Totara Release Notes

Totara TXP 17.9, 16.15, 15.21, 14.26, 13.34 and Totara Learn 12.55 are now available

 
Riana Rossouw
Totara TXP 17.9, 16.15, 15.21, 14.26, 13.34 and Totara Learn 12.55 are now available
بواسطة Tuesday, 25 July 2023, 1:58 PM - Riana Rossouw
مجموعة Totara

Hello everyone,

The following versions of Totara have now been released:

These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes various bug fixes and improvements.

A big thanks to the following people for their contributions to this release:

  • Andrew Mansfield at Cortexa
  • Darshana Godara at Androgogic - TL-37051

Kind regards 

Release Team

Release 17.9 (25th July 2023):

Important:

    TL-35903       Introduced a 'read-only' setting to deprecate Legacy Appraisals and Legacy 360 Feedback

                   The new "read-only" setting was introduced for Legacy Appraisals and Legacy 360
                   Feedback with Two options:
                    * When the "read-only" option setting is disabled an organisation can continue
                   to use Legacy Appraisals and/or Legacy 360 Feedback.
                    * When the "read-only" option setting is enabled:
                    ** All action functionality such as Create, Activate, Copy, Edit etc. will be
                   disabled.
                    ** Users and administrator/manager will see a banner notifying them that all
                   actions are in transition to close before the cron task has occurred. 
                    ** After the cron task has occurred all active activities will be closed.
                    ** Users and administrator/manager will still have access to Legacy Appraisals
                   and/or Legacy 360 Feedback historic records.


Security issues:

    TL-37599       Fixed 'badge issued' page displaying wrong user information

                   When a badge got uploaded to a Badgr.com backpack the link to the criteria
                   pointed to the 'badge issued' page for the first user who uploaded the same
                   badge. To fix this a new page got created to only show the generic non-user
                   specific information about the badge. For all new uploads to the backpack this
                   url is used. 
                   
                   On the existing 'badge issued' page we added a check to only show the user
                   information if the visiting user arrived on this page from within Totara, is
                   logged in, and has the capability to view the badge information. For existing
                   external links to the public badge page this will result in a change in
                   behaviour: only the general badge information is shown.


Improvements:

    TL-33818       Block titles are no longer all uppercase
    TL-37668       Added option to unset the 'force password change' flag during bulk user actions

                   It is now possible to run a bulk user action to remove the 'force password
                   change' flag from a large number of users at the same time.

    TL-37400       Notification content in the list of received notifications is now accessible via keyboard

Bug fixes:

    TL-35746       Fixed report errors preventing the Report Manager block from displaying correctly
    TL-35953       Fixed behaviour for displaying in-product help links based on 'Docs document root' setting

                   Previously if the 'Docs document root' was not set, it would automatically
                   default to Totara's help site URL. With this change if 'Docs document root' is
                   not set, then help links will no longer appear.
                   
                   If you do not want in-product help links (or if the links are broken) you can
                   remove them by un-setting the 'Docs document root'. It will not automatically be
                   set on new installs.

    TL-36049       Fixed an issue where seminar notifications showed "Requested" instead of "Pending Requests" in some cases
    TL-36295       Fixed data deserialisation error in cache file store
    TL-36425       Fixed misleading 'Print trainer names' help text for the certification activity
    TL-36426       Hide signuppanel and identityproivder blocks when there is no content to render
    TL-36573       Fixed the value of third party course types when restoring a course backup
    TL-36655       Changed 'overdue' to 'Overdue' in the English language pack where used in courses, programs, certification and learning plans.
    TL-36663       Cherry-picked MDL-74358 availability: Avoid php8 problem with array_values(null)
    TL-36665       Improved the help text for 'Disable iCalendar cancellations'
    TL-36767       Make the progress bars in the catalogue appear for programs with 100%

                   This change was implemented to ensure that progress bars in the catalogue
                   display correctly for programs that are 100% complete.

