Totara Release Notes

Totara TXP 15.1, 14.6, 13.14; Totara learn 12.37, 11.46, 10.50, 9.59, 2.9.60 are now available

 
Sam Hemelryk
Totara TXP 15.1, 14.6, 13.14; Totara learn 12.37, 11.46, 10.50, 9.59, 2.9.60 are now available
di Sam Hemelryk - Sunday, 28 November 2021, 02:51
Gruppo Totara

Hello everyone,

The following versions of Totara Learn have now been released:

These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes bug fixes and improvements.

A big thanks to the following people for their contributions to this release:

  • Dustin Brisebois at Lambda Solutions - TL-23626

Kind regards
Sam Hemelryk

Release 15.1 (24th November 2021):

Security issues:

    TL-32727       Added checking of uncompressed archive file size prior to extraction

                   The total uncompressed size of an archive file is now checked prior to
                   extracting its content to ensure that it is within an allowed size.
                   The allowed size is set by a new administration setting, maxbyte**tracted.


Performance improvements:

    TL-33019       Improved performance of the audience report builder content restriction

Improvements:

    TL-14090       Introduced the ability for privileged users to archive and reset an individuals progress in a course

                   This change introduces two new capability controlled opt-in improvements,
                   and improved the access control for the existing archive all users
                   completion functionality within courses.
                   
                   This allows a user who has the 'totara/core:archivemycourseprogress'
                   capability to archive and reset their progress in a course.
                   In order to perform the action the user must hold the required capability,
                   completion must be enabled for the site and for the course, and the course
                   must not be a part of either a program or a certification, and the user
                   must hold a completion tracked role within the course.
                   A user with this capability will have a see a link to 'Reset this course'
                   within the course administration block when viewing the course.
                   The new capability is not given to any roles by default.
                   
                   It also allows a user who has the 'totara/core:archiveusercourseprogress'
                   capability to archive and reset the progress of another user within a
                   course.
                   In order to perform the action the user must hold the required capability,
                   completion must be enabled for the site and for the course, the course must
                   not be a part of a program or a certification, and the user whose progress
                   is being archived and reset must hold a completion tracked role within the
                   course.
                   A new action has been added to the course completion report to enable
                   this.
                   The new capability is not given to any roles by default.
                   
                   Finally, the existing archive and reset completion functionality now has a
                   new dedicated capability 'totara/core:archiveenrolledcourseprogress'.
                   Previously users were required to have the ability to delete the course in
                   order to archive and reset progress for all enrolled users.
                   To ensure backwards compatibility during upgrades when the new capability
                   is installed roles that hold the moodle/course:delete capability are given
                   this permission.

    TL-31706       Added OAuth2 authentication to outgoing SMTP mail service

                   With this patch outgoing email connections can now be configured using the
                   XOAuth2 protocol. To make use of this protocol you will need to configure
                   an OAuth2 service with your provider and connect with a system account.
                   Afterwards the OAuth2 service can be chosen on the Outgoing email
                   configuration page.


Bug fixes:

    TL-29872       Fixed the help text on the custom rating scale element that was incorrectly stating the scores must be whole numbers
    TL-31011       Made sure to return 0 AUC score in optimisation routine when no users have past interactions with the content
    TL-32306       Added capability check to available locales query in the LinkedIn content marketplace plugin
    TL-32327       Removed blank space under course details of LinkedIn Learning courses with no 'level'
    TL-32330       Fixed incorrect duration on LinkedIn Learning courses
    TL-32347       Added a notification banner to LinkedIn course pages when the course is not available 
    TL-32638       Applied visual fixes to related playlist/resource card images
    TL-32660       Improved error handling in the profile_competency_details GraphQL query
    TL-32743       Fixed description formatting of linked review learning items in performance activities
    TL-32748       Fixed the 'Your Workspaces' page on mobile when the user does not belong to any workspaces
    TL-32752       Fixed resetting Seminar activities on certification expiry
    TL-32780       Fixed PHP errors shown when training editors view course completion settings
    TL-32795       Fixed a JavaScript error in question bank

                   Fixed a JavaScript error when navigating via the tab key through input
                   fields when creating a question bank drag and drop image in the drop zones
                   section.

