through the interface. However, often notifiable events have some default
                   notifications attached to them.
                   
                   Default notifications for specific events can be implemented in any
                   component; there is no strict coupling between component and notification,
                   so you can implement additional default notifications for core notifiable
                   events as part of your custom component.
                   
                   Currently, centralised notifications are only used in Programs and
                   Certifications but plans are to gradually migrate all messages to this
                   subsystem in upcoming releases. Documentation for users and administrators
                   can be found in the Programs and Certifications section of user
                   documentation for Totara 14.
                   
                   To get more technical details on how centralised notifications work and how
                   to implement new notifiable events, built-in notifications, delivery
                   channels, placeholders, receivers, or schedulers please visit our
                   developers documentation site:
                   [https://help.totaralearning.com/display/DEV]

    TL-29343   +   Implemented theme-based branding for email notifications

                   It is now possible to set an HTML header, HTML footer, and plaintext footer
                   for emails within Ventura, as well as any other themes using the same theme
                   settings engine.

    TL-30212   +   Added support for multilang filter in Weka editor

                   Enabled only in centralised notifications. Multilang isn't part of any of
                   the existing variants so it has to be enabled manually by a developer.
                   Details on how to enable it can be found in
                   [https://help.totaralearning.com/display/DEV/Weka+editor]
                   
                   Once enabled, the multi_lang extension in filters /admin/filters.php needs
                   to be enabled as well.


Performance improvements:

    TL-29730   +   Updated the admin menu to now load content on demand

                   The admin quick access menu under the cog icon requires the administration
                   tree to be initialised in order to generate the HTML to display the menu.
                   This was happening on every page and slowing every page down.
                   
                   The menu is now loaded via AJAX, and a 10-minute cache is used to optimise
                   the performance of the quick access menu. Because of the TTL on the cache,
                   the user may not see the correct menu items in situations where their
                   permissions change, giving them access to more admin configuration, or
                   removing items that are no longer accessible. This is rectified when the
                   menu TTL expires, or if the user logs out and logs back in again.


Improvements:

    TL-27446   +   Removed language references to 'Program' when managing a Certification

                   Prior to this improvement there were still a couple of interfaces that
                   didn't use separate language for programs and certifications. This has been
                   rectified and language is now consistent and correct.

    TL-27551   +   Improved display of search results on workspace discussions

                   Searching for a phrase in workspace discussions now shows all elements
                   (discussion posts, comments and replies) that contain the searched phrase
                   instead of showing only the discussion.

    TL-28139   +   Add Seminar "Declare interest" to "Seminar direct enrolment" method

                   The 'Declare interest' button is now available when using the Seminar
                   Direct Enrolment plugin. This means that learners can declare their
                   interest in a seminar event without already being enrolled on a course, so
                   a manager can get a better idea of the interest level across all users,
                   instead of just enrolled users.

    TL-28197   +   Multiple improvements of OAuth 2 authentication plugin

                   The OAuth 2 authentication plugin was refactored and improved in several
                   areas; the internal APIs are not fully backwards compatible.
                   
                   The major changes are:
                    * user accounts are created after email confirmation instead of creation
                   of unconfirmed accounts
                    * there is a new Report builder source for linked logins with option
                    * there is a new capability for deletion of linked logins of other users
                    * two new plugin settings were added that control account creation and
                   automatic account linking
                    * linked logins are no longer deleted when user account is deleted; this
                   prevents recreation of these accounts during next login
                    * email confirmation was redesigned to improve security and user
                   experience
                   
                   See /server/auth/oauth2/upgrade.txt for more information.

    TL-28539   +   Added a report source for competencies

                   This new report source gives an overview of all the competencies in the
                   system. It can be filtered by competency framework and has configurable
                   columns for related data like scale, type, assignment availability and
                   parent competency. It is intended to be a user-friendly complement to the
                   existing CSV export on the competency framework administration, which was
                   more focused on machine readability.

    TL-28839   +   Added warning messages when a competency does not have a valid achievement path

                   Whenever there are errors in achievement paths linked to a competency (e.g.
                   no achievement path defined that will result in the user being considered
                   proficient, or user is required to complete a course that no longer exists,
                   etc.), users assigned to the competency will never be able to become
                   proficient in the competency.
                   