    TL-36923       Fixed text overlapping in messages page

                   Fixed text overlapping in messages header container and left panel message list

    TL-36964       Fixed course category description not allowing embedding with consistent cleaning disabled
    TL-37051       Fixed displaying operators in dynamic audience rulesets
    TL-37197       Fixed formatting issue for the 'reply to' name in emails
    TL-37223       Fixed issue with requesting additional metadata for links

                   When adding links to other services like Youtube or converting links to cards in
                   the Weka Editor a request is being made to retrieve additional metadata. This
                   metadata is used to set the hero image of Engage resources or displaying links
                   as cards. 
                   
                   To protect from DNS rebinding attacks the IP address for the given host is used.
                   An invalid CURL option has been used to make the request. Only in more recent
                   versions CURL is triggering an actual error in this case resulting in metadata
                   not being correctly requested. 
                   
                   This has been fixed. Now the correct CURL option syntax is used and requests are
                   successful again.

    TL-37261       Fixed time_created column in the notification_event_log table not capturing the time the log record got created

                   Previously, the time_created column did not capture the time the log was created
                   but the time of the event instead. If the notification is triggered by an event
                   happening in the future, e.g. x days before course start date, time_created
                   would be the time of the future event. To ensure that the time_created column is
                   reflecting the correct time we created a new column "event_time". The
                   time_created column now captures the time the log entry gets created and the
                   event_time the time the event happened or will happen. 
                   
                   On upgrade all existing records are updated. The event_time column is populated
                   with the previous time_created values and the time_created values are
                   recalculated based on the old event_time and the offset of the event.
                   
                   In addition we ensured that all the following report sources now have columns
                   for the time_created and the event_time values:
                   
                   * Notifications
                   * Notification Log
                   * Notification Delivery Log
                   
                   Existing embedded reports based on those sources need to be either resetted or
                   the columns added manually.

    TL-37310       Fixed an issue with creating/updating users via external API, when their authentication method does not use passwords

                   Previously, the 'password' field was required when creating or updating users
                   via the external API. 'Password' is no longer required when a user's
                   authentication method does not use passwords.

    TL-37368       Fixed missing sesskey error during blocks administration
    TL-37492       Display correct recipient for "Event Under Minimum Bookings" notification
    TL-37581       Fixed that course_due_date notifications were being sent to users who have been unenrolled or suspended
    TL-37626       Fixed several report columns including encoded characters in the export

                   The following report columns have been addressed:
                    * Program / Certification overview -> Course Category (linked to category)
                    * Program / Certification overview -> Course Shortname
                    * Performance activity reports -> Activity type
                    * Performance Subject Instance Performance Reporting -> Performance activity
                   name (linked to view form) (currently not exportable)
                    * Record of learning: Competencies -> Overall achievement level
                    * Record of Learning: Recurring Programs -> Course name

    TL-37627       Fixed seminar session details not being included in legacy facilitator notifications on first save
    TL-36876       Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header
    TL-37333       Changed legacy notification preferences to preserve focus when using the keyboard

Tui front end framework:

    TL-36804       Fixed double scroll bar on adder core component.

Contributions:

    * Andrew Mansfield at Cortexa - TL-35746
    * Darshana Godara at Androgogic - TL-37051

Release 16.15 (25th July 2023):

Important:

    TL-35903       Introduced a 'read-only' setting to deprecate Legacy Appraisals and Legacy 360 Feedback

                   The new "read-only" setting was introduced for Legacy Appraisals and Legacy 360
                   Feedback with Two options:
                    * When the "read-only" option setting is disabled an organisation can continue
                   to use Legacy Appraisals and/or Legacy 360 Feedback.
                    * When the "read-only" option setting is enabled:
                    ** All action functionality such as Create, Activate, Copy, Edit etc. will be
                   disabled.
                    ** Users and administrator/manager will see a banner notifying them that all
                   actions are in transition to close before the cron task has occurred. 
                    ** After the cron task has occurred all active activities will be closed.
                    ** Users and administrator/manager will still have access to Legacy Appraisals
                   and/or Legacy 360 Feedback historic records.


