Hello everyone,
The following versions of Totara Learn have now been released:
- Release 15.1
- Release 14.6
- Release 13.14
- Release 12.37
- Release 11.46
- Release 10.50
- Release 9.59
- Release 2.9.60
These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes bug fixes and improvements.
A big thanks to the following people for their contributions to this release:
- Dustin Brisebois at Lambda Solutions - TL-23626
Kind regards
Sam Hemelryk
Release 15.1 (24th November 2021):
Security issues:
TL-32727 Added checking of uncompressed archive file size prior to extraction
The total uncompressed size of an archive file is now checked prior to
extracting its content to ensure that it is within an allowed size.
The allowed size is set by a new administration setting, maxbyte**tracted.
Performance improvements:
TL-33019 Improved performance of the audience report builder content restriction
Improvements:
TL-14090 Introduced the ability for privileged users to archive and reset an individuals progress in a course
This change introduces two new capability controlled opt-in improvements,
and improved the access control for the existing archive all users
completion functionality within courses.
This allows a user who has the 'totara/core:archivemycourseprogress'
capability to archive and reset their progress in a course.
In order to perform the action the user must hold the required capability,
completion must be enabled for the site and for the course, and the course
must not be a part of either a program or a certification, and the user
must hold a completion tracked role within the course.
A user with this capability will have a see a link to 'Reset this course'
within the course administration block when viewing the course.
The new capability is not given to any roles by default.
It also allows a user who has the 'totara/core:archiveusercourseprogress'
capability to archive and reset the progress of another user within a
course.
In order to perform the action the user must hold the required capability,
completion must be enabled for the site and for the course, the course must
not be a part of a program or a certification, and the user whose progress
is being archived and reset must hold a completion tracked role within the
course.
A new action has been added to the course completion report to enable
this.
The new capability is not given to any roles by default.
Finally, the existing archive and reset completion functionality now has a
new dedicated capability 'totara/core:archiveenrolledcourseprogress'.
Previously users were required to have the ability to delete the course in
order to archive and reset progress for all enrolled users.
To ensure backwards compatibility during upgrades when the new capability
is installed roles that hold the moodle/course:delete capability are given
this permission.
TL-31706 Added OAuth2 authentication to outgoing SMTP mail service
With this patch outgoing email connections can now be configured using the
XOAuth2 protocol. To make use of this protocol you will need to configure
an OAuth2 service with your provider and connect with a system account.
Afterwards the OAuth2 service can be chosen on the Outgoing email
configuration page.
Bug fixes:
TL-29872 Fixed the help text on the custom rating scale element that was incorrectly stating the scores must be whole numbers
TL-31011 Made sure to return 0 AUC score in optimisation routine when no users have past interactions with the content
TL-32306 Added capability check to available locales query in the LinkedIn content marketplace plugin
TL-32327 Removed blank space under course details of LinkedIn Learning courses with no 'level'
TL-32330 Fixed incorrect duration on LinkedIn Learning courses
TL-32347 Added a notification banner to LinkedIn course pages when the course is not available
TL-32638 Applied visual fixes to related playlist/resource card images
TL-32660 Improved error handling in the profile_competency_details GraphQL query
TL-32743 Fixed description formatting of linked review learning items in performance activities
TL-32748 Fixed the 'Your Workspaces' page on mobile when the user does not belong to any workspaces
TL-32752 Fixed resetting Seminar activities on certification expiry
TL-32780 Fixed PHP errors shown when training editors view course completion settings
TL-32795 Fixed a JavaScript error in question bank
Fixed a JavaScript error when navigating via the tab key through input
fields when creating a question bank drag and drop image in the drop zones
section.
TL-32797 Fixed bookmark button making some Engage card titles misaligned
TL-32818 Fixed reordering of feedback page break and label elements
TL-32889 Fixed the plugin icon for the external content marketplace activity module not appearing on the plugins overview page
TL-32971 Added the database name to the lock key to avoid multiple databases on the same database server sharing locks
TL-33021 Fixed resources that include topics crashing on save when tags functionality is disabled
TL-33101 Removed previously deprecated strings from language file which caused a database error
On case insensitive database collation the language customisation tool
showed a database error when opening a language pack for editing. This is
now fixed and the duplicate language strings have been removed.