                   In order to assist administrators in identifying such competencies,
                   additional warning icons and messages were added to the following pages to
                   highlight existing problems:
                    * List of competency frameworks - identifies frameworks containing
                   competencies with errors
                    * List competencies within a specific framework - identifies actual
                   competencies with errors
                    * Assigning user groups to competencies - identifies competencies with
                   errors in the list of competencies being assigned

    TL-29071   +   Added a 'Copy room link' feature to copy a seminar's virtual meeting join URL to the clipboard

                   A 'Copy room link' feature has been added to the virtual meeting room card
                   so that the 'Join room' URL can be easily copied and pasted to other
                   applications.

    TL-29162   +   Improved ad hoc task that manages seminar virtual meetings

                   Seminar virtual meeting rooms are now managed with a state management
                   system, which provides better error handling and communication with other
                   parts of the system. We are now better able to handle cases where the room
                   information stored in Totara is out of sync with, or unable to be updated
                   by, the meeting provider's API.

    TL-29203   +   Improved display of seminar virtual rooms when editing an event

                   Seminar virtual meeting rooms that cannot be changed by the user, because
                   they are owned by another user, are displayed with a lock icon. It is
                   possible for the user to delete these rooms and re-create them using the
                   user's own meeting provider account.
                   
                   Virtual meeting rooms that were unable to be created using the room
                   provider's API are shown with the room name struck-through, to indicate
                   that the room needs to be re-created. This usually means that the room
                   owner needs to edit the room and press the 'Connect' button, which
                   re-connects the room to their meeting provider account.

    TL-29253   +   Added a report source for competency ratings

                   This new report source provides information on all manual competency
                   ratings in the system. Competency user assignments that have been manually
                   rated or potentially can be manually rated are reported on, including
                   archived assignments. By default this shows one row per rating with columns
                   for the user's name, competency, rating value, rating role and time rated.
                   Configurable columns and filters are available for related data like
                   competency framework, scale, type and all the user data fields.

    TL-29432   +   Reworked performance activities participant view structure to support element grouping

                   Reworked the structure of the participant view page components reducing
                   duplication and allowing sub-plugins to support child elements. The
                   sub-plugin elements are now responsible for handling their form and
                   read-only displays making them a lot more customisable.
                   
                   This introduces breaking changes to the question element components. Any
                   existing custom participant sub-plugins will need to be restructured to
                   work with the new components as described in
                   client/component/mod_perform/src/upgrade.txt

    TL-29645   +   Migrated all program and certification messages to new notifications

                   All program and certification messages that were previously configurable in
                   the 'Messages' tab have been migrated to the new notifications system and
                   can now be configured in the 'Notifications' tab. The 'Extension request'
                   notification was not configured through the 'Messages' tab and continues to
                   function as before.
                   
                   New program and certification notifications have been created in the system
                   context and can be configured by going to Notifications in the Quick Access
                   admin menu. These notifications will be inherited in new programs and
                   certifications. Changes made here will apply in all programs and
                   certifications. Changes can be made within individual programs or
                   certifications in the 'Notifications' tab within each program or
                   certification.
                   
                   On upgrade, all existing program and certification messages will be
                   converted to new custom notifications, and all inherited notifications will
                   be disabled within existing programs and certifications. This results in
                   existing programs and certifications continuing to send the same
                   notifications as they would have sent before upgrade.
                   
                   If custom message types have been implemented on a site then they will not
                   be migrated automatically on upgrade and can still be configured using the
                   old 'Messages' tab. The old 'Messages' tab is hidden unless any old
                   messages still exist or if the $CFG->show_program_message_tab setting is
                   enabled in config.php.

    TL-29666   +   Improved the "force new attempts" setting in the SCORM activity

                   This is a backport of MDL-32585.
                   
                   Added a new option to the force new attempts setting.
                   
                   Now the options are:
                    - No
                    - When completed/passed/failed (this is how the existing option works)
                    - Always (new option) - It does not comply with the SCORM specification
                   but allows to always force a new attempt. Useful for the case when a
                   learner is in the middle of viewing the SCORM and has not completed, passed
                   or failed.
                    

    TL-29769   +   Added minimum proficiency override on individual competency assignments

                   It is now possible for admins to override the default minimum proficiency
                   values for an individual assignment within a competency. This allows users
                   with different assignments within the same competency to become proficient
                   by achieving different scale levels.
                   
                   To set a custom minimum proficiency value for an assignment, go to the
                   "Manage competency assignments" page, click the "Edit proficiency value by
                   assignment" button, select the assignments to override, click "Edit" and
                   then choose the custom minimum proficiency value. Several assignments
                   within the same framework can be updated at the same time.
                   
