Hello everyone,
The following versions of Totara Learn have now been released:
These versions do contain security fixes, and for this reason we strongly recommend upgrading.
Each release also includes various bug fixes and improvements.
A big thanks to the following people for their contributions to this release:
- James Tombs at Think Learning - TL-36597
Release Team
Release 17.12 (30th October 2023):
Important:
TL-38442 Made sure the upgrade step for the previously fixed TL-36874 runs properly
This upgrade was included in the previous releases, 13.35, 14.27, 15.22, 16.16,
17.10. However due to a conflict with versions, it would not run if upgrading
from the version directly prior to that. i.e. 16.15->16.16 or 17.9->17.10. This
has been fixed to ensure the upgrade runs correctly, updating the default of the
status column in the course completions table to 10, and setting all existing
records with an invalid value to that default on upgrade.
TL-38627 Clarification of upgrade behaviour of TL-32205 introduced in 14.5 and 15.0
The improvement TL-32205 was introduced in version 14.5 and 15.0, changing the
way Totara calculates the actual due dates for users on programs and
certifications.
The impact during upgrade as described in the changelog entry for this ticket
was not clear enough. The following is a more detailed explanation of what
happens during upgrade coming from an older version of Totara.
In Totara versions before 14.5, due dates based on months or years in the
program and certification assignments were calculated based on hard-coded
constants of 30 and 365 days respectively, not based on the actual calendar
months/years.
This has been changed with the introduction of two new database fields that now
store proper date offset information.
Using this information, users' due dates are now calculated correctly based on
what the user sees in the assignment interface.
*Upgrades from 14.4 or older to 14.5 or higher:*
TL-32205 updates all existing program and certification assignments from using a
multiple of 30 days for months, and 365 days for years to the actual calendar
months/years. Following the upgrade the next execution of either
"\totara_program\task\assignments_deferred_task" or
"\totara_program\task\user_assignments_task" cron task, the actual due dates for
the users assigned to the programs/certifications will be recalculated. This can
potentially set users' due dates to a later date than before.
*Example:*
A program assignment was previously set to 3 months. In the table
prog_assignment it was stored as 3 * 30 days (converted to seconds). On upgrade
the assignment converts to 3 calendar months, stored in separate fields in the
table.
The due dates for the users assigned and who have not completed the program will
be updated to 92 days on execution of the cronjob. The due dates will not be set
to earlier dates during this process, only later ones.
If this behaviour is not desired the due dates for any program or certification
assignment need to be changed to days AFTER running the upgrade but BEFORE
running cron the next time.
If a site has already been upgraded to one of the affected versions, assignments
can be manually changed to a multiple of 30 days or 365 days to reflect the
previous behaviour but this will not affect any due date which has been updated
during the upgrade to a later date.
Security issues:
TL-38428 Sanitized user search inputs on the 'Permissions > Check system permissions' page
TL-38434 Added restrictions to the evidence bank embedded report to ensure that users can only view their own evidence
TL-38519 Fixed handling of error responses from ReCAPTCHA version 2
TL-38658 Added stricter cleaning of message processor type parameter
TL-38664 Improved checks when editing comments in the Wiki module
TL-38686 Updated the IMSCP module to use appropriate unserialization of package structures
TL-38687 Improved the unserializing and comparison of properties in the Lesson module
Performance improvements:
TL-36597 Improved performance of course visibility checks when being part of a database query
Improvements:
TL-37693 Improved a multi-choice question edit behaviour when there are already answers submitted
When a user tries to *update* the values of a Multi-choice or Multi-choice
(rated) question, the warning banner will be displayed and warns the user of
potential data corruption or data loss.
TL-37694 Rearranged user report output so that session can be closed before report data is fetched and displayed
Report builder now closes the user session before fetching user report data,
meaning that long-running reports no longer prevent a user from carrying out
other actions in the system.
