Hello everyone,
The following versions of Totara Learn have now been released:
- Release 17.11
- Release 16.17
- Release 15.23
- Release 14.28
- Release 13.36
- Release 12.57
- Release 11.58
- Release 10.60
These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes various bug fixes and improvements.
Kind regards Release Team
Release 17.11 (21st September 2023):
Security issues:
TL-38132 Improved checks around sequential page access for the quiz module
TL-38135 Fixed processor fragments allowing fetching of other users' data
TL-38140 Fixed block permission overrides for the dashboards
TL-38141 Remote code execution when parsing malformed file repository reference
TL-38143 Fixed proxy can be bypassed allowing internal access
Improvements:
TL-30248 Added support for multi-selection position and organisation filters in tenant embedded reports
Before the patch users with correct capabilities could not use multi-selection
filters in tenant embedded reports. We removed the second check ability to see
the report without embedded data
TL-37666 Added Totara 18 to the environments checks page
TL-37870 Update environment checks for PHP Just-In-Time opcache compilation
Totara currently does not support PHP with Just-In-Time compilation enabled.
This change adds a check to both the install/upgrade environments check, and the
internal environments check page.
Bug fixes:
TL-36171 Fixed asterisks not showing for required fields in the database module
TL-36644 Updated multi-section performance activity view so that when a section is submitted, the next section scrolls into view.
TL-36679 Fixed user tours not resetting correctly for the default dashboard
TL-36835 Fixed a potential race condition in the web installer
Sometimes when installing a brand new site via the web installer, some CSS files
may not load properly on the plugins page. This change makes the install more
robust and eliminates the network errors that can occur.
TL-37154 Fixed Certification ID column references data in report certification sources
TL-37370 Removed hashtag tip in workspace creation page.
This help text was misleading; the search field in the "Find workspaces' only
searches by workspace name.
TL-37736 Fixed a case where a like query with no value would throw a deprecation warning in PHP 8.1
TL-38209 Fixed mobile app access to non-visible program and certification courses
Technical changes:
TL-38126 PHPUnit test file and class names now conform to a new standard
PHPUnit test files should now conform to the following standard, which will
become required in Totara 18:
* Test file names should end with "_test.php"
* Test class names should be "_" (which always ends in
_test)
* Test files should only contain a single test class
* Namespaces should not be used in test files
* advanced_testcase and basic_testcase should no longer be used
Future improvements will see namespacing allowed providing it follows a
standardised pattern, and will see autoloading improved so that in the future we
can look to migrate to PHPUnit 10.
TL-38200 Database module static caching is reset during unit tests
Release 16.17 (21st September 2023):
Security issues:
TL-38132 Improved checks around sequential page access for the quiz module
TL-38135 Fixed processor fragments allowing fetching of other users' data
TL-38140 Fixed block permission overrides for the dashboards
TL-38141 Remote code execution when parsing malformed file repository reference
TL-38143 Fixed proxy can be bypassed allowing internal access
Improvements:
TL-37666 Added Totara 18 to the environments checks page
TL-37870 Update environment checks for PHP Just-In-Time opcache compilation
Totara currently does not support PHP with Just-In-Time compilation enabled.
This change adds a check to both the install/upgrade environments check, and the
internal environments check page.
Bug fixes:
TL-36171 Fixed asterisks not showing for required fields in the database module
TL-36644 Updated multi-section performance activity view so that when a section is submitted, the next section scrolls into view.
TL-36679 Fixed user tours not resetting correctly for the default dashboard
TL-36835 Fixed a potential race condition in the web installer
Sometimes when installing a brand new site via the web installer, some CSS files
may not load properly on the plugins page. This change makes the install more
robust and eliminates the network errors that can occur.
TL-37154 Fixed Certification ID column references data in report certification sources
TL-37370 Removed hashtag tip in workspace creation page.
This help text was misleading; the search field in the "Find workspaces' only
searches by workspace name.