    TL-32797       Fixed bookmark button making some Engage card titles misaligned
    TL-32818       Fixed reordering of feedback page break and label elements
    TL-32889       Fixed the plugin icon for the external content marketplace activity module not appearing on the plugins overview page
    TL-32971       Added the database name to the lock key to avoid multiple databases on the same database server sharing locks
    TL-33021       Fixed resources that include topics crashing on save when tags functionality is disabled
    TL-33101       Removed previously deprecated strings from language file which caused a database error

                   On case insensitive database collation the language customisation tool
                   showed a database error when opening a language pack for editing. This is
                   now fixed and the duplicate language strings have been removed.


Technical changes:

    TL-32041       Added configurable number filter to report builder

                   This filter allows filtering numerical data using an operator that is
                   specified in the report source.

    TL-32155       Added ability to disable grouping for a column in a report source
    TL-32613       Improved tile layout on workflow manager page
    TL-32968       Added support for activity completion progress

                   With this change it is possible for activity modules to optionally set a
                   percentage progress towards activity completion, in order to make it
                   possible to report on more fine grained progress towards completing an
                   activity.
                   
                   At this point the new API is not implemented for any activities yet, and
                   there is no interface changes which display activity progress.
                   
                   This change includes a database upgrade to add a new "progress" field to
                   the "course_modules_completion" table. The new field supports values
                   between 0 and 100. Existing records will be given a "progress" of "null".


Tui front end framework:

    TL-32695       Replaced 'char length' field on the NotepadLines page in the tui samples library with a select list
    TL-32995       Prevented moving an item to the same position on the dragdrop component
    TL-33000       Fixed accessibility issue with disabled buttons

Release 14.6 (24th November 2021):

Security issues:

    TL-32727       Added checking of uncompressed archive file size prior to extraction

                   The total uncompressed size of an archive file is now checked prior to
                   extracting its content to ensure that it is within an allowed size.
                   The allowed size is set by a new administration setting, maxbyte**tracted.

    TL-32754       Prevented switching off course search result pagination for non-logged in users

                   When the 'Force login' setting is disabled, users that are not logged in
                   can have access to the course search page. With this patch, users that are
                   not logged in cannot switch off pagination for the search results any more.
                   Neither can they set the number of results per page above the default that
                   is determined by the 'Courses per page' setting. This is to mitigate the
                   possibility of denial of service attacks.

    TL-32804       Improved capability checks when fetching users' best grades
    TL-32809       Restricted the allowable inputs for the file types tool revert changes script

Performance improvements:

    TL-33019       Improved performance of the audience report builder content restriction

Improvements:

    TL-30291       Changed inline help for the 'force new attempt' setting in SCORM
    TL-31706       Added OAuth2 authentication to outgoing SMTP mail service

                   With this patch outgoing email connections can now be configured using the
                   XOAuth2 protocol. To make use of this protocol you will need to configure
                   an OAuth2 service with your provider and connect with a system account.
                   Afterwards the OAuth2 service can be chosen on the Outgoing email
                   configuration page.

    TL-32517       Added a new key binding that adds multilanguage blocks to the weka editor
    TL-32595       Creating a workspace while viewing a workspace discussion takes the user to the newly created workspace
    TL-32603       Improved the accessibility of progress bars by adding an aria-label

Bug fixes:

    TL-23626       Fixed mixed case language string IDs in plugins breaking language pack customisation
    TL-29872       Fixed the help text on the custom rating scale element that was incorrectly stating the scores must be whole numbers
    TL-30549       Fixed styling issue on empty list inside editor in Firefox browser
    TL-31011       Made sure to return 0 AUC score in optimisation routine when no users have past interactions with the content
    TL-32302       Fixed site guests being able to view course grades in the course navigation block
    TL-32487       Stopped deleted programs attempting to send notifications
    TL-32523       Removed 'container_perform' enrolment plugin from the list of manageable plugins

                   Prior to this patch, the management page for enrolment plugins listed the
                   'container_perform' plugin. This enrolment plugin purely works in the
                   background and cannot be managed in any way, so this patch removes it from
                   the list.

    TL-32558       Fixed a situation where a notification created with a empty body was being handled as an overridden field
    TL-32560       Improved the display of messages when installing through the web interface
    TL-32581       Prevented the delete and create mutations from being triggered multiple time in central notification preferences 
    TL-32588       Fixed the alignment of the save and cancel buttons when creating a program as a tenant manager
    TL-32590       Deprecated tm_message_set_default_message_preferences function
    TL-32605       Updated tui file card info (and attachment node in 13 and 14) to use css flex and changed how the file extension is displayed
    TL-32606       Made use of alt text for the user's profile image consistent by displaying the users' full name by default

                   If the user has set a value in the 'Picture description' profile field then
                   this is used.

