Hello everyone,
The following versions of Totara Learn have now been released:
- Release 17.2
- Release 16.8
- Release 15.14
- Release 14.19
- Release 13.27
- Release 12.49
- Release 11.56
- Release 10.58
- Release 9.65
- Release 2.9.64
- Release 2.7.69
- Release 2.6.86
Some of these versions do contain security fixes, and for this reason we strongly recommend taking a look.
Each release also includes various bug fixes and improvements.
Kind regards
Release Team
Release 17.2 (14th December 2022):
Security issues:
TL-35199 Fixed an issue allowing an external API client with limited capability to access hidden user profile fields
The `moodle/user:viewalldetails` capability is now required for an external API
service account to query or mutate any custom user profile fields with
visibility set to 'Not visible' or 'Restricted visibility'. This brings the API
service in line with behaviour of the web interface for updating user profiles.
Improvements:
TL-34846 Extended create/update user services to offer more password-related options
Boolean fields have been added to the create and update user mutations for
'force_password_change' and 'generate_password'.
TL-35898 API client can now delete an existing user custom profile field value
This improvement adds a 'delete' flag to the 'custom_fields' per-field input for
the 'core_user_update_user' mutation, allowing an external API client to remove
custom user profile field values when updating a target user's profile.
TL-35942 Added ability to change external API debug level setting per API client
Each API client can now have its own debug level setting.
This introduces a breaking change in the pre- and post-request hooks that were
released with Totara 17.0. Hook instantiation now requires the
\totara_webapi\server instance to be passed as a third parameter.
Bug fixes:
TL-35203 Added the location details to seminar calendar export ical
The location was not included as a field in the external calendar, and it won't
show in the iCal after export. As a part of this patch, location detail has been
added to the export iCal.
TL-35432 Fixed folder downloading for cloud storage
When downloading a folder the system will now attempt to retrieve the file from
cloud storage if the files / subdirectories are missing prior to downloading the
zip of the folder.
TL-35497 Fixed unique notification_event_log entries to include the event_data
Previously, it could happen that for the same type of event only one event_log
entry got created even if the event data is different. This has now been fixed.
TL-35852 Fixed a bug in LinkedIn Learning Classification sync scheduled task that caused unused classifications to remain in the database
TL-35952 Fixed the report builder Tui display component for the 'Performance Activity response reporting: Subject users' embedded report
TL-36040 Fixed an error in the delete_workspace_task adhoc task when permissions for the user have changed since it got scheduled
TL-36053 Fixed notification queues breaking on Errors
Previously the notification queues caught thrown Exceptions and continued to
send the rest of the messages in the queue. However an Error or other Throwable
would still break the queue. These have been updated to catch all Throwables, to
allow as many valid notifications to be sent as possible while logging all
invalid ones.
TL-36086 Fixed being able to set a blank password in create/update user GraphQL mutations
Release 16.8 (14th December 2022):
Bug fixes:
TL-35203 Added the location details to seminar calendar export ical
The location was not included as a field in the external calendar, and it won't
show in the iCal after export. As a part of this patch, location detail has been
added to the export iCal.
TL-35432 Fixed folder downloading for cloud storage
When downloading a folder the system will now attempt to retrieve the file from
cloud storage if the files / subdirectories are missing prior to downloading the
zip of the folder.
TL-35852 Fixed a bug in LinkedIn Learning Classification sync scheduled task that caused unused classifications to remain in the database
TL-35952 Fixed the report builder Tui display component for the 'Performance Activity response reporting: Subject users' embedded report
TL-36040 Fixed an error in the delete_workspace_task adhoc task when permissions for the user have changed since it got scheduled
TL-36053 Fixed notification queues breaking on Errors
Previously the notification queues caught thrown Exceptions and continued to
send the rest of the messages in the queue. However an Error or other Throwable
would still break the queue. These have been updated to catch all Throwables, to
allow as many valid notifications to be sent as possible while logging all
invalid ones.