                   In the competency profile, users will see their competencies measured
                   against either the default minimum proficiency value or the custom minimum
                   proficiency value if one has been set for their assignment. If a user has a
                   competency with more than one assignment, they will see their proficiency
                   status for each assignment.

    TL-30043   +   Brought default product styling in line with our branding

                   The default accent theme colour, default mobile theme colour, and default
                   learning item images have been brought in line with our branding colours.


API changes:

    TL-23343   +   Updated LDAP API functions to server controls in PHP 7.3 and above

                   Functions ldap_control_paged_result_response and ldap_control_paged_result
                   have been deprecated in PHP 7.4. This change updates functionality that
                   used these functions to use server controls instead. PHP 7.3 and below
                   still uses these functions.

    TL-26250   +   PHP warnings will now be detected by PHPUnit and will cause it to report a failure

                   Prior to this change warnings triggered during PHPUnit runs were simply
                   being ignored.
                   Warnings now cause the test scenario to be marked as a failure. This makes
                   it easier to identify deprecations across PHP versions.

    TL-27939   +   PHPUnit initialisation no longer depends on shifting the current working directory
    TL-28144   +   Plugin and core versioning is now fully independent from Moodle

                   In past releases we have kept the main version number, and plugin version
                   numbers in sync with Moodle.
                   Given sites moving from Moodle to Totara must migrate using the provided
                   tool we have broken the dependence on Moodle version numbers and can now
                   move versions freely as required.
                   This enables us to simplify instructions for our core developers, to shift
                   essential install.xml changes from totara_core to core, write upgrades into
                   lib/db/upgrade.php, and makes it easier to both backport and make changes
                   in Moodle plugins.

    TL-28405   +   Added support in the DML for composed unique indexes with NULL values
    TL-28407   +   Persistent abstraction consistency was improved to fetch data after insert and to automatically cast all data to strings

                   The core\persistent abstract class now ensures that after every insertion
                   the object is reset using the data from the database.
                   This ensures proper defaults are loaded into object after it has been
                   written to the database.

    TL-28432   +   PHPUnit has been upgraded to version 9.5.1
    TL-29085   +   Create new tables for messages and notifications and convert existing API to use these

                   Previously, messages and notifications were both stored together, in the
                   "message" and "message_read" tables. This patch separates them into tables
                   "messages" and "notifications". Several APIs were updated, and sites with
                   customisations should consult the upgrade.txt files for details.
                   This work was based upon MDL-36941.

    TL-29306   +   Replaced MDN es6 polyfills withe core-js polyfills
    TL-29337   +   All deprecated trusttext-related features and APIs have been removed
    TL-29437   +   Deprecated the creation of some mod_facetoface\xxx_list classes with no parameters passed

                   Creating one of the following list classes with no parameters is
                   deprecated. If it is absolutely necessary, please pass an empty
                   string/array to its condition parameter:
                   The following classes have been affected:
                   * mod_facetoface\interest_list
                   * mod_facetoface\role_list
                   * mod_facetoface\room_list
                   * mod_facetoface\seminar_list
                   * mod_facetoface\signup_list
                   * mod_facetoface\signup_status_list

    TL-29533   +   Improved the consistency of PHPUnit test naming and namespacing
    TL-29564   +   Testing data generators were migrated to standardised \testing\ namespace
    TL-29611   +   Added theme_config to the properties available in the tenant_customizable_theme_settings hook
    TL-29695   +   PHPUnit support classes were refactored to use core_phpunit namespace
    TL-29729       Improved cursor paginator to support queries sorted by joined columns
    TL-30377   +   Any plugin within Totara can now define report builder sources

                   Previously, report builder rb_sources directories were only allowed for
                   eight plugin types: 'auth', 'mod',
                   'block', 'tool', 'totara', 'local', 'enrol', and 'repository'. This
                   meant that other types of plugins and sub-plugins could not provide their
                   own report sources.
                   
                   This has been changed so that any type of plugin can now provide report
                   sources.
                   
                   This may lead to unexpected report sources being detected in custom
                   plugins, and installed on upgrade.


Tui front end framework:

    TL-29757   +   Added a pagination component
    TL-29758   +   Added an OverflowContainer component
    TL-29962   +   Transparency and alignment can now be set for the CollapsibleGroupToggle component
    TL-29963   +   Added indented and stealth props to the DataTable component
    TL-30018   +   Multiple rows within the Table component can now be expanded simultaneously
    TL-30078   +   The responsive component can now have its internal ResizeObserver paused and resumed
    TL-30138   +   Allowed the contents of the Collapsible component to be indented
    TL-30139   +   Updated indented styles for the Table component and its children
    TL-30197   +   Replaced the success icon with a tick

                   The success icon has been replaced by a tick. The previous success icon has
                   been renamed to SuccessSolid for those who still require that icon.