In the event that a custom report source uses a custom display function that
attempts to write to the user session during report generation, this patch will
cause that session access to throw an exception. If this happens, please set
$CFG->keep_session_open_during_report_generation = true to disable session
close, and contact support. This option will be removed in version 18.
TL-38112 Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10) that are not supported
TL-38397 Improved error messages when notifications scheduled tasks encounter errors
TL-38409 Renamed centralised notifications scheduled tasks to make them easier to understand
Bug fixes:
TL-36814 Fixed the "customheading" option when define a new default column heading
For third party report source which extend Totara report sources, the custom
heading option for a column was not working as expected. This has now been
fixed.
TL-37765 Fixed and improved guest user consent functionality
* Improved the memory usage of validation for the site policy page when a new or
returning user accesses the page
* The system now creates a single record in the tool_sitepolicy_user_consent
table for a site policy page when a guest user accesses the page
TL-37965 Fixed setting relative course duedates
In some scenarios course_completion is created before the user enrols into the
course. In these cases, the relative course duedate was set to the 1st of
January 1970.
This patch fixes this behaviour and ensures the correct due dates are set on
enrolment. This patch does not correct existing due dates. Manual due date
correction can be done via the course completion editor. Alternatively changing
the due date in a course triggers recalculation of due dates of all users
enrolled.
TL-38188 Fixed \core_completion\task\update_completion_due_dates_task throwing an exception if course got deleted before it runs
TL-38581 Improved handling of course due date calculation
This partly reverts TL-36732 as the adhoc task to calculate course due dates was
triggered in too many places causing performance issues on large sites.
The performance of updating due dates for entires courses has been further
optimised.
This also addresses missing completion cache invalidations which caused outdated
due dates being displayed for users.
Technical changes:
TL-38634 Updated the unserialize array function to support some extra characters
This updates the unserialize_array() function moodlelib, allowing support for
characters like semi-colons.
Contributions:
* James Tombs at Think Learning - TL-36597
Release 16.18 (30th October 2023):
Important:
TL-38442 Made sure the upgrade step for the previously fixed TL-36874 runs properly
This upgrade was included in the previous releases, 13.35, 14.27, 15.22, 16.16,
17.10. However due to a conflict with versions, it would not run if upgrading
from the version directly prior to that. i.e. 16.15->16.16 or 17.9->17.10. This
has been fixed to ensure the upgrade runs correctly, updating the default of the
status column in the course completions table to 10, and setting all existing
records with an invalid value to that default on upgrade.
TL-38627 Clarification of upgrade behaviour of TL-32205 introduced in 14.5 and 15.0
The improvement TL-32205 was introduced in version 14.5 and 15.0, changing the
way Totara calculates the actual due dates for users on programs and
certifications.
The impact during upgrade as described in the changelog entry for this ticket
was not clear enough. The following is a more detailed explanation of what
happens during upgrade coming from an older version of Totara.
In Totara versions before 14.5, due dates based on months or years in the
program and certification assignments were calculated based on hard-coded
constants of 30 and 365 days respectively, not based on the actual calendar
months/years.
This has been changed with the introduction of two new database fields that now
store proper date offset information.
Using this information, users' due dates are now calculated correctly based on
what the user sees in the assignment interface.
*Upgrades from 14.4 or older to 14.5 or higher:*
TL-32205 updates all existing program and certification assignments from using a
multiple of 30 days for months, and 365 days for years to the actual calendar
months/years. Following the upgrade the next execution of either
"\totara_program\task\assignments_deferred_task" or
"\totara_program\task\user_assignments_task" cron task, the actual due dates for
the users assigned to the programs/certifications will be recalculated. This can
potentially set users' due dates to a later date than before.
*Example:*
A program assignment was previously set to 3 months. In the table
prog_assignment it was stored as 3 * 30 days (converted to seconds). On upgrade
the assignment converts to 3 calendar months, stored in separate fields in the
table.
The due dates for the users assigned and who have not completed the program will
be updated to 92 days on execution of the cronjob. The due dates will not be set
to earlier dates during this process, only later ones.
If this behaviour is not desired the due dates for any program or certification
assignment need to be changed to days AFTER running the upgrade but BEFORE
running cron the next time.
If a site has already been upgraded to one of the affected versions, assignments
can be manually changed to a multiple of 30 days or 365 days to reflect the
previous behaviour but this will not affect any due date which has been updated
during the upgrade to a later date.
Security issues:
TL-38428 Sanitized user search inputs on the 'Permissions > Check system permissions' page
TL-38434 Added restrictions to the evidence bank embedded report to ensure that users can only view their own evidence
TL-38519 Fixed handling of error responses from ReCAPTCHA version 2
TL-38658 Added stricter cleaning of message processor type parameter
TL-38664 Improved checks when editing comments in the Wiki module
TL-38686 Updated the IMSCP module to use appropriate unserialization of package structures
TL-38687 Improved the unserializing and comparison of properties in the Lesson module
Performance improvements:
TL-36597 Improved performance of course visibility checks when being part of a database query
Improvements:
TL-37693 Improved a multi-choice question edit behaviour when there are already answers submitted
When a user tries to *update* the values of a Multi-choice or Multi-choice
(rated) question, the warning banner will be displayed and warns the user of
potential data corruption or data loss.
TL-37694 Rearranged user report output so that session can be closed before report data is fetched and displayed
Report builder now closes the user session before fetching user report data,
meaning that long-running reports no longer prevent a user from carrying out
other actions in the system.
In the event that a custom report source uses a custom display function that
attempts to write to the user session during report generation, this patch will
cause that session access to throw an exception. If this happens, please set
$CFG->keep_session_open_during_report_generation = true to disable session
close, and contact support. This option will be removed in version 18.
TL-38112 Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10) that are not supported
Bug fixes:
TL-36814 Fixed the "customheading" option when define a new default column heading
For third party report source which extend Totara report sources, the custom
heading option for a column was not working as expected. This has now been
fixed.
TL-37579 Fixed an issue where an external respondent viewed a page for a performance activity, and the subject user profileimagealt field had a null value
TL-37765 Fixed and improved guest user consent functionality
* Improved the memory usage of validation for the site policy page when a new or
returning user accesses the page
* The system now creates a single record in the tool_sitepolicy_user_consent
table for a site policy page when a guest user accesses the page
TL-37965 Fixed setting relative course duedates
In some scenarios course_completion is created before the user enrols into the
course. In these cases, the relative course duedate was set to the 1st of
January 1970.
This patch fixes this behaviour and ensures the correct due dates are set on
enrolment. This patch does not correct existing due dates. Manual due date
correction can be done via the course completion editor. Alternatively changing
the due date in a course triggers recalculation of due dates of all users
enrolled.
TL-38188 Fixed \core_completion\task\update_completion_due_dates_task throwing an exception if course got deleted before it runs
TL-38581 Improved handling of course due date calculation
This partly reverts TL-36732 as the adhoc task to calculate course due dates was
triggered in too many places causing performance issues on large sites.
The performance of updating due dates for entires courses has been further
optimised.
This also addresses missing completion cache invalidations which caused outdated
due dates being displayed for users.
Technical changes:
TL-38634 Updated the unserialize array function to support some extra characters
This updates the unserialize_array() function moodlelib, allowing support for
characters like semi-colons.
Contributions:
* James Tombs at Think Learning - TL-36597
Release 15.24 (30th October 2023):
Important:
TL-38442 Made sure the upgrade step for the previously fixed TL-36874 runs properly
This upgrade was included in the previous releases, 13.35, 14.27, 15.22, 16.16,
17.10. However due to a conflict with versions, it would not run if upgrading
from the version directly prior to that. i.e. 16.15->16.16 or 17.9->17.10. This
has been fixed to ensure the upgrade runs correctly, updating the default of the
status column in the course completions table to 10, and setting all existing
records with an invalid value to that default on upgrade.
TL-38627 Clarification of upgrade behaviour of TL-32205 introduced in 14.5 and 15.0
The improvement TL-32205 was introduced in version 14.5 and 15.0, changing the
way Totara calculates the actual due dates for users on programs and
certifications.
The impact during upgrade as described in the changelog entry for this ticket
was not clear enough. The following is a more detailed explanation of what
happens during upgrade coming from an older version of Totara.
In Totara versions before 14.5, due dates based on months or years in the
program and certification assignments were calculated based on hard-coded
constants of 30 and 365 days respectively, not based on the actual calendar
months/years.
This has been changed with the introduction of two new database fields that now
store proper date offset information.
Using this information, users' due dates are now calculated correctly based on
what the user sees in the assignment interface.
*Upgrades from 14.4 or older to 14.5 or higher:*
TL-32205 updates all existing program and certification assignments from using a
multiple of 30 days for months, and 365 days for years to the actual calendar
months/years. Following the upgrade the next execution of either
"\totara_program\task\assignments_deferred_task" or
"\totara_program\task\user_assignments_task" cron task, the actual due dates for
the users assigned to the programs/certifications will be recalculated. This can
potentially set users' due dates to a later date than before.
*Example:*
A program assignment was previously set to 3 months. In the table
prog_assignment it was stored as 3 * 30 days (converted to seconds). On upgrade
the assignment converts to 3 calendar months, stored in separate fields in the
table.
The due dates for the users assigned and who have not completed the program will
be updated to 92 days on execution of the cronjob. The due dates will not be set
to earlier dates during this process, only later ones.
If this behaviour is not desired the due dates for any program or certification
assignment need to be changed to days AFTER running the upgrade but BEFORE
running cron the next time.
If a site has already been upgraded to one of the affected versions, assignments
can be manually changed to a multiple of 30 days or 365 days to reflect the
previous behaviour but this will not affect any due date which has been updated
during the upgrade to a later date.
Security issues:
TL-38428 Sanitized user search inputs on the 'Permissions > Check system permissions' page
TL-38434 Added restrictions to the evidence bank embedded report to ensure that users can only view their own evidence
TL-38519 Fixed handling of error responses from ReCAPTCHA version 2
TL-38658 Added stricter cleaning of message processor type parameter
TL-38664 Improved checks when editing comments in the Wiki module
TL-38686 Updated the IMSCP module to use appropriate unserialization of package structures
TL-38687 Improved the unserializing and comparison of properties in the Lesson module
Performance improvements:
TL-36597 Improved performance of course visibility checks when being part of a database query
Improvements:
TL-37693 Improved a multi-choice question edit behaviour when there are already answers submitted
When a user tries to *update* the values of a Multi-choice or Multi-choice
(rated) question, the warning banner will be displayed and warns the user of
potential data corruption or data loss.
TL-37694 Rearranged user report output so that session can be closed before report data is fetched and displayed
Report builder now closes the user session before fetching user report data,
meaning that long-running reports no longer prevent a user from carrying out
other actions in the system.
In the event that a custom report source uses a custom display function that
attempts to write to the user session during report generation, this patch will
cause that session access to throw an exception. If this happens, please set
$CFG->keep_session_open_during_report_generation = true to disable session
close, and contact support. This option will be removed in version 18.
TL-38112 Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10) that are not supported
Bug fixes:
TL-36814 Fixed the "customheading" option when define a new default column heading
For third party report source which extend Totara report sources, the custom
heading option for a column was not working as expected. This has now been
fixed.
TL-37579 Fixed an issue where an external respondent viewed a page for a performance activity, and the subject user profileimagealt field had a null value
TL-37765 Fixed and improved guest user consent functionality
* Improved the memory usage of validation for the site policy page when a new or
returning user accesses the page
* The system now creates a single record in the tool_sitepolicy_user_consent
table for a site policy page when a guest user accesses the page
Technical changes:
TL-38634 Updated the unserialize array function to support some extra characters
This updates the unserialize_array() function moodlelib, allowing support for
characters like semi-colons.
Contributions:
* James Tombs at Think Learning - TL-36597
Release 14.29 (30th October 2023):
Important:
TL-38442 Made sure the upgrade step for the previously fixed TL-36874 runs properly
This upgrade was included in the previous releases, 13.35, 14.27, 15.22, 16.16,
17.10. However due to a conflict with versions, it would not run if upgrading
from the version directly prior to that. i.e. 16.15->16.16 or 17.9->17.10. This
has been fixed to ensure the upgrade runs correctly, updating the default of the
status column in the course completions table to 10, and setting all existing
records with an invalid value to that default on upgrade.
TL-38627 Clarification of upgrade behaviour of TL-32205 introduced in 14.5 and 15.0
The improvement TL-32205 was introduced in version 14.5 and 15.0, changing the
way Totara calculates the actual due dates for users on programs and
certifications.
The impact during upgrade as described in the changelog entry for this ticket
was not clear enough. The following is a more detailed explanation of what
happens during upgrade coming from an older version of Totara.
In Totara versions before 14.5, due dates based on months or years in the
program and certification assignments were calculated based on hard-coded
constants of 30 and 365 days respectively, not based on the actual calendar
months/years.
This has been changed with the introduction of two new database fields that now
store proper date offset information.
Using this information, users' due dates are now calculated correctly based on
what the user sees in the assignment interface.
*Upgrades from 14.4 or older to 14.5 or higher:*
TL-32205 updates all existing program and certification assignments from using a
multiple of 30 days for months, and 365 days for years to the actual calendar
months/years. Following the upgrade the next execution of either
"\totara_program\task\assignments_deferred_task" or
"\totara_program\task\user_assignments_task" cron task, the actual due dates for
the users assigned to the programs/certifications will be recalculated. This can
potentially set users' due dates to a later date than before.
*Example:*
A program assignment was previously set to 3 months. In the table
prog_assignment it was stored as 3 * 30 days (converted to seconds). On upgrade
the assignment converts to 3 calendar months, stored in separate fields in the
table.
The due dates for the users assigned and who have not completed the program will
be updated to 92 days on execution of the cronjob. The due dates will not be set
to earlier dates during this process, only later ones.
If this behaviour is not desired the due dates for any program or certification
assignment need to be changed to days AFTER running the upgrade but BEFORE
running cron the next time.
If a site has already been upgraded to one of the affected versions, assignments
can be manually changed to a multiple of 30 days or 365 days to reflect the
previous behaviour but this will not affect any due date which has been updated
during the upgrade to a later date.
Security issues:
TL-38428 Sanitized user search inputs on the 'Permissions > Check system permissions' page
TL-38434 Added restrictions to the evidence bank embedded report to ensure that users can only view their own evidence
TL-38519 Fixed handling of error responses from ReCAPTCHA version 2
TL-38658 Added stricter cleaning of message processor type parameter
TL-38664 Improved checks when editing comments in the Wiki module
TL-38686 Updated the IMSCP module to use appropriate unserialization of package structures
TL-38687 Improved the unserializing and comparison of properties in the Lesson module
Performance improvements:
TL-36597 Improved performance of course visibility checks when being part of a database query
Improvements:
TL-37693 Improved a multi-choice question edit behaviour when there are already answers submitted
When a user tries to *update* the values of a Multi-choice or Multi-choice
(rated) question, the warning banner will be displayed and warns the user of
potential data corruption or data loss.
TL-37694 Rearranged user report output so that session can be closed before report data is fetched and displayed
Report builder now closes the user session before fetching user report data,
meