Hello everyone,
The following versions of Totara TXP/Learn have now been released:
- Release 15.4
- Release 14.9
- Release 13.17
- Release 12.40
- Release 11.49
- Release 10.53
- Release 9.61
- Release 2.9.61
- Release 2.7.66
- Release 2.6.83
- Release 2.5.87
- Release 2.4.82
- Release 2.2.83
These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes bug fixes and improvements.
Kind regards
Riana Rossouw
Release 15.4 (23rd February 2022):
Security issues:
TL-33487 Cherrypicked MDL-34411: Ensured that groups/groupings are respected by availability overrides in the Quiz module
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
Improvements:
TL-32840 The totara_mobile_program query now returns a 'viewable' flag for all courses in the program
TL-33141 When an administrator manually overrides LinkedIn Learning activity completion to complete, the progress bar on the activity now shows as 100%
TL-33144 Improved the spacing between components on the LinkedIn Learning course activity page
TL-33409 Added 'Delete' functionality for participant instances to the performance activity participation management report
TL-33434 Added 'Delete' functionality for subject instances to the performance activity participation management report
Bug fixes:
TL-28203 Fixed the back button inside Engage Resources and Playlists when opening from the Find Learning page
TL-32729 Prevented action menu trigger from acting as an anchor link before JS loaded
TL-32779 Fixed GraphQL mutation parameters to prevent data loss due to stripping of tags
TL-33001 Ensured course users enrolled via Learning Plans are restored correctly from a course backup
TL-33065 Fixed SCORM 'Lock after final attempt' setting behaviour
Previously, a new SCORM attempt was allowed in review mode even if the
setting indicated that no new attempts should be allowed.
TL-33195 Fixed error in bulk user actions when filtered for a deleted role
TL-33247 Fixed Tenant Domain Manager being redirected to Catalogue when choosing 'Manage programs' from program search results page
TL-33393 Fixed error in Seminar reports if seminar session role has been deleted
TL-33400 Fixed an issue where the user profile summary card throws an exception while attempting to display a deleted user custom fields
TL-33417 Allowed deletion of performance activities referenced by redisplay elements in other activities
Prior to this patch, a performance activity could not be deleted when one
of its question elements was referenced by another activity's redisplay
element. This could lead to a situation where activities referencing each
other could never be deleted.
With this patch, an activity can be deleted even when another activity's
redisplay element has a reference to it. When this is the case, a warning
will be displayed before deletion can be confirmed. After deletion, the
redisplay questions with the missing reference will show a message that the
source activity has been removed, so the original response cannot be
displayed.
TL-33446 Fixed incorrect third-party library file paths in thirdpartylibs.xml
TL-33479 Fixed seminar cancellation to send the correct notification to the trainer
Before when a trainer canceled an event, the 'Seminar event cancellation'
notification was sent to everyone. Now the 'Seminar event cancellation'
notification will be sent to learners and the 'Seminar event trainer
cancellation' notification will be sent to a trainer.
TL-33488 Cherrypicked MDL-64623: Implemented validation to ensure Glossary belongs to the same activity when deleting
TL-33538 Removed unnecessary horizontal scrollbar from enhanced catalogue
TL-33545 Added a condition to reduce the score of seen content only when the unseen content is not empty
The recommendation score of each item is reduced if it has been seen by the
user so that it appears lower in the recommended list in subsequent user
activities. If a user has seen all the content the score reduction routine
will fail. The fix addresses this bug.
TL-33624 Fixed legacy program assignment relative due dates being lost
When "Enable legacy program assignment interface" was enabled, relative due
dates on non-individual assignments were being lost when changes were made
to other assignments and "Save changes" was clicked. This was due to some
properties failing to load when the page loaded. Instances of this problem
can be fixed after upgrade by clicking the "Remove due date" button in the
"Assignment due date" column of affected assignments and applying a new
relative due date.
Technical changes:
TL-33470 Updated the server environment check page to prepare for the upcoming Totara 16 release
We have added the minimum server requirements for Totara 16 to the Server
Environment Check page in Totara 13, 14 and 15. The Admin -> Server ->
Environment Check page can be used to see if the current server settings
can support Totara 16 when it is released.
Tui front end framework:
TL-25928 Weka editor now has the same focus outline as other inputs
TL-30088 Uploaded videos have the same max width as YouTube or Vimeo Videos
TL-30760 Updated CheckboxGroup and RadioGroup Tui components to trigger required validation on blur
TL-31255 Uniform date selector now shows validation immediately after entering a value
Previously this was only shown once the form was attempted to be submitted
TL-33413 Fixed the handling of null in tui/immutable produce()
Previously, returning null in produce() was the same as not returning
anything. It is now treated as returning a value, so it is now possible to
have `null` as the result of a recipe.
TL-33554 Improved display when changing the time on a video added with Weka
Library updates:
TL-31637 Upgraded Flask library from 1.1.2 to 2.0.3
Release 14.9 (23rd February 2022):
Security issues:
TL-33487 Cherrypicked MDL-34411: Ensured that groups/groupings are respected by availability overrides in the Quiz module
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
Improvements:
TL-33409 Added 'Delete' functionality for participant instances to the performance activity participation management report
TL-33434 Added 'Delete' functionality for subject instances to the performance activity participation management report
Bug fixes:
TL-28203 Fixed the back button inside Engage Resources and Playlists when opening from the Find Learning page
TL-32729 Prevented action menu trigger from acting as an anchor link before JS loaded
TL-32779 Fixed GraphQL mutation parameters to prevent data loss due to stripping of tags
TL-33001 Ensured course users enrolled via Learning Plans are restored correctly from a course backup
TL-33065 Fixed SCORM 'Lock after final attempt' setting behaviour
Previously, a new SCORM attempt was allowed in review mode even if the
setting indicated that no new attempts should be allowed.
TL-33195 Fixed error in bulk user actions when filtered for a deleted role
TL-33247 Fixed Tenant Domain Manager being redirected to Catalogue when choosing 'Manage programs' from program search results page
TL-33393 Fixed error in Seminar reports if seminar session role has been deleted
TL-33400 Fixed an issue where the user profile summary card throws an exception while attempting to display a deleted user custom fields
TL-33417 Allowed deletion of performance activities referenced by redisplay elements in other activities
Prior to this patch, a performance activity could not be deleted when one
of its question elements was referenced by another activity's redisplay
element. This could lead to a situation where activities referencing each
other could never be deleted.
With this patch, an activity can be deleted even when another activity's
redisplay element has a reference to it. When this is the case, a warning
will be displayed before deletion can be confirmed. After deletion, the
redisplay questions with the missing reference will show a message that the
source activity has been removed, so the original response cannot be
displayed.
TL-33446 Fixed incorrect third-party library file paths in thirdpartylibs.xml
TL-33479 Fixed seminar cancellation to send the correct notification to the trainer
Before when a trainer canceled an event, the 'Seminar event cancellation'
notification was sent to everyone. Now the 'Seminar event cancellation'
notification will be sent to learners and the 'Seminar event trainer
cancellation' notification will be sent to a trainer.
TL-33488 Cherrypicked MDL-64623: Implemented validation to ensure Glossary belongs to the same activity when deleting
TL-33538 Removed unnecessary horizontal scrollbar from enhanced catalogue
TL-33545 Added a condition to reduce the score of seen content only when the unseen content is not empty
The recommendation score of each item is reduced if it has been seen by the
user so that it appears lower in the recommended list in subsequent user
activities. If a user has seen all the content the score reduction routine
will fail. The fix addresses this bug.
TL-33624 Fixed legacy program assignment relative due dates being lost
When "Enable legacy program assignment interface" was enabled, relative due
dates on non-individual assignments were being lost when changes were made
to other assignments and "Save changes" was clicked. This was due to some
properties failing to load when the page loaded. Instances of this problem
can be fixed after upgrade by clicking the "Remove due date" button in the
"Assignment due date" column of affected assignments and applying a new
relative due date.
Technical changes:
TL-33470 Updated the server environment check page to prepare for the upcoming Totara 16 release
We have added the minimum server requirements for Totara 16 to the Server
Environment Check page in Totara 13, 14 and 15. The Admin -> Server ->
Environment Check page can be used to see if the current server settings
can support Totara 16 when it is released.
Tui front end framework:
TL-25928 Weka editor now has the same focus outline as other inputs
TL-30760 Updated CheckboxGroup and RadioGroup Tui components to trigger required validation on blur
TL-33413 Fixed the handling of null in tui/immutable produce()
Previously, returning null in produce() was the same as not returning
anything. It is now treated as returning a value, so it is now possible to
have `null` as the result of a recipe.
Release 13.17 (23rd February 2022):
Security issues:
TL-33487 Cherrypicked MDL-34411: Ensured that groups/groupings are respected by availability overrides in the Quiz module
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
Improvements:
TL-33409 Added 'Delete' functionality for participant instances to the performance activity participation management report
TL-33434 Added 'Delete' functionality for subject instances to the performance activity participation management report
Bug fixes:
TL-28203 Fixed the back button inside Engage Resources and Playlists when opening from the Find Learning page
TL-32729 Prevented action menu trigger from acting as an anchor link before JS loaded
TL-32779 Fixed GraphQL mutation parameters to prevent data loss due to stripping of tags
TL-33001 Ensured course users enrolled via Learning Plans are restored correctly from a course backup
TL-33065 Fixed SCORM 'Lock after final attempt' setting behaviour
Previously, a new SCORM attempt was allowed in review mode even if the
setting indicated that no new attempts should be allowed.