    TL-30697   +   Improved the display of SurveyCard components when lots of text was used in the content

Recommendations engine:

    TL-29237   +   Added additional user profile fields to user data export

                   Additional user-related data is exported to the recommendation system. No
                   names, family names, or any contact details are exported.
                    * User database id
                    * Language (language code)
                    * City (plain text)
                    * Country (country code)
                    * Interests (ids)
                    * Aspirational position (id)
                    * Positions (ids)
                    * Organisations (ids)
                    * Competency proficiencies (ids and level)
                    * Badges (ids)
                    * User description (plain text)
                   
                   This update also changes some of the recommender system's default settings.
                   These changes serve to optimise the machine learning uploads and to ensure
                   that the additional user profile fields will be utilised when
                   recommendations are being computed.

    TL-29271   +   Implemented lemmatization support in the recommender engine before transforming the raw text into TF-IDF matrix

                   This implementation will help better match texts on the basis of their
                   context (or lemmas) instead of raw words.


Contributions:

    * Michael Geering, Kineo UK - TL-29611

Release 13.8 (19th May 2021):

Important:

    TL-30681       Fixed several issues in the migration of competencies

                   During the upgrade to Totara 13 existing competencies and the values users
                   achieved in those are migrated to the new competency achievement system. If
                   a competency was assigned to a Learning Plan prior to this patch, the
                   migration would not have created the necessary records in the new tables
                   and as such it would appear to users that they do not have any values for
                   their competencies in their Learning Plans set anymore. Furthermore, the
                   Record of Learning did not show the previously achieved values due to the
                   new achievements being set to an archived state.
                   
                   This patch fixes this migration issue and all future migrations will create
                   the data in the new tables correctly and thus the Learning Plans and Record
                   of Learning will show the right values for users.
                   
                   If Perform is not enabled, this patch also changes the aggregation method
                   used for competencies in Totara 13 to "Highest". Previously the default
                   method was "Latest achieved". It turned out that "Latest achieved" does not
                   match the behaviour of Totara 12 and earlier versions exactly. With
                   "Highest" as aggregation method the behaviour to achieve values in
                   competencies now matches the previous behaviour. The main difference to
                   "Latest achieved" is that once users completed a course linked to the
                   competency or achieved proficiency via proficiency in child competencies
                   they cannot be given a value lower than the minimum proficiency value. The
                   aggregation will always set it back to the higher value.
                   
                   Another issue fixed in this patch is that the aggregation now considers the
                   actual achievement date of pathways and criteria rather than using the time
                   the task was run. This only affects the "Latest achieved" aggregation
                   method. For example, if a user completed a linked course first and then the
                   value gets changed in a Learning Plan, they will now correctly been given
                   the Learning Plan value whereas before, it depended completely on the order
                   in which the competency pathways were processed.
                   
                   If a site has already been upgraded to Totara 13 without this patch, this
                   patch will leave the aggregation method on "Latest achieved". This patch
                   introduces a setting "legacy_aggregation_method" to change the method for
                   all existing and new competencies. Admins can change this setting to
                   "Highest" but should consider that depending on the amount of competencies
                   and achievements in the system the aggregation task on the next cron run
                   might take some time to reaggregate all existing competencies. Modifying
                   the aggregation method can lead to changes to already achieved values for
                   users.


Security issues:

    TL-30569       Hardened security around block config data retrieval to prevent object injection

                   This change hardens the unserializing of block config data in the backup
                   and restore code and when instantiating block instances in order to protect
                   against unknown and potentially dangerous classes being injected.

    TL-30682       Backported two minor jQuery security fixes

                   The following two security fixes have been backported from jQuery 3.5.0:
                   * https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
                   * https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2


Performance improvements:

    TL-30540       Improved the performance of the workspace page when loading discussions

                   This patch adds missing indexes on the totara_comment table and drastically
                   reduces the amount of unnecessary queries being triggered. In addition,
                   where possible, GraphQL queries on the workspace page are now requested in
                   batch to reduce the amount of Ajax requests on that page. Overall, this
                   will improve the performance on this page significantly, especially if
                   there are a lot of discussions and comments in the database tables.

