Hello everyone,
The following versions of Totara have now been released:
These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes various bug fixes and improvements.
A big thanks to the following people for their contributions to this release:
- Andrew Mansfield at Cortexa
- Darshana Godara at Androgogic - TL-37051
Kind regards
Release Team
Release 17.9 (25th July 2023):
Important:
TL-35903 Introduced a 'read-only' setting to deprecate Legacy Appraisals and Legacy 360 Feedback
The new "read-only" setting was introduced for Legacy Appraisals and Legacy 360
Feedback with Two options:
* When the "read-only" option setting is disabled an organisation can continue
to use Legacy Appraisals and/or Legacy 360 Feedback.
* When the "read-only" option setting is enabled:
** All action functionality such as Create, Activate, Copy, Edit etc. will be
disabled.
** Users and administrator/manager will see a banner notifying them that all
actions are in transition to close before the cron task has occurred.
** After the cron task has occurred all active activities will be closed.
** Users and administrator/manager will still have access to Legacy Appraisals
and/or Legacy 360 Feedback historic records.
Security issues:
TL-37599 Fixed 'badge issued' page displaying wrong user information
When a badge got uploaded to a Badgr.com backpack the link to the criteria
pointed to the 'badge issued' page for the first user who uploaded the same
badge. To fix this a new page got created to only show the generic non-user
specific information about the badge. For all new uploads to the backpack this
url is used.
On the existing 'badge issued' page we added a check to only show the user
information if the visiting user arrived on this page from within Totara, is
logged in, and has the capability to view the badge information. For existing
external links to the public badge page this will result in a change in
behaviour: only the general badge information is shown.
Improvements:
TL-33818 Block titles are no longer all uppercase
TL-37668 Added option to unset the 'force password change' flag during bulk user actions
It is now possible to run a bulk user action to remove the 'force password
change' flag from a large number of users at the same time.
TL-37400 Notification content in the list of received notifications is now accessible via keyboard
Bug fixes:
TL-35746 Fixed report errors preventing the Report Manager block from displaying correctly
TL-35953 Fixed behaviour for displaying in-product help links based on 'Docs document root' setting
Previously if the 'Docs document root' was not set, it would automatically
default to Totara's help site URL. With this change if 'Docs document root' is
not set, then help links will no longer appear.
If you do not want in-product help links (or if the links are broken) you can
remove them by un-setting the 'Docs document root'. It will not automatically be
set on new installs.
TL-36049 Fixed an issue where seminar notifications showed "Requested" instead of "Pending Requests" in some cases
TL-36295 Fixed data deserialisation error in cache file store
TL-36425 Fixed misleading 'Print trainer names' help text for the certification activity
TL-36426 Hide signuppanel and identityproivder blocks when there is no content to render
TL-36573 Fixed the value of third party course types when restoring a course backup
TL-36655 Changed 'overdue' to 'Overdue' in the English language pack where used in courses, programs, certification and learning plans.
TL-36663 Cherry-picked MDL-74358 availability: Avoid php8 problem with array_values(null)
TL-36665 Improved the help text for 'Disable iCalendar cancellations'
TL-36767 Make the progress bars in the catalogue appear for programs with 100%
This change was implemented to ensure that progress bars in the catalogue
display correctly for programs that are 100% complete.
TL-36923 Fixed text overlapping in messages page
Fixed text overlapping in messages header container and left panel message list
TL-36964 Fixed course category description not allowing embedding with consistent cleaning disabled
TL-37051 Fixed displaying operators in dynamic audience rulesets
TL-37197 Fixed formatting issue for the 'reply to' name in emails
TL-37223 Fixed issue with requesting additional metadata for links
When adding links to other services like Youtube or converting links to cards in
the Weka Editor a request is being made to retrieve additional metadata. This
metadata is used to set the hero image of Engage resources or displaying links
as cards.
To protect from DNS rebinding attacks the IP address for the given host is used.
An invalid CURL option has been used to make the request. Only in more recent
versions CURL is triggering an actual error in this case resulting in metadata
not being correctly requested.
This has been fixed. Now the correct CURL option syntax is used and requests are
successful again.