    TL-32609       Fixed playlist title not being correctly formatted in the mobile view of the library
    TL-32617       Fixed error when saving empty attachment groups in Weka editor
    TL-32629       Changed tui grid component error to a warning when there are no grid items
    TL-32638       Applied visual fixes to related playlist/resource card images
    TL-32641       Fixed vertical spaces not being preserved when using weka editor
    TL-32653       Updated the job assignments create_assignment GraphQL mutation to ensure organisation or positions exist prior to creating the assignment
    TL-32654       Added loading indicator in CommentThread and hid comments count in SidePanelCommentBox while loading comments
    TL-32660       Improved error handling in the profile_competency_details GraphQL query
    TL-32662       Fixed use of incorrect parameter for result_size in the competency user_assignments GraphQL query
    TL-32664       Fixed incorrect notification text (to resource owner) when replying to a comment on resources
    TL-32691       Fixed flickering issue with the toggle switch component when hovering over text
    TL-32696       Updated tui sample Grid component handleTextareaInput function to correctly grab the DOM elements from refs
    TL-32709       Fixed navigation block showing unwanted categories, workspaces and perform activities
    TL-32724       Fixed outdated default logo being displayed when logging into the mobile app 
    TL-32734       Made sure an appropriate message is displayed when a user views a deleted goal
    TL-32738       Prevented deleted personal goals showing in performance activity review elements

                   Prior to this patch, deleted personal goals were still displayed in
                   performance activities with goal review elements when they were selected
                   before deletion. This could lead to an error when trying to rate a goal
                   after deletion. This patch makes the behaviour consistent with company
                   goals, showing a message about the goal being deleted and preventing rating
                   attempts after deletion.

    TL-32741       Fixed HR Import field mapping for date fields in Job Assignment element

                   When using HR Import to import job assignment records, the field mapping of
                   date fields (eg. startdate, enddate, etc) was not working. The field
                   mapping of these fields now works as expected.

    TL-32748       Fixed the 'Your Workspaces' page on mobile when the user does not belong to any workspaces
    TL-32752       Fixed resetting Seminar activities on certification expiry
    TL-32765       Filtered out duplicate records in user_interactions.csv to use for recommendations if any are exported from the Totara instance
    TL-32771       Fixed the formatting of section and module names in mobile graphql

                   Previously, if using the mobile app, special characters such as the
                   ampersand that would have been displayed correctly in the course name,
                   would have been double encoded in the names of course sections and modules.
                   This change makes these names consistent with the course name field.

    TL-32780       Fixed PHP errors shown when training editors view course completion settings
    TL-32790       Made sure no error message appears when expanding category in navigation block
    TL-32792       Fixed event management menu removing a console error for learners

                   When a learner access a seminar activity, there was a console error due to
                   the Javascript attempting to intialise seminar administration
                   functionality. This issue removes the attempted initialisation

    TL-32797       Fixed bookmark button making some Engage card titles misaligned
    TL-32800       Generated correct creation date for cloned perform activity
    TL-32818       Fixed reordering of feedback page break and label elements
    TL-32825       Fixed invalid XML in thirdpartylibs.xml file
    TL-32838       Added the ability for a admin user to change other admin's password

                   This ability was removed by TL-32465 and now it restored.

    TL-32971       Added the database name to the lock key to avoid multiple databases on the same database server sharing locks
    TL-33021       Fixed resources that include topics crashing on save when tags functionality is disabled
    TL-33101       Removed previously deprecated strings from language file which caused a database error

                   On case insensitive database collation the language customisation tool
                   showed a database error when opening a language pack for editing. This is
                   now fixed and the duplicate language strings have been removed.


Technical changes:

    TL-31480       Removed superfluous trace messages when there are no notifications to send out
    TL-32041       Added configurable number filter to report builder

                   This filter allows filtering numerical data using an operator that is
                   specified in the report source.

    TL-32155       Added ability to disable grouping for a column in a report source

Tui front end framework:

    TL-32695       Replaced 'char length' field on the NotepadLines page in the tui samples library with a select list
    TL-32995       Prevented moving an item to the same position on the dragdrop component
    TL-33000       Fixed accessibility issue with disabled buttons

Contributions:

    * Dustin Brisebois at Lambda Solutions - TL-23626

Release 13.14 (24th November 2021):

Security issues:

    TL-32727       Added checking of uncompressed archive file size prior to extraction

                   The total uncompressed size of an archive file is now checked prior to
                   extracting its content to ensure that it is within an allowed size.
                   The allowed size is set by a new administration setting, maxbyte**tracted.