Security issues:

    TL-37599       Fixed 'badge issued' page displaying wrong user information

                   When a badge got uploaded to a Badgr.com backpack the link to the criteria
                   pointed to the 'badge issued' page for the first user who uploaded the same
                   badge. To fix this a new page got created to only show the generic non-user
                   specific information about the badge. For all new uploads to the backpack this
                   url is used. 
                   
                   On the existing 'badge issued' page we added a check to only show the user
                   information if the visiting user arrived on this page from within Totara, is
                   logged in, and has the capability to view the badge information. For existing
                   external links to the public badge page this will result in a change in
                   behaviour: only the general badge information is shown.


Improvements:

    TL-37400       Notification content in the list of received notifications is now accessible via keyboard

Bug fixes:

    TL-35746       Fixed report errors preventing the Report Manager block from displaying correctly
    TL-35953       Fixed behaviour for displaying in-product help links based on 'Docs document root' setting

                   Previously if the 'Docs document root' was not set, it would automatically
                   default to Totara's help site URL. With this change if 'Docs document root' is
                   not set, then help links will no longer appear.
                   
                   If you do not want in-product help links (or if the links are broken) you can
                   remove them by un-setting the 'Docs document root'. It will not automatically be
                   set on new installs.

    TL-36049       Fixed an issue where seminar notifications showed "Requested" instead of "Pending Requests" in some cases
    TL-36295       Fixed data deserialisation error in cache file store
    TL-36425       Fixed misleading 'Print trainer names' help text for the certification activity
    TL-36573       Fixed the value of third party course types when restoring a course backup
    TL-36655       Changed 'overdue' to 'Overdue' in the English language pack where used in courses, programs, certification and learning plans.
    TL-36663       Cherry-picked MDL-74358 availability: Avoid php8 problem with array_values(null)
    TL-36665       Improved the help text for 'Disable iCalendar cancellations'
    TL-36767       Make the progress bars in the catalogue appear for programs with 100%

                   This change was implemented to ensure that progress bars in the catalogue
                   display correctly for programs that are 100% complete.

    TL-36923       Fixed text overlapping in messages page

                   Fixed text overlapping in messages header container and left panel message list

    TL-36964       Fixed course category description not allowing embedding with consistent cleaning disabled
    TL-37051       Fixed displaying operators in dynamic audience rulesets
    TL-37197       Fixed formatting issue for the 'reply to' name in emails
    TL-37223       Fixed issue with requesting additional metadata for links

                   When adding links to other services like Youtube or converting links to cards in
                   the Weka Editor a request is being made to retrieve additional metadata. This
                   metadata is used to set the hero image of Engage resources or displaying links
                   as cards. 
                   
                   To protect from DNS rebinding attacks the IP address for the given host is used.
                   An invalid CURL option has been used to make the request. Only in more recent
                   versions CURL is triggering an actual error in this case resulting in metadata
                   not being correctly requested. 
                   
                   This has been fixed. Now the correct CURL option syntax is used and requests are
                   successful again.

    TL-37368       Fixed missing sesskey error during blocks administration
    TL-37492       Display correct recipient for "Event Under Minimum Bookings" notification
    TL-37581       Fixed that course_due_date notifications were being sent to users who have been unenrolled or suspended
    TL-37626       Fixed several report columns including encoded characters in the export

                   The following report columns have been addressed:
                    * Program / Certification overview -> Course Category (linked to category)
                    * Program / Certification overview -> Course Shortname
                    * Performance activity reports -> Activity type
                    * Performance Subject Instance Performance Reporting -> Performance activity
                   name (linked to view form) (currently not exportable)
                    * Record of learning: Competencies -> Overall achievement level
                    * Record of Learning: Recurring Programs -> Course name

    TL-37627       Fixed seminar session details not being included in legacy facilitator notifications on first save
    TL-36876       Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header
    TL-37333       Changed legacy notification preferences to preserve focus when using the keyboard

Tui front end framework:

    TL-36804       Fixed double scroll bar on adder core component.