TL-37261 Fixed time_created column in the notification_event_log table not capturing the time the log record got created
Previously, the time_created column did not capture the time the log was created
but the time of the event instead. If the notification is triggered by an event
happening in the future, e.g. x days before course start date, time_created
would be the time of the future event. To ensure that the time_created column is
reflecting the correct time we created a new column "event_time". The
time_created column now captures the time the log entry gets created and the
event_time the time the event happened or will happen.
On upgrade all existing records are updated. The event_time column is populated
with the previous time_created values and the time_created values are
recalculated based on the old event_time and the offset of the event.
In addition we ensured that all the following report sources now have columns
for the time_created and the event_time values:
* Notifications
* Notification Log
* Notification Delivery Log
Existing embedded reports based on those sources need to be either resetted or
the columns added manually.
TL-37310 Fixed an issue with creating/updating users via external API, when their authentication method does not use passwords
Previously, the 'password' field was required when creating or updating users
via the external API. 'Password' is no longer required when a user's
authentication method does not use passwords.
TL-37368 Fixed missing sesskey error during blocks administration
TL-37492 Display correct recipient for "Event Under Minimum Bookings" notification
TL-37581 Fixed that course_due_date notifications were being sent to users who have been unenrolled or suspended
TL-37626 Fixed several report columns including encoded characters in the export
The following report columns have been addressed:
* Program / Certification overview -> Course Category (linked to category)
* Program / Certification overview -> Course Shortname
* Performance activity reports -> Activity type
* Performance Subject Instance Performance Reporting -> Performance activity
name (linked to view form) (currently not exportable)
* Record of learning: Competencies -> Overall achievement level
* Record of Learning: Recurring Programs -> Course name
TL-37627 Fixed seminar session details not being included in legacy facilitator notifications on first save
TL-36876 Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header
TL-37333 Changed legacy notification preferences to preserve focus when using the keyboard
Tui front end framework:
TL-36804 Fixed double scroll bar on adder core component.
Contributions:
* Andrew Mansfield at Cortexa - TL-35746
* Darshana Godara at Androgogic - TL-37051
Release 16.15 (25th July 2023):
Important:
TL-35903 Introduced a 'read-only' setting to deprecate Legacy Appraisals and Legacy 360 Feedback
The new "read-only" setting was introduced for Legacy Appraisals and Legacy 360
Feedback with Two options:
* When the "read-only" option setting is disabled an organisation can continue
to use Legacy Appraisals and/or Legacy 360 Feedback.
* When the "read-only" option setting is enabled:
** All action functionality such as Create, Activate, Copy, Edit etc. will be
disabled.
** Users and administrator/manager will see a banner notifying them that all
actions are in transition to close before the cron task has occurred.
** After the cron task has occurred all active activities will be closed.
** Users and administrator/manager will still have access to Legacy Appraisals
and/or Legacy 360 Feedback historic records.
Security issues:
TL-37599 Fixed 'badge issued' page displaying wrong user information
When a badge got uploaded to a Badgr.com backpack the link to the criteria
pointed to the 'badge issued' page for the first user who uploaded the same
badge. To fix this a new page got created to only show the generic non-user
specific information about the badge. For all new uploads to the backpack this
url is used.
On the existing 'badge issued' page we added a check to only show the user
information if the visiting user arrived on this page from within Totara, is
logged in, and has the capability to view the badge information. For existing
external links to the public badge page this will result in a change in
behaviour: only the general badge information is shown.
Improvements:
TL-37400 Notification content in the list of received notifications is now accessible via keyboard
Bug fixes:
TL-35746 Fixed report errors preventing the Report Manager block from displaying correctly
TL-35953 Fixed behaviour for displaying in-product help links based on 'Docs document root' setting
Previously if the 'Docs document root' was not set, it would automatically
default to Totara's help site URL. With this change if 'Docs document root' is
not set, then help links will no longer appear.
If you do not want in-product help links (or if the links are broken) you can
remove them by un-setting the 'Docs document root'. It will not automatically be
set on new installs.
TL-36049 Fixed an issue where seminar notifications showed "Requested" instead of "Pending Requests" in some cases
TL-36295 Fixed data deserialisation error in cache file store
TL-36425 Fixed misleading 'Print trainer names' help text for the certification activity
TL-36573 Fixed the value of third party course types when restoring a course backup
TL-36655 Changed 'overdue' to 'Overdue' in the English language pack where used in courses, programs, certification and learning plans.