Technical changes:
TL-32041 Added configurable number filter to report builder
This filter allows filtering numerical data using an operator that is
specified in the report source.
TL-32155 Added ability to disable grouping for a column in a report source
TL-32613 Improved tile layout on workflow manager page
TL-32968 Added support for activity completion progress
With this change it is possible for activity modules to optionally set a
percentage progress towards activity completion, in order to make it
possible to report on more fine grained progress towards completing an
activity.
At this point the new API is not implemented for any activities yet, and
there is no interface changes which display activity progress.
This change includes a database upgrade to add a new "progress" field to
the "course_modules_completion" table. The new field supports values
between 0 and 100. Existing records will be given a "progress" of "null".
Tui front end framework:
TL-32695 Replaced 'char length' field on the NotepadLines page in the tui samples library with a select list
TL-32995 Prevented moving an item to the same position on the dragdrop component
TL-33000 Fixed accessibility issue with disabled buttons
Release 14.6 (24th November 2021):
Security issues:
TL-32727 Added checking of uncompressed archive file size prior to extraction
The total uncompressed size of an archive file is now checked prior to
extracting its content to ensure that it is within an allowed size.
The allowed size is set by a new administration setting, maxbyte**tracted.
TL-32754 Prevented switching off course search result pagination for non-logged in users
When the 'Force login' setting is disabled, users that are not logged in
can have access to the course search page. With this patch, users that are
not logged in cannot switch off pagination for the search results any more.
Neither can they set the number of results per page above the default that
is determined by the 'Courses per page' setting. This is to mitigate the
possibility of denial of service attacks.
TL-32804 Improved capability checks when fetching users' best grades
TL-32809 Restricted the allowable inputs for the file types tool revert changes script
Performance improvements:
TL-33019 Improved performance of the audience report builder content restriction
Improvements:
TL-30291 Changed inline help for the 'force new attempt' setting in SCORM
TL-31706 Added OAuth2 authentication to outgoing SMTP mail service
With this patch outgoing email connections can now be configured using the
XOAuth2 protocol. To make use of this protocol you will need to configure
an OAuth2 service with your provider and connect with a system account.
Afterwards the OAuth2 service can be chosen on the Outgoing email
configuration page.
TL-32517 Added a new key binding that adds multilanguage blocks to the weka editor
TL-32595 Creating a workspace while viewing a workspace discussion takes the user to the newly created workspace
TL-32603 Improved the accessibility of progress bars by adding an aria-label
Bug fixes:
TL-23626 Fixed mixed case language string IDs in plugins breaking language pack customisation
TL-29872 Fixed the help text on the custom rating scale element that was incorrectly stating the scores must be whole numbers
TL-30549 Fixed styling issue on empty list inside editor in Firefox browser
TL-31011 Made sure to return 0 AUC score in optimisation routine when no users have past interactions with the content
TL-32302 Fixed site guests being able to view course grades in the course navigation block
TL-32487 Stopped deleted programs attempting to send notifications
TL-32523 Removed 'container_perform' enrolment plugin from the list of manageable plugins
Prior to this patch, the management page for enrolment plugins listed the
'container_perform' plugin. This enrolment plugin purely works in the
background and cannot be managed in any way, so this patch removes it from
the list.
TL-32558 Fixed a situation where a notification created with a empty body was being handled as an overridden field
TL-32560 Improved the display of messages when installing through the web interface
TL-32581 Prevented the delete and create mutations from being triggered multiple time in central notification preferences
TL-32588 Fixed the alignment of the save and cancel buttons when creating a program as a tenant manager
TL-32590 Deprecated tm_message_set_default_message_preferences function
TL-32605 Updated tui file card info (and attachment node in 13 and 14) to use css flex and changed how the file extension is displayed
TL-32606 Made use of alt text for the user's profile image consistent by displaying the users' full name by default
If the user has set a value in the 'Picture description' profile field then
this is used.