    TL-32754       Prevented switching off course search result pagination for non-logged in users

                   When the 'Force login' setting is disabled, users that are not logged in
                   can have access to the course search page. With this patch, users that are
                   not logged in cannot switch off pagination for the search results any more.
                   Neither can they set the number of results per page above the default that
                   is determined by the 'Courses per page' setting. This is to mitigate the
                   possibility of denial of service attacks.

    TL-32804       Improved capability checks when fetching users' best grades
    TL-32809       Restricted the allowable inputs for the file types tool revert changes script

Performance improvements:

    TL-33019       Improved performance of the audience report builder content restriction

Improvements:

    TL-31706       Added OAuth2 authentication to outgoing SMTP mail service

                   With this patch outgoing email connections can now be configured using the
                   XOAuth2 protocol. To make use of this protocol you will need to configure
                   an OAuth2 service with your provider and connect with a system account.
                   Afterwards the OAuth2 service can be chosen on the Outgoing email
                   configuration page.

    TL-32595       Creating a workspace while viewing a workspace discussion takes the user to the newly created workspace
    TL-32603       Improved the accessibility of progress bars by adding an aria-label

Bug fixes:

    TL-29872       Fixed the help text on the custom rating scale element that was incorrectly stating the scores must be whole numbers
    TL-30549       Fixed styling issue on empty list inside editor in Firefox browser
    TL-31011       Made sure to return 0 AUC score in optimisation routine when no users have past interactions with the content
    TL-32302       Fixed site guests being able to view course grades in the course navigation block
    TL-32523       Removed 'container_perform' enrolment plugin from the list of manageable plugins

                   Prior to this patch, the management page for enrolment plugins listed the
                   'container_perform' plugin. This enrolment plugin purely works in the
                   background and cannot be managed in any way, so this patch removes it from
                   the list.

    TL-32560       Improved the display of messages when installing through the web interface
    TL-32588       Fixed the alignment of the save and cancel buttons when creating a program as a tenant manager
    TL-32590       Deprecated tm_message_set_default_message_preferences function
    TL-32605       Updated tui file card info (and attachment node in 13 and 14) to use css flex and changed how the file extension is displayed
    TL-32606       Made use of alt text for the user's profile image consistent by displaying the users' full name by default

                   If the user has set a value in the 'Picture description' profile field then
                   this is used.

    TL-32609       Fixed playlist title not being correctly formatted in the mobile view of the library
    TL-32617       Fixed error when saving empty attachment groups in Weka editor
    TL-32629       Changed tui grid component error to a warning when there are no grid items
    TL-32638       Applied visual fixes to related playlist/resource card images
    TL-32653       Updated the job assignments create_assignment GraphQL mutation to ensure organisation or positions exist prior to creating the assignment
    TL-32654       Added loading indicator in CommentThread and hid comments count in SidePanelCommentBox while loading comments
    TL-32660       Improved error handling in the profile_competency_details GraphQL query
    TL-32664       Fixed incorrect notification text (to resource owner) when replying to a comment on resources
    TL-32691       Fixed flickering issue with the toggle switch component when hovering over text
    TL-32696       Updated tui sample Grid component handleTextareaInput function to correctly grab the DOM elements from refs
    TL-32709       Fixed navigation block showing unwanted categories, workspaces and perform activities
    TL-32724       Fixed outdated default logo being displayed when logging into the mobile app 
    TL-32741       Fixed HR Import field mapping for date fields in Job Assignment element

                   When using HR Import to import job assignment records, the field mapping of
                   date fields (eg. startdate, enddate, etc) was not working. The field
                   mapping of these fields now works as expected.

    TL-32748       Fixed the 'Your Workspaces' page on mobile when the user does not belong to any workspaces
    TL-32752       Fixed resetting Seminar activities on certification expiry
    TL-32765       Filtered out duplicate records in user_interactions.csv to use for recommendations if any are exported from the Totara instance
    TL-32771       Fixed the formatting of section and module names in mobile graphql

                   Previously, if using the mobile app, special characters such as the
                   ampersand that would have been displayed correctly in the course name,
                   would have been double encoded in the names of course sections and modules.
                   This change makes these names consistent with the course name field.