    TL-30547       Improved the initial load times for the grid catalogue on sites with large numbers of categories

                   We identified that one of the main culprits slowing down the initial page
                   load on larger sites was the default category filter. This patch updates
                   the catalogue caches so that the first time you visit the page they will
                   prime via bulk queries rather than running several queries per category in
                   the system. For any sites with a large number of categories that still
                   experience performance issues after upgrading, we recommend turning off the
                   category filter. Simply by viewing the catalogue, clicking the "Configure
                   catalogue" button, navigating to the "General" tab, and setting "Browse
                   menu" to none.


Improvements:

    TL-27036       Added setting to use X-Accel-Redirect for NGINX to server content files directly from S3 cloud
    TL-30509       Hyphenation applied to Engage user-generated text

                   Before this change, no hyphenation was applied when words were broken into
                   pieces to wrap onto new lines. This can be difficult to read for some
                   people, and so hyphenation has been added when the browser cannot safely
                   force a whole word onto a new line.

    TL-30729       Adjusted some settings for the Learn Professional flavour

                   These changes were made for the Learn Professional flavour:
                    - Added Programs to the enabled features.
                    - Removed Certifications from the enabled features.
                    - Removed Position hierarchies from the enabled features.


Bug fixes:

    TL-28867       Fixed modal backdrop issue caused by overlapping modals
    TL-29284       Weka editor ImageBlock node context menu is no longer cut off

                   Incorrect CSS positioning was applied to the ImageBlock, by wrapping the
                   desired elements and setting position on that wrapper, we can avoid working
                   against how Weka and overflow/positioning techniques work.

    TL-30013       Fixed 'Lock after final attempt' setting not working properly
    TL-30023       Updated two MSTeams bot command strings
    TL-30037       Updated help text for MSTeams messaging extension
    TL-30047       Fixed theme settings being rendered with the UI for the currently active theme instead of the theme being edited
    TL-30236       Fixed incorrect URL saved when images are used in workspace replies

                   Previously, when images are used in replies in Engage workspaces, an
                   incorrect URL was saved, resulting in errors being shown when trying to
                   edit these replies.
                   
                   This has now been fixed. New discussion replies that include images will
                   now result in a valid image URL being saved. However, replies created
                   previously might still have an invalid URL. 

    TL-30403       Fixed JavaScript error when uploading files into a course using drag-and-drop
    TL-30411       Fixed a bug preventing the reordering of playlist cards via drag-and-drop
    TL-30412       Fixed username encoding in Engage and Perform

                   Previously, in several places throughout Engage and Perform special
                   characters in the fullname for users were displayed in an encoded form.
                   This has been fixed in the core user resolver and will affect all places
                   where the core_user GraphQL type is used and the requested field is
                   'fullname'.

    TL-30424       Fixed an issue where the Weka editor was not clickable in Safari when editing static content in a performance activity 
    TL-30435       The Perform module is no longer displayed in the "activity type" filter in the Grid catalogue
    TL-30437       Fixed accessibility issues on Engage survey cards
    TL-30438       Changed theme settings controller to admin controller
    TL-30458       Fixed wrong encoding in filter options on 'Your resources' page
    TL-30469       Fixed archive assignment button not showing on the competency details page for active assignment when the user also has archived assignments
    TL-30472       Fixed multilang filter in report titles not being applied
    TL-30473       Fixed inconsistencies for type description labels in all hierarchy items
    TL-30475       Updated the user search SQL used when adding seminar attendees to use named parameters

                   Previously there was an issue when multitenancy was enabled where the wrong
                   parameters would be used for the wrong arguments in the SQL. Changing these
                   to explicitly named parameters makes sure this no longer happens.

    TL-30495       After opening a tui dropdown menu, right clicking outside of it now closes it
    TL-30503       Removed excessive filtering of Weka editor content in playlists, workspaces, and comments

                   Fixed bug with removing content between < and > brackets when using the
                   Weka editor in playlist summaries, workspace descriptions, workspace
                   discussions, and comments across Engage.

    TL-30518       Fixed Engage survey options sometimes appearing in a random order
    TL-30522       Prevented the sending of notifications in a muted workspace
    TL-30523       Deleting a custom tenant logo now correctly reverts the logo the custom site logo rather than the default Totara logo
    TL-30526       Fixed image URL showing incorrectly in new discussion notifications
    TL-30538       Fixed mislabelling of time created resource field when configuring the Grid catalogue
    TL-30543       The comment entry box now scrolls to the correct location after clicking the Comments link
    TL-30545       Replying to a comment now scrolls to the Weka editor window
    TL-30548       Fixed the Tui style resolver to format content based on dev/prod mode
    TL-30550       Fixed the accessibility of the dialogue used when adding a private resource to a public playlist

                   When adding a private resource to a public playlist, a modal appears
                   warning the user that the resource is to be made public. This modal now has
                   an appropriate ARIA label.