TL-36663 Cherry-picked MDL-74358 availability: Avoid php8 problem with array_values(null)
TL-36665 Improved the help text for 'Disable iCalendar cancellations'
TL-36767 Make the progress bars in the catalogue appear for programs with 100%
This change was implemented to ensure that progress bars in the catalogue
display correctly for programs that are 100% complete.
TL-36923 Fixed text overlapping in messages page
Fixed text overlapping in messages header container and left panel message list
TL-36964 Fixed course category description not allowing embedding with consistent cleaning disabled
TL-37051 Fixed displaying operators in dynamic audience rulesets
TL-37197 Fixed formatting issue for the 'reply to' name in emails
TL-37223 Fixed issue with requesting additional metadata for links
When adding links to other services like Youtube or converting links to cards in
the Weka Editor a request is being made to retrieve additional metadata. This
metadata is used to set the hero image of Engage resources or displaying links
as cards.
To protect from DNS rebinding attacks the IP address for the given host is used.
An invalid CURL option has been used to make the request. Only in more recent
versions CURL is triggering an actual error in this case resulting in metadata
not being correctly requested.
This has been fixed. Now the correct CURL option syntax is used and requests are
successful again.
TL-37368 Fixed missing sesskey error during blocks administration
TL-37492 Display correct recipient for "Event Under Minimum Bookings" notification
TL-37581 Fixed that course_due_date notifications were being sent to users who have been unenrolled or suspended
TL-37626 Fixed several report columns including encoded characters in the export
The following report columns have been addressed:
* Program / Certification overview -> Course Category (linked to category)
* Program / Certification overview -> Course Shortname
* Performance activity reports -> Activity type
* Performance Subject Instance Performance Reporting -> Performance activity
name (linked to view form) (currently not exportable)
* Record of learning: Competencies -> Overall achievement level
* Record of Learning: Recurring Programs -> Course name
TL-37627 Fixed seminar session details not being included in legacy facilitator notifications on first save
TL-36876 Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header
TL-37333 Changed legacy notification preferences to preserve focus when using the keyboard
Tui front end framework:
TL-36804 Fixed double scroll bar on adder core component.
Contributions:
* Andrew Mansfield at Cortexa - TL-35746
* Darshana Godara at Androgogic - TL-37051
Release 15.21 (25th July 2023):
Important:
TL-35903 Introduced a 'read-only' setting to deprecate Legacy Appraisals and Legacy 360 Feedback
The new "read-only" setting was introduced for Legacy Appraisals and Legacy 360
Feedback with Two options:
* When the "read-only" option setting is disabled an organisation can continue
to use Legacy Appraisals and/or Legacy 360 Feedback.
* When the "read-only" option setting is enabled:
** All action functionality such as Create, Activate, Copy, Edit etc. will be
disabled.
** Users and administrator/manager will see a banner notifying them that all
actions are in transition to close before the cron task has occurred.
** After the cron task has occurred all active activities will be closed.
** Users and administrator/manager will still have access to Legacy Appraisals
and/or Legacy 360 Feedback historic records.
Security issues:
TL-37599 Fixed 'badge issued' page displaying wrong user information
When a badge got uploaded to a Badgr.com backpack the link to the criteria
pointed to the 'badge issued' page for the first user who uploaded the same
badge. To fix this a new page got created to only show the generic non-user
specific information about the badge. For all new uploads to the backpack this
url is used.
On the existing 'badge issued' page we added a check to only show the user
information if the visiting user arrived on this page from within Totara, is
logged in, and has the capability to view the badge information. For existing
external links to the public badge page this will result in a change in
behaviour: only the general badge information is shown.
Improvements:
TL-37400 Notification content in the list of received notifications is now accessible via keyboard
Bug fixes:
TL-35746 Fixed report errors preventing the Report Manager block from displaying correctly
TL-36049 Fixed an issue where seminar notifications showed "Requested" instead of "Pending Requests" in some cases
TL-36573 Fixed the value of third party course types when restoring a course backup
TL-36655 Changed 'overdue' to 'Overdue' in the English language pack where used in courses, programs, certification and learning plans.