TL-38209 Fixed mobile app access to non-visible program and certification courses
Technical changes:
TL-38200 Database module static caching is reset during unit tests
Release 15.23 (21st September 2023):
Security issues:
TL-38132 Improved checks around sequential page access for the quiz module
TL-38135 Fixed processor fragments allowing fetching of other users' data
TL-38140 Fixed block permission overrides for the dashboards
TL-38141 Remote code execution when parsing malformed file repository reference
TL-38143 Fixed proxy can be bypassed allowing internal access
Improvements:
TL-37666 Added Totara 18 to the environments checks page
TL-37870 Update environment checks for PHP Just-In-Time opcache compilation
Totara currently does not support PHP with Just-In-Time compilation enabled.
This change adds a check to both the install/upgrade environments check, and the
internal environments check page.
Bug fixes:
TL-36171 Fixed asterisks not showing for required fields in the database module
TL-36644 Updated multi-section performance activity view so that when a section is submitted, the next section scrolls into view.
TL-36679 Fixed user tours not resetting correctly for the default dashboard
TL-36835 Fixed a potential race condition in the web installer
Sometimes when installing a brand new site via the web installer, some CSS files
may not load properly on the plugins page. This change makes the install more
robust and eliminates the network errors that can occur.
TL-37154 Fixed Certification ID column references data in report certification sources
TL-37370 Removed hashtag tip in workspace creation page.
This help text was misleading; the search field in the "Find workspaces' only
searches by workspace name.
Technical changes:
TL-38200 Database module static caching is reset during unit tests
Release 14.28 (21st September 2023):
Security issues:
TL-38132 Improved checks around sequential page access for the quiz module
TL-38135 Fixed processor fragments allowing fetching of other users' data
TL-38140 Fixed block permission overrides for the dashboards
TL-38141 Remote code execution when parsing malformed file repository reference
TL-38143 Fixed proxy can be bypassed allowing internal access
Improvements:
TL-37666 Added Totara 18 to the environments checks page
TL-37870 Update environment checks for PHP Just-In-Time opcache compilation
Totara currently does not support PHP with Just-In-Time compilation enabled.
This change adds a check to both the install/upgrade environments check, and the
internal environments check page.
Bug fixes:
TL-36171 Fixed asterisks not showing for required fields in the database module
TL-36644 Updated multi-section performance activity view so that when a section is submitted, the next section scrolls into view.
TL-36679 Fixed user tours not resetting correctly for the default dashboard
TL-36835 Fixed a potential race condition in the web installer
Sometimes when installing a brand new site via the web installer, some CSS files
may not load properly on the plugins page. This change makes the install more
robust and eliminates the network errors that can occur.
TL-37154 Fixed Certification ID column references data in report certification sources
Technical changes:
TL-38200 Database module static caching is reset during unit tests
Release 13.36 (21st September 2023):
Security issues:
TL-38132 Improved checks around sequential page access for the quiz module
TL-38135 Fixed processor fragments allowing fetching of other users' data
TL-38138 Added logged-in status check to the Oauth2 module
TL-38140 Fixed block permission overrides for the dashboards
TL-38141 Remote code execution when parsing malformed file repository reference
TL-38143 Fixed proxy can be bypassed allowing internal access
Improvements:
TL-37666 Added Totara 18 to the environments checks page
Bug fixes:
TL-36171 Fixed asterisks not showing for required fields in the database module
TL-36644 Updated multi-section performance activity view so that when a section is submitted, the next section scrolls into view.
TL-36679 Fixed user tours not resetting correctly for the default dashboard
TL-36835 Fixed a potential race condition in the web installer
Sometimes when installing a brand new site via the web installer, some CSS files
may not load properly on the plugins page. This change makes the install more
robust and eliminates the network errors that can occur.
TL-37154 Fixed Certification ID column references data in report certification sources
Technical changes:
TL-38200 Database module static caching is reset during unit tests
Release 12.57 (21st September 2023):
Security issues:
TL-38132 Improved checks around sequential page access for the quiz module
TL-38135 Fixed processor fragments allowing fetching of other users' data
TL-38138 Added logged-in status check to the Oauth2 module
TL-38140 Fixed block permission overrides for the dashboards
TL-38141 Remote code execution when parsing malformed file repository reference
TL-38143 Fixed proxy can be bypassed allowing internal access
Release 11.58 (21st September 2023):
Security issues:
TL-38135 Fixed processor fragments allowing fetching of other users' data
Release 10.60 (21st September 2023):
Security issues:
TL-38135 Fixed processor fragments allowing fetching of other users' data