TL-33195 Fixed error in bulk user actions when filtered for a deleted role
TL-33247 Fixed Tenant Domain Manager being redirected to Catalogue when choosing 'Manage programs' from program search results page
TL-33393 Fixed error in Seminar reports if seminar session role has been deleted
TL-33400 Fixed an issue where the user profile summary card throws an exception while attempting to display a deleted user custom fields
TL-33446 Fixed incorrect third-party library file paths in thirdpartylibs.xml
TL-33479 Fixed seminar cancellation to send the correct notification to the trainer
Before when a trainer canceled an event, the 'Seminar event cancellation'
notification was sent to everyone. Now the 'Seminar event cancellation'
notification will be sent to learners and the 'Seminar event trainer
cancellation' notification will be sent to a trainer.
TL-33488 Cherrypicked MDL-64623: Implemented validation to ensure Glossary belongs to the same activity when deleting
TL-33500 Fixed database error in competency migration task
The competency migration runs the migration in batches of 1000 history
records at a time. If a user / competency combination is included in two
consecutive batches then the migration script threw a database error as the
competency assignment got reset between the batches. This has now been
fixed.
TL-33504 Added totara_core_mnet_deprecated_check() which is used in Totara 14+ environment checks
TL-33538 Removed unnecessary horizontal scrollbar from enhanced catalogue
Technical changes:
TL-33445 Added theme_config to the properties available in the tenant_customizable_theme_settings hook
TL-33470 Updated the server environment check page to prepare for the upcoming Totara 16 release
We have added the minimum server requirements for Totara 16 to the Server
Environment Check page in Totara 13, 14 and 15. The Admin -> Server ->
Environment Check page can be used to see if the current server settings
can support Totara 16 when it is released.
Tui front end framework:
TL-25928 Weka editor now has the same focus outline as other inputs
TL-30760 Updated CheckboxGroup and RadioGroup Tui components to trigger required validation on blur
Release 12.40 (23rd February 2022):
Security issues:
TL-33487 Cherrypicked MDL-34411: Ensured that groups/groupings are respected by availability overrides in the Quiz module
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
TL-33490 Improved LTI provider consistency checks
Users may have been able to escalate their role in content provided via
LTI, through modifying requests to the LTI provider. Improvements have been
made to LTI provider code to ensure modified requests are not accepted.
Bug fixes:
TL-33393 Fixed error in Seminar reports if seminar session role has been deleted
TL-33446 Fixed incorrect third-party library file paths in thirdpartylibs.xml
TL-33479 Fixed seminar cancellation to send the correct notification to the trainer
Before when a trainer canceled an event, the 'Seminar event cancellation'
notification was sent to everyone. Now the 'Seminar event cancellation'
notification will be sent to learners and the 'Seminar event trainer
cancellation' notification will be sent to a trainer.
TL-33488 Cherrypicked MDL-64623: Implemented validation to ensure Glossary belongs to the same activity when deleting
Release 11.49 (23rd February 2022):
Security issues:
TL-33487 Cherrypicked MDL-34411: Ensured that groups/groupings are respected by availability overrides in the Quiz module
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
Bug fixes:
TL-33488 Cherrypicked MDL-64623: Implemented validation to ensure Glossary belongs to the same activity when deleting
Release 10.53 (23rd February 2022):
Security issues:
TL-33487 Cherrypicked MDL-34411: Ensured that groups/groupings are respected by availability overrides in the Quiz module
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
Bug fixes:
TL-33488 Cherrypicked MDL-64623: Implemented validation to ensure Glossary belongs to the same activity when deleting
Release 9.61 (23rd February 2022):
Security issues:
TL-33487 Cherrypicked MDL-34411: Ensured that groups/groupings are respected by availability overrides in the Quiz module
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
Release 2.9.61 (23rd February 2022):
Security issues:
TL-33487 Cherrypicked MDL-34411: Ensured that groups/groupings are respected by availability overrides in the Quiz module
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
Release 2.7.66 (23rd February 2022):
Security issues:
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
Release 2.6.83 (23rd February 2022):
Security issues:
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
Bug fixes:
TL-33673 Fixed code on the login page that was incompatible with PHP 5.3
Release 2.5.87 (23rd February 2022):
Security issues:
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
Bug fixes:
TL-33673 Fixed code on the login page that was incompatible with PHP 5.3
Release 2.4.82 (23rd February 2022):
Security issues:
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.
Bug fixes:
TL-33673 Fixed code on the login page that was incompatible with PHP 5.3
Release 2.2.83 (23rd February 2022):
Security issues:
TL-33489 Cherrypicked MDL-53689: Fixed missing CSRF token in the XMLDB editor.