    TL-32780       Fixed PHP errors shown when training editors view course completion settings
    TL-32790       Made sure no error message appears when expanding category in navigation block
    TL-32792       Fixed event management menu removing a console error for learners

                   When a learner access a seminar activity, there was a console error due to
                   the Javascript attempting to intialise seminar administration
                   functionality. This issue removes the attempted initialisation

    TL-32797       Fixed bookmark button making some Engage card titles misaligned
    TL-32800       Generated correct creation date for cloned perform activity
    TL-32818       Fixed reordering of feedback page break and label elements
    TL-32825       Fixed invalid XML in thirdpartylibs.xml file
    TL-32971       Added the database name to the lock key to avoid multiple databases on the same database server sharing locks
    TL-33021       Fixed resources that include topics crashing on save when tags functionality is disabled
    TL-33101       Removed previously deprecated strings from language file which caused a database error

                   On case insensitive database collation the language customisation tool
                   showed a database error when opening a language pack for editing. This is
                   now fixed and the duplicate language strings have been removed.


Tui front end framework:

    TL-32695       Replaced 'char length' field on the NotepadLines page in the tui samples library with a select list
    TL-32995       Prevented moving an item to the same position on the dragdrop component

Release 12.37 (24th November 2021):

Security issues:

    TL-32727       Added checking of uncompressed archive file size prior to extraction

                   The total uncompressed size of an archive file is now checked prior to
                   extracting its content to ensure that it is within an allowed size.
                   The allowed size is set by a new administration setting, maxbyte**tracted.

    TL-32754       Prevented switching off course search result pagination for non-logged in users

                   When the 'Force login' setting is disabled, users that are not logged in
                   can have access to the course search page. With this patch, users that are
                   not logged in cannot switch off pagination for the search results any more.
                   Neither can they set the number of results per page above the default that
                   is determined by the 'Courses per page' setting. This is to mitigate the
                   possibility of denial of service attacks.

    TL-32804       Improved capability checks when fetching users' best grades
    TL-32809       Restricted the allowable inputs for the file types tool revert changes script

Performance improvements:

    TL-33019       Improved performance of the audience report builder content restriction

Improvements:

    TL-31706       Added OAuth2 authentication to outgoing SMTP mail service

                   With this patch outgoing email connections can now be configured using the
                   XOAuth2 protocol. To make use of this protocol you will need to configure
                   an OAuth2 service with your provider and connect with a system account.
                   Afterwards the OAuth2 service can be chosen on the Outgoing email
                   configuration page.


Bug fixes:

    TL-32302       Fixed site guests being able to view course grades in the course navigation block
    TL-32580       Fixed 'Number of Attendees' report builder column for seminar event report
    TL-32590       Deprecated tm_message_set_default_message_preferences function
    TL-33101       Removed previously deprecated strings from language file which caused a database error

                   On case insensitive database collation the language customisation tool
                   showed a database error when opening a language pack for editing. This is
                   now fixed and the duplicate language strings have been removed.


Release 11.46 (24th November 2021):

Security issues:

    TL-32754       Prevented switching off course search result pagination for non-logged in users

                   When the 'Force login' setting is disabled, users that are not logged in
                   can have access to the course search page. With this patch, users that are
                   not logged in cannot switch off pagination for the search results any more.
                   Neither can they set the number of results per page above the default that
                   is determined by the 'Courses per page' setting. This is to mitigate the
                   possibility of denial of service attacks.

    TL-32804       Improved capability checks when fetching users' best grades
    TL-32809       Restricted the allowable inputs for the file types tool revert changes script

Bug fixes:

    TL-32302       Fixed site guests being able to view course grades in the course navigation block

Release 10.50 (24th November 2021):

Security issues:

    TL-32754       Prevented switching off course search result pagination for non-logged in users

                   When the 'Force login' setting is disabled, users that are not logged in
                   can have access to the course search page. With this patch, users that are
                   not logged in cannot switch off pagination for the search results any more.
                   Neither can they set the number of results per page above the default that
                   is determined by the 'Courses per page' setting. This is to mitigate the
                   possibility of denial of service attacks.

    TL-32804       Improved capability checks when fetching users' best grades
    TL-32809       Restricted the allowable inputs for the file types tool revert changes script

Bug fixes:

    TL-32302       Fixed site guests being able to view course grades in the course navigation block

Release 9.59 (24th November 2021):

Security issues:

    TL-32809       Restricted the allowable inputs for the file types tool revert changes script

Bug fixes:

    TL-32302       Fixed site guests being able to view course grades in the course navigation block

Release 2.9.60 (24th November 2021):

Security issues:

    TL-32809       Restricted the allowable inputs for the file types tool revert changes script