Release 15.14 (14th December 2022):
Bug fixes:
TL-35203 Added the location details to seminar calendar export ical
The location was not included as a field in the external calendar, and it won't
show in the iCal after export. As a part of this patch, location detail has been
added to the export iCal.
TL-35852 Fixed a bug in LinkedIn Learning Classification sync scheduled task that caused unused classifications to remain in the database
TL-36053 Fixed notification queues breaking on Errors
Previously the notification queues caught thrown Exceptions and continued to
send the rest of the messages in the queue. However an Error or other Throwable
would still break the queue. These have been updated to catch all Throwables, to
allow as many valid notifications to be sent as possible while logging all
invalid ones.
Release 14.19 (14th December 2022):
Bug fixes:
TL-35203 Added the location details to seminar calendar export ical
The location was not included as a field in the external calendar, and it won't
show in the iCal after export. As a part of this patch, location detail has been
added to the export iCal.
TL-36053 Fixed notification queues breaking on Errors
Previously the notification queues caught thrown Exceptions and continued to
send the rest of the messages in the queue. However an Error or other Throwable
would still break the queue. These have been updated to catch all Throwables, to
allow as many valid notifications to be sent as possible while logging all
invalid ones.
Release 13.27 (14th December 2022):
Bug fixes:
TL-35203 Added the location details to seminar calendar export ical
The location was not included as a field in the external calendar, and it won't
show in the iCal after export. As a part of this patch, location detail has been
added to the export iCal.
Release 12.49 (14th December 2022):
Bug fixes:
TL-35203 Added the location details to seminar calendar export ical
The location was not included as a field in the external calendar, and it won't
show in the iCal after export. As a part of this patch, location detail has been
added to the export iCal.
Release 11.56 (14th December 2022):
Technical changes:
TL-35374 \page_requirements_manager::js_call_amd() can now be called without specifying the 'function' parameter
Release 10.58 (14th December 2022):
Security issues:
TL-35452 Hardened security around unserialize() calls in Totara 10 and earlier
This patch introduces a third party library which provides a polyfill to the
unserialize function. The polyfill provides the second argument introduced in
PHP 7 to limit the class names which should be accepted.
All unserialize calls prone to this issue which have been fixed in later
versions of Totara have now been hardened by using the polyfill.
Release 9.65 (14th December 2022):
Security issues:
TL-35452 Hardened security around unserialize() calls in Totara 10 and earlier
This patch introduces a third party library which provides a polyfill to the
unserialize function. The polyfill provides the second argument introduced in
PHP 7 to limit the class names which should be accepted.
All unserialize calls prone to this issue which have been fixed in later
versions of Totara have now been hardened by using the polyfill.
Release 2.9.64 (14th December 2022):
Security issues:
TL-35452 Hardened security around unserialize() calls in Totara 10 and earlier
This patch introduces a third party library which provides a polyfill to the
unserialize function. The polyfill provides the second argument introduced in
PHP 7 to limit the class names which should be accepted.
All unserialize calls prone to this issue which have been fixed in later
versions of Totara have now been hardened by using the polyfill.
Release 2.7.69 (14th December 2022):
Security issues:
TL-35452 Hardened security around unserialize() calls in Totara 10 and earlier
This patch introduces a third party library which provides a polyfill to the
unserialize function. The polyfill provides the second argument introduced in
PHP 7 to limit the class names which should be accepted.
All unserialize calls prone to this issue which have been fixed in later
versions of Totara have now been hardened by using the polyfill.
Release 2.6.86 (14th December 2022):
Security issues:
TL-35452 Hardened security around unserialize() calls in Totara 10 and earlier
This patch introduces a third party library which provides a polyfill to the
unserialize function. The polyfill provides the second argument introduced in
PHP 7 to limit the class names which should be accepted.
All unserialize calls prone to this issue which have been fixed in later
versions of Totara have now been hardened by using the polyfill.