Contributions:

    * Andrew Mansfield at Cortexa - TL-35746
    * Darshana Godara at Androgogic - TL-37051

Release 15.21 (25th July 2023):

Important:

    TL-35903       Introduced a 'read-only' setting to deprecate Legacy Appraisals and Legacy 360 Feedback

                   The new "read-only" setting was introduced for Legacy Appraisals and Legacy 360
                   Feedback with Two options:
                    * When the "read-only" option setting is disabled an organisation can continue
                   to use Legacy Appraisals and/or Legacy 360 Feedback.
                    * When the "read-only" option setting is enabled:
                    ** All action functionality such as Create, Activate, Copy, Edit etc. will be
                   disabled.
                    ** Users and administrator/manager will see a banner notifying them that all
                   actions are in transition to close before the cron task has occurred. 
                    ** After the cron task has occurred all active activities will be closed.
                    ** Users and administrator/manager will still have access to Legacy Appraisals
                   and/or Legacy 360 Feedback historic records.


Security issues:

    TL-37599       Fixed 'badge issued' page displaying wrong user information

                   When a badge got uploaded to a Badgr.com backpack the link to the criteria
                   pointed to the 'badge issued' page for the first user who uploaded the same
                   badge. To fix this a new page got created to only show the generic non-user
                   specific information about the badge. For all new uploads to the backpack this
                   url is used. 
                   
                   On the existing 'badge issued' page we added a check to only show the user
                   information if the visiting user arrived on this page from within Totara, is
                   logged in, and has the capability to view the badge information. For existing
                   external links to the public badge page this will result in a change in
                   behaviour: only the general badge information is shown.


Improvements:

    TL-37400       Notification content in the list of received notifications is now accessible via keyboard

Bug fixes:

    TL-35746       Fixed report errors preventing the Report Manager block from displaying correctly
    TL-36049       Fixed an issue where seminar notifications showed "Requested" instead of "Pending Requests" in some cases
    TL-36573       Fixed the value of third party course types when restoring a course backup
    TL-36655       Changed 'overdue' to 'Overdue' in the English language pack where used in courses, programs, certification and learning plans.
    TL-36663       Cherry-picked MDL-74358 availability: Avoid php8 problem with array_values(null)
    TL-36665       Improved the help text for 'Disable iCalendar cancellations'
    TL-36767       Make the progress bars in the catalogue appear for programs with 100%

                   This change was implemented to ensure that progress bars in the catalogue
                   display correctly for programs that are 100% complete.

    TL-36923       Fixed text overlapping in messages page

                   Fixed text overlapping in messages header container and left panel message list

    TL-36964       Fixed course category description not allowing embedding with consistent cleaning disabled
    TL-37051       Fixed displaying operators in dynamic audience rulesets
    TL-37197       Fixed formatting issue for the 'reply to' name in emails
    TL-37223       Fixed issue with requesting additional metadata for links

                   When adding links to other services like Youtube or converting links to cards in
                   the Weka Editor a request is being made to retrieve additional metadata. This
                   metadata is used to set the hero image of Engage resources or displaying links
                   as cards. 
                   
                   To protect from DNS rebinding attacks the IP address for the given host is used.
                   An invalid CURL option has been used to make the request. Only in more recent
                   versions CURL is triggering an actual error in this case resulting in metadata
                   not being correctly requested. 
                   
                   This has been fixed. Now the correct CURL option syntax is used and requests are
                   successful again.