TL-32609 Fixed playlist title not being correctly formatted in the mobile view of the library
TL-32617 Fixed error when saving empty attachment groups in Weka editor
TL-32629 Changed tui grid component error to a warning when there are no grid items
TL-32638 Applied visual fixes to related playlist/resource card images
TL-32641 Fixed vertical spaces not being preserved when using weka editor
TL-32653 Updated the job assignments create_assignment GraphQL mutation to ensure organisation or positions exist prior to creating the assignment
TL-32654 Added loading indicator in CommentThread and hid comments count in SidePanelCommentBox while loading comments
TL-32660 Improved error handling in the profile_competency_details GraphQL query
TL-32662 Fixed use of incorrect parameter for result_size in the competency user_assignments GraphQL query
TL-32664 Fixed incorrect notification text (to resource owner) when replying to a comment on resources
TL-32691 Fixed flickering issue with the toggle switch component when hovering over text
TL-32696 Updated tui sample Grid component handleTextareaInput function to correctly grab the DOM elements from refs
TL-32709 Fixed navigation block showing unwanted categories, workspaces and perform activities
TL-32724 Fixed outdated default logo being displayed when logging into the mobile app
TL-32734 Made sure an appropriate message is displayed when a user views a deleted goal
TL-32738 Prevented deleted personal goals showing in performance activity review elements
Prior to this patch, deleted personal goals were still displayed in
performance activities with goal review elements when they were selected
before deletion. This could lead to an error when trying to rate a goal
after deletion. This patch makes the behaviour consistent with company
goals, showing a message about the goal being deleted and preventing rating
attempts after deletion.
TL-32741 Fixed HR Import field mapping for date fields in Job Assignment element
When using HR Import to import job assignment records, the field mapping of
date fields (eg. startdate, enddate, etc) was not working. The field
mapping of these fields now works as expected.
TL-32748 Fixed the 'Your Workspaces' page on mobile when the user does not belong to any workspaces
TL-32752 Fixed resetting Seminar activities on certification expiry
TL-32765 Filtered out duplicate records in user_interactions.csv to use for recommendations if any are exported from the Totara instance
TL-32771 Fixed the formatting of section and module names in mobile graphql
Previously, if using the mobile app, special characters such as the
ampersand that would have been displayed correctly in the course name,
would have been double encoded in the names of course sections and modules.
This change makes these names consistent with the course name field.
TL-32780 Fixed PHP errors shown when training editors view course completion settings
TL-32790 Made sure no error message appears when expanding category in navigation block
TL-32792 Fixed event management menu removing a console error for learners
When a learner access a seminar activity, there was a console error due to
the Javascript attempting to intialise seminar administration
functionality. This issue removes the attempted initialisation
TL-32797 Fixed bookmark button making some Engage card titles misaligned
TL-32800 Generated correct creation date for cloned perform activity
TL-32818 Fixed reordering of feedback page break and label elements
TL-32825 Fixed invalid XML in thirdpartylibs.xml file
TL-32838 Added the ability for a admin user to change other admin's password
This ability was removed by TL-32465 and now it restored.
TL-32971 Added the database name to the lock key to avoid multiple databases on the same database server sharing locks
TL-33021 Fixed resources that include topics crashing on save when tags functionality is disabled
TL-33101 Removed previously deprecated strings from language file which caused a database error
On case insensitive database collation the language customisation tool
showed a database error when opening a language pack for editing. This is
now fixed and the duplicate language strings have been removed.
Technical changes:
TL-31480 Removed superfluous trace messages when there are no notifications to send out
TL-32041 Added configurable number filter to report builder
This filter allows filtering numerical data using an operator that is
specified in the report source.
TL-32155 Added ability to disable grouping for a column in a report source
Tui front end framework:
TL-32695 Replaced 'char length' field on the NotepadLines page in the tui samples library with a select list
TL-32995 Prevented moving an item to the same position on the dragdrop component
TL-33000 Fixed accessibility issue with disabled buttons
Contributions:
* Dustin Brisebois at Lambda Solutions - TL-23626
Release 13.14 (24th November 2021):
Security issues:
TL-32727 Added checking of uncompressed archive file size prior to extraction
The total uncompressed size of an archive file is now checked prior to
extracting its content to ensure that it is within an allowed size.
The allowed size is set by a new administration setting, maxbyte**tracted.