TL-36663 Cherry-picked MDL-74358 availability: Avoid php8 problem with array_values(null)
TL-36665 Improved the help text for 'Disable iCalendar cancellations'
TL-36767 Make the progress bars in the catalogue appear for programs with 100%
This change was implemented to ensure that progress bars in the catalogue
display correctly for programs that are 100% complete.
TL-36923 Fixed text overlapping in messages page
Fixed text overlapping in messages header container and left panel message list
TL-36964 Fixed course category description not allowing embedding with consistent cleaning disabled
TL-37051 Fixed displaying operators in dynamic audience rulesets
TL-37197 Fixed formatting issue for the 'reply to' name in emails
TL-37223 Fixed issue with requesting additional metadata for links
When adding links to other services like Youtube or converting links to cards in
the Weka Editor a request is being made to retrieve additional metadata. This
metadata is used to set the hero image of Engage resources or displaying links
as cards.
To protect from DNS rebinding attacks the IP address for the given host is used.
An invalid CURL option has been used to make the request. Only in more recent
versions CURL is triggering an actual error in this case resulting in metadata
not being correctly requested.
This has been fixed. Now the correct CURL option syntax is used and requests are
successful again.
TL-37368 Fixed missing sesskey error during blocks administration
TL-37492 Display correct recipient for "Event Under Minimum Bookings" notification
TL-37626 Fixed several report columns including encoded characters in the export
The following report columns have been addressed:
* Program / Certification overview -> Course Category (linked to category)
* Program / Certification overview -> Course Shortname
* Performance activity reports -> Activity type
* Performance Subject Instance Performance Reporting -> Performance activity
name (linked to view form) (currently not exportable)
* Record of learning: Competencies -> Overall achievement level
* Record of Learning: Recurring Programs -> Course name
TL-36876 Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header
TL-37333 Changed legacy notification preferences to preserve focus when using the keyboard
Contributions:
* Andrew Mansfield at Cortexa - TL-35746
* Darshana Godara at Androgogic - TL-37051
Release 14.26 (25th July 2023):
Important:
TL-35903 Introduced a 'read-only' setting to deprecate Legacy Appraisals and Legacy 360 Feedback
The new "read-only" setting was introduced for Legacy Appraisals and Legacy 360
Feedback with Two options:
* When the "read-only" option setting is disabled an organisation can continue
to use Legacy Appraisals and/or Legacy 360 Feedback.
* When the "read-only" option setting is enabled:
** All action functionality such as Create, Activate, Copy, Edit etc. will be
disabled.
** Users and administrator/manager will see a banner notifying them that all
actions are in transition to close before the cron task has occurred.
** After the cron task has occurred all active activities will be closed.
** Users and administrator/manager will still have access to Legacy Appraisals
and/or Legacy 360 Feedback historic records.
Improvements:
TL-37400 Notification content in the list of received notifications is now accessible via keyboard
Bug fixes:
TL-35746 Fixed report errors preventing the Report Manager block from displaying correctly
TL-36049 Fixed an issue where seminar notifications showed "Requested" instead of "Pending Requests" in some cases
TL-36573 Fixed the value of third party course types when restoring a course backup
TL-36655 Changed 'overdue' to 'Overdue' in the English language pack where used in courses, programs, certification and learning plans.
TL-36663 Cherry-picked MDL-74358 availability: Avoid php8 problem with array_values(null)
TL-36767 Make the progress bars in the catalogue appear for programs with 100%
This change was implemented to ensure that progress bars in the catalogue
display correctly for programs that are 100% complete.
TL-36923 Fixed text overlapping in messages page
Fixed text overlapping in messages header container and left panel message list
TL-36964 Fixed course category description not allowing embedding with consistent cleaning disabled
TL-37051 Fixed displaying operators in dynamic audience rulesets
TL-37197 Fixed formatting issue for the 'reply to' name in emails
TL-37223 Fixed issue with requesting additional metadata for links
When adding links to other services like Youtube or converting links to cards in
the Weka Editor a request is being made to retrieve additional metadata. This
metadata is used to set the hero image of Engage resources or displaying links
as cards.
To protect from DNS rebinding attacks the IP address for the given host is used.
An invalid CURL option has been used to make the request. Only in more recent
versions CURL is triggering an actual error in this case resulting in metadata
not being correctly requested.