    TL-37368       Fixed missing sesskey error during blocks administration
    TL-37492       Display correct recipient for "Event Under Minimum Bookings" notification
    TL-37626       Fixed several report columns including encoded characters in the export

                   The following report columns have been addressed:
                    * Program / Certification overview -> Course Category (linked to category)
                    * Program / Certification overview -> Course Shortname
                    * Performance activity reports -> Activity type
                    * Performance Subject Instance Performance Reporting -> Performance activity
                   name (linked to view form) (currently not exportable)
                    * Record of learning: Competencies -> Overall achievement level
                    * Record of Learning: Recurring Programs -> Course name

    TL-36876       Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header
    TL-37333       Changed legacy notification preferences to preserve focus when using the keyboard

Contributions:

    * Andrew Mansfield at Cortexa - TL-35746
    * Darshana Godara at Androgogic - TL-37051

Release 14.26 (25th July 2023):

Important:

    TL-35903       Introduced a 'read-only' setting to deprecate Legacy Appraisals and Legacy 360 Feedback

                   The new "read-only" setting was introduced for Legacy Appraisals and Legacy 360
                   Feedback with Two options:
                    * When the "read-only" option setting is disabled an organisation can continue
                   to use Legacy Appraisals and/or Legacy 360 Feedback.
                    * When the "read-only" option setting is enabled:
                    ** All action functionality such as Create, Activate, Copy, Edit etc. will be
                   disabled.
                    ** Users and administrator/manager will see a banner notifying them that all
                   actions are in transition to close before the cron task has occurred. 
                    ** After the cron task has occurred all active activities will be closed.
                    ** Users and administrator/manager will still have access to Legacy Appraisals
                   and/or Legacy 360 Feedback historic records.


Improvements:

    TL-37400       Notification content in the list of received notifications is now accessible via keyboard

Bug fixes:

    TL-35746       Fixed report errors preventing the Report Manager block from displaying correctly
    TL-36049       Fixed an issue where seminar notifications showed "Requested" instead of "Pending Requests" in some cases
    TL-36573       Fixed the value of third party course types when restoring a course backup
    TL-36655       Changed 'overdue' to 'Overdue' in the English language pack where used in courses, programs, certification and learning plans.
    TL-36663       Cherry-picked MDL-74358 availability: Avoid php8 problem with array_values(null)
    TL-36767       Make the progress bars in the catalogue appear for programs with 100%

                   This change was implemented to ensure that progress bars in the catalogue
                   display correctly for programs that are 100% complete.

    TL-36923       Fixed text overlapping in messages page

                   Fixed text overlapping in messages header container and left panel message list

    TL-36964       Fixed course category description not allowing embedding with consistent cleaning disabled
    TL-37051       Fixed displaying operators in dynamic audience rulesets
    TL-37197       Fixed formatting issue for the 'reply to' name in emails
    TL-37223       Fixed issue with requesting additional metadata for links

                   When adding links to other services like Youtube or converting links to cards in
                   the Weka Editor a request is being made to retrieve additional metadata. This
                   metadata is used to set the hero image of Engage resources or displaying links
                   as cards. 
                   
                   To protect from DNS rebinding attacks the IP address for the given host is used.
                   An invalid CURL option has been used to make the request. Only in more recent
                   versions CURL is triggering an actual error in this case resulting in metadata
                   not being correctly requested. 
                   
                   This has been fixed. Now the correct CURL option syntax is used and requests are
                   successful again.

    TL-37368       Fixed missing sesskey error during blocks administration
    TL-37492       Display correct recipient for "Event Under Minimum Bookings" notification
    TL-37626       Fixed several report columns including encoded characters in the export

                   The following report columns have been addressed:
                    * Program / Certification overview -> Course Category (linked to category)
                    * Program / Certification overview -> Course Shortname
                    * Performance activity reports -> Activity type
                    * Performance Subject Instance Performance Reporting -> Performance activity
                   name (linked to view form) (currently not exportable)
                    * Record of learning: Competencies -> Overall achievement level
                    * Record of Learning: Recurring Programs -> Course name