TL-32754 Prevented switching off course search result pagination for non-logged in users
When the 'Force login' setting is disabled, users that are not logged in
can have access to the course search page. With this patch, users that are
not logged in cannot switch off pagination for the search results any more.
Neither can they set the number of results per page above the default that
is determined by the 'Courses per page' setting. This is to mitigate the
possibility of denial of service attacks.
TL-32804 Improved capability checks when fetching users' best grades
TL-32809 Restricted the allowable inputs for the file types tool revert changes script
Performance improvements:
TL-33019 Improved performance of the audience report builder content restriction
Improvements:
TL-31706 Added OAuth2 authentication to outgoing SMTP mail service
With this patch outgoing email connections can now be configured using the
XOAuth2 protocol. To make use of this protocol you will need to configure
an OAuth2 service with your provider and connect with a system account.
Afterwards the OAuth2 service can be chosen on the Outgoing email
configuration page.
TL-32595 Creating a workspace while viewing a workspace discussion takes the user to the newly created workspace
TL-32603 Improved the accessibility of progress bars by adding an aria-label
Bug fixes:
TL-29872 Fixed the help text on the custom rating scale element that was incorrectly stating the scores must be whole numbers
TL-30549 Fixed styling issue on empty list inside editor in Firefox browser
TL-31011 Made sure to return 0 AUC score in optimisation routine when no users have past interactions with the content
TL-32302 Fixed site guests being able to view course grades in the course navigation block
TL-32523 Removed 'container_perform' enrolment plugin from the list of manageable plugins
Prior to this patch, the management page for enrolment plugins listed the
'container_perform' plugin. This enrolment plugin purely works in the
background and cannot be managed in any way, so this patch removes it from
the list.
TL-32560 Improved the display of messages when installing through the web interface
TL-32588 Fixed the alignment of the save and cancel buttons when creating a program as a tenant manager
TL-32590 Deprecated tm_message_set_default_message_preferences function
TL-32605 Updated tui file card info (and attachment node in 13 and 14) to use css flex and changed how the file extension is displayed
TL-32606 Made use of alt text for the user's profile image consistent by displaying the users' full name by default
If the user has set a value in the 'Picture description' profile field then
this is used.
TL-32609 Fixed playlist title not being correctly formatted in the mobile view of the library
TL-32617 Fixed error when saving empty attachment groups in Weka editor
TL-32629 Changed tui grid component error to a warning when there are no grid items
TL-32638 Applied visual fixes to related playlist/resource card images
TL-32653 Updated the job assignments create_assignment GraphQL mutation to ensure organisation or positions exist prior to creating the assignment
TL-32654 Added loading indicator in CommentThread and hid comments count in SidePanelCommentBox while loading comments
TL-32660 Improved error handling in the profile_competency_details GraphQL query
TL-32664 Fixed incorrect notification text (to resource owner) when replying to a comment on resources
TL-32691 Fixed flickering issue with the toggle switch component when hovering over text
TL-32696 Updated tui sample Grid component handleTextareaInput function to correctly grab the DOM elements from refs
TL-32709 Fixed navigation block showing unwanted categories, workspaces and perform activities
TL-32724 Fixed outdated default logo being displayed when logging into the mobile app
TL-32741 Fixed HR Import field mapping for date fields in Job Assignment element
When using HR Import to import job assignment records, the field mapping of
date fields (eg. startdate, enddate, etc) was not working. The field
mapping of these fields now works as expected.
TL-32748 Fixed the 'Your Workspaces' page on mobile when the user does not belong to any workspaces
TL-32752 Fixed resetting Seminar activities on certification expiry
TL-32765 Filtered out duplicate records in user_interactions.csv to use for recommendations if any are exported from the Totara instance
TL-32771 Fixed the formatting of section and module names in mobile graphql
Previously, if using the mobile app, special characters such as the
ampersand that would have been displayed correctly in the course name,
would have been double encoded in the names of course sections and modules.
This change makes these names consistent with the course name field.