This has been fixed. Now the correct CURL option syntax is used and requests are
successful again.
TL-37368 Fixed missing sesskey error during blocks administration
TL-37492 Display correct recipient for "Event Under Minimum Bookings" notification
TL-37626 Fixed several report columns including encoded characters in the export
The following report columns have been addressed:
* Program / Certification overview -> Course Category (linked to category)
* Program / Certification overview -> Course Shortname
* Performance activity reports -> Activity type
* Performance Subject Instance Performance Reporting -> Performance activity
name (linked to view form) (currently not exportable)
* Record of learning: Competencies -> Overall achievement level
* Record of Learning: Recurring Programs -> Course name
TL-36876 Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header
TL-37333 Changed legacy notification preferences to preserve focus when using the keyboard
Contributions:
* Andrew Mansfield at Cortexa - TL-35746
* Darshana Godara at Androgogic - TL-37051
Release 13.34 (25th July 2023):
Important:
TL-35903 Introduced a 'read-only' setting to deprecate Legacy Appraisals and Legacy 360 Feedback
The new "read-only" setting was introduced for Legacy Appraisals and Legacy 360
Feedback with Two options:
* When the "read-only" option setting is disabled an organisation can continue
to use Legacy Appraisals and/or Legacy 360 Feedback.
* When the "read-only" option setting is enabled:
** All action functionality such as Create, Activate, Copy, Edit etc. will be
disabled.
** Users and administrator/manager will see a banner notifying them that all
actions are in transition to close before the cron task has occurred.
** After the cron task has occurred all active activities will be closed.
** Users and administrator/manager will still have access to Legacy Appraisals
and/or Legacy 360 Feedback historic records.
Improvements:
TL-37400 Notification content in the list of received notifications is now accessible via keyboard
Bug fixes:
TL-35746 Fixed report errors preventing the Report Manager block from displaying correctly
TL-36049 Fixed an issue where seminar notifications showed "Requested" instead of "Pending Requests" in some cases
TL-36573 Fixed the value of third party course types when restoring a course backup
TL-36655 Changed 'overdue' to 'Overdue' in the English language pack where used in courses, programs, certification and learning plans.
TL-36767 Make the progress bars in the catalogue appear for programs with 100%
This change was implemented to ensure that progress bars in the catalogue
display correctly for programs that are 100% complete.
TL-36923 Fixed text overlapping in messages page
Fixed text overlapping in messages header container and left panel message list
TL-37051 Fixed displaying operators in dynamic audience rulesets
TL-37197 Fixed formatting issue for the 'reply to' name in emails
TL-37223 Fixed issue with requesting additional metadata for links
When adding links to other services like Youtube or converting links to cards in
the Weka Editor a request is being made to retrieve additional metadata. This
metadata is used to set the hero image of Engage resources or displaying links
as cards.
To protect from DNS rebinding attacks the IP address for the given host is used.
An invalid CURL option has been used to make the request. Only in more recent
versions CURL is triggering an actual error in this case resulting in metadata
not being correctly requested.
This has been fixed. Now the correct CURL option syntax is used and requests are
successful again.
TL-37368 Fixed missing sesskey error during blocks administration
TL-37492 Display correct recipient for "Event Under Minimum Bookings" notification
TL-37626 Fixed several report columns including encoded characters in the export
The following report columns have been addressed:
* Program / Certification overview -> Course Category (linked to category)
* Program / Certification overview -> Course Shortname
* Performance activity reports -> Activity type
* Performance Subject Instance Performance Reporting -> Performance activity
name (linked to view form) (currently not exportable)
* Record of learning: Competencies -> Overall achievement level
* Record of Learning: Recurring Programs -> Course name
* Program/Certification completion -> Certification Name and Linked Icon
* Program/Certification completion -> Certification Name (expanding details)
* User -> Extensions
TL-36876 Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header
TL-37333 Changed legacy notification preferences to preserve focus when using the keyboard
Contributions:
* Andrew Mansfield at Cortexa - TL-35746
* Darshana Godara at Androgogic - TL-37051
Release 12.55 (25th July 2023):
Bug fixes:
TL-37051 Fixed displaying operators in dynamic audience rulesets
TL-36876 Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header
Contributions:
* Darshana Godara at Androgogic - TL-37051