    TL-36876       Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header
    TL-37333       Changed legacy notification preferences to preserve focus when using the keyboard

Contributions:

    * Andrew Mansfield at Cortexa - TL-35746
    * Darshana Godara at Androgogic - TL-37051

Release 13.34 (25th July 2023):

Important:

    TL-35903       Introduced a 'read-only' setting to deprecate Legacy Appraisals and Legacy 360 Feedback

                   The new "read-only" setting was introduced for Legacy Appraisals and Legacy 360
                   Feedback with Two options:
                    * When the "read-only" option setting is disabled an organisation can continue
                   to use Legacy Appraisals and/or Legacy 360 Feedback.
                    * When the "read-only" option setting is enabled:
                    ** All action functionality such as Create, Activate, Copy, Edit etc. will be
                   disabled.
                    ** Users and administrator/manager will see a banner notifying them that all
                   actions are in transition to close before the cron task has occurred. 
                    ** After the cron task has occurred all active activities will be closed.
                    ** Users and administrator/manager will still have access to Legacy Appraisals
                   and/or Legacy 360 Feedback historic records.


Improvements:

    TL-37400       Notification content in the list of received notifications is now accessible via keyboard

Bug fixes:

    TL-35746       Fixed report errors preventing the Report Manager block from displaying correctly
    TL-36049       Fixed an issue where seminar notifications showed "Requested" instead of "Pending Requests" in some cases
    TL-36573       Fixed the value of third party course types when restoring a course backup
    TL-36655       Changed 'overdue' to 'Overdue' in the English language pack where used in courses, programs, certification and learning plans.
    TL-36767       Make the progress bars in the catalogue appear for programs with 100%

                   This change was implemented to ensure that progress bars in the catalogue
                   display correctly for programs that are 100% complete.

    TL-36923       Fixed text overlapping in messages page

                   Fixed text overlapping in messages header container and left panel message list

    TL-37051       Fixed displaying operators in dynamic audience rulesets
    TL-37197       Fixed formatting issue for the 'reply to' name in emails
    TL-37223       Fixed issue with requesting additional metadata for links

                   When adding links to other services like Youtube or converting links to cards in
                   the Weka Editor a request is being made to retrieve additional metadata. This
                   metadata is used to set the hero image of Engage resources or displaying links
                   as cards. 
                   
                   To protect from DNS rebinding attacks the IP address for the given host is used.
                   An invalid CURL option has been used to make the request. Only in more recent
                   versions CURL is triggering an actual error in this case resulting in metadata
                   not being correctly requested. 
                   
                   This has been fixed. Now the correct CURL option syntax is used and requests are
                   successful again.

    TL-37368       Fixed missing sesskey error during blocks administration
    TL-37492       Display correct recipient for "Event Under Minimum Bookings" notification
    TL-37626       Fixed several report columns including encoded characters in the export

                   The following report columns have been addressed:
                    * Program / Certification overview -> Course Category (linked to category)
                    * Program / Certification overview -> Course Shortname
                    * Performance activity reports -> Activity type
                    * Performance Subject Instance Performance Reporting -> Performance activity
                   name (linked to view form) (currently not exportable)
                    * Record of learning: Competencies -> Overall achievement level
                    * Record of Learning: Recurring Programs -> Course name
                   * Program/Certification completion -> Certification Name and Linked Icon
                   * Program/Certification completion -> Certification Name (expanding details)
                   * User -> Extensions

    TL-36876       Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header
    TL-37333       Changed legacy notification preferences to preserve focus when using the keyboard

Contributions:

    * Andrew Mansfield at Cortexa - TL-35746
    * Darshana Godara at Androgogic - TL-37051

Release 12.55 (25th July 2023):

Bug fixes:

    TL-37051       Fixed displaying operators in dynamic audience rulesets
    TL-36876       Fixed the removal of the 'aria-labelledby' attribute when a block is set to not show a header

Contributions:

    * Darshana Godara at Androgogic - TL-37051