TL-32780 Fixed PHP errors shown when training editors view course completion settings
TL-32790 Made sure no error message appears when expanding category in navigation block
TL-32792 Fixed event management menu removing a console error for learners
When a learner access a seminar activity, there was a console error due to
the Javascript attempting to intialise seminar administration
functionality. This issue removes the attempted initialisation
TL-32797 Fixed bookmark button making some Engage card titles misaligned
TL-32800 Generated correct creation date for cloned perform activity
TL-32818 Fixed reordering of feedback page break and label elements
TL-32825 Fixed invalid XML in thirdpartylibs.xml file
TL-32971 Added the database name to the lock key to avoid multiple databases on the same database server sharing locks
TL-33021 Fixed resources that include topics crashing on save when tags functionality is disabled
TL-33101 Removed previously deprecated strings from language file which caused a database error
On case insensitive database collation the language customisation tool
showed a database error when opening a language pack for editing. This is
now fixed and the duplicate language strings have been removed.
Tui front end framework:
TL-32695 Replaced 'char length' field on the NotepadLines page in the tui samples library with a select list
TL-32995 Prevented moving an item to the same position on the dragdrop component
Release 12.37 (24th November 2021):
Security issues:
TL-32727 Added checking of uncompressed archive file size prior to extraction
The total uncompressed size of an archive file is now checked prior to
extracting its content to ensure that it is within an allowed size.
The allowed size is set by a new administration setting, maxbyte**tracted.
TL-32754 Prevented switching off course search result pagination for non-logged in users
When the 'Force login' setting is disabled, users that are not logged in
can have access to the course search page. With this patch, users that are
not logged in cannot switch off pagination for the search results any more.
Neither can they set the number of results per page above the default that
is determined by the 'Courses per page' setting. This is to mitigate the
possibility of denial of service attacks.
TL-32804 Improved capability checks when fetching users' best grades
TL-32809 Restricted the allowable inputs for the file types tool revert changes script
Performance improvements:
TL-33019 Improved performance of the audience report builder content restriction
Improvements:
TL-31706 Added OAuth2 authentication to outgoing SMTP mail service
With this patch outgoing email connections can now be configured using the
XOAuth2 protocol. To make use of this protocol you will need to configure
an OAuth2 service with your provider and connect with a system account.
Afterwards the OAuth2 service can be chosen on the Outgoing email
configuration page.
Bug fixes:
TL-32302 Fixed site guests being able to view course grades in the course navigation block
TL-32580 Fixed 'Number of Attendees' report builder column for seminar event report
TL-32590 Deprecated tm_message_set_default_message_preferences function
TL-33101 Removed previously deprecated strings from language file which caused a database error
On case insensitive database collation the language customisation tool
showed a database error when opening a language pack for editing. This is
now fixed and the duplicate language strings have been removed.
Release 11.46 (24th November 2021):
Security issues:
TL-32754 Prevented switching off course search result pagination for non-logged in users
When the 'Force login' setting is disabled, users that are not logged in
can have access to the course search page. With this patch, users that are
not logged in cannot switch off pagination for the search results any more.
Neither can they set the number of results per page above the default that
is determined by the 'Courses per page' setting. This is to mitigate the
possibility of denial of service attacks.
TL-32804 Improved capability checks when fetching users' best grades
TL-32809 Restricted the allowable inputs for the file types tool revert changes script
Bug fixes:
TL-32302 Fixed site guests being able to view course grades in the course navigation block
Release 10.50 (24th November 2021):
Security issues:
TL-32754 Prevented switching off course search result pagination for non-logged in users
When the 'Force login' setting is disabled, users that are not logged in
can have access to the course search page. With this patch, users that are
not logged in cannot switch off pagination for the search results any more.
Neither can they set the number of results per page above the default that
is determined by the 'Courses per page' setting. This is to mitigate the
possibility of denial of service attacks.
TL-32804 Improved capability checks when fetching users' best grades
TL-32809 Restricted the allowable inputs for the file types tool revert changes script
Bug fixes:
TL-32302 Fixed site guests being able to view course grades in the course navigation block
Release 9.59 (24th November 2021):
Security issues:
TL-32809 Restricted the allowable inputs for the file types tool revert changes script
Bug fixes:
TL-32302 Fixed site guests being able to view course grades in the course navigation block
Release 2.9.60 (24th November 2021):
Security issues:
TL-32809 Restricted the allowable inputs for the file types tool revert changes script