    TL-30552       Fixed display of preview images for resources, workspaces, course, programs, and certifications uploaded as SVG images
    TL-30556       Fixed invalid upload issue resetting theme image back to its default
    TL-30557       Fixed an overflow issue with the at-mention popover within the comment area in Weka editor
    TL-30573       Fixed theme inheritance for custom theme images

                   A theme should not inherit any custom theme settings applied to any of its
                   parents. This functionality has been removed.

    TL-30579       Added XSS risk to theme settings capability
    TL-30581       Fixed cleaning content when updating an article
    TL-30583       Share and like buttons on a resource are now circular in IE11
    TL-30585       Fixed updating resource name when updating question
    TL-30600       Added a maximum length validation for perform section title in the GraphQL mutation
    TL-30601       Added a maximum length validation for performance activity respondable element title in the GraphQL mutation
    TL-30611       Fixed JSON parsing with an empty string in the performance activity section content Vue page
    TL-30613       Added a maximum length validation for perform element identifier in the UI and in the GraphQL mutation
    TL-30621       Added a maximum length validation for workspace name on the update GraphQL mutation
    TL-30626       Fixed Vue warning when adding a private resource to a public playlist
    TL-30639       Fixed an error when reviewing a lesson activity with an essay page
    TL-30642       Fixed HTML cleaning issue when returning the empty message for the quick access menu 

                   The quick access menu webservice triggered an error during the validation
                   of the return values for some languages due to clean_text modifying the
                   HTML in the message.

    TL-30655       Engage survey title now takes up the full width when answers are short
    TL-30663       Fixed Weka editor console error when saved embedded video were still loading
    TL-30668       Fixed undefined functions within the exception handler on early exceptions
    TL-30695       Fixed display of survey answers at narrow widths in IE11
    TL-30761       Embedded audio files in the Weka editor can now be deleted
    TL-30764       User tours URL matching changed to anchor to the end of string

                   Previously, URL matching in user tours was done as a substring search. This
                   resulted in URL pattern "index.php?id=1" to be matched to
                   "index.php?id=11".
                   
                   The fix anchors patterns to the end of the string, so pattern
                   "index.php?id=1" will match only URLs ending on "index.php?id=1" but not
                   "index.php?id=11". To allow that specifically, the pattern should have
                   wildcard "%" in the end (index.php?id=1%).
                   
                   To maintain the old behaviour for existing user tours, "%" will be added to
                   the end of the existing patterns during upgrade.

    TL-30777       Fixed an issue where DDL queries were missing table name and database name conditions

                   On MySQL some DDL queries to determine the existing constraints on a table
                   did not include the table name and the database name. This could have led
                   to issues on upgrades when there are multiple sites on the same database
                   server with different versions.

    TL-30828       Fixed an error showing when opening the long text question preview in performance response reporting
    TL-30848       Removed additional spacing under the footer when there are a lot of related items associated with a resource
    TL-30856       Fixed text containing HTML elements being stripped from Weka content
    TL-30857       Fixed quotation marks in Weka editor in Learn being converted to HTML entities
    TL-30871       Fixed reaggregation of assigned users not being triggered if aggregation method of competency changes
    TL-30882       Fixed visibility checks for allocated users when viewing submissions in assignments

Release 12.31 (19th May 2021):

Security issues:

    TL-30569       Hardened security around block config data retrieval to prevent object injection

                   This change hardens the unserializing of block config data in the backup
                   and restore code and when instantiating block instances in order to protect
                   against unknown and potentially dangerous classes being injected.

    TL-30682       Backported two minor jQuery security fixes

                   The following two security fixes have been backported from jQuery 3.5.0:
                   * https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
                   * https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2


Bug fixes:

    TL-30882       Fixed visibility checks for allocated users when viewing submissions in assignments

Release 11.40 (19th May 2021):

Security issues:

    TL-30569       Hardened security around block config data retrieval to prevent object injection

                   This change hardens the unserializing of block config data in the backup
                   and restore code and when instantiating block instances in order to protect
                   against unknown and potentially dangerous classes being injected.


Improvements:

    TL-30887       Improved performance of badge award cron job when using programs criteria when just one of multiple programs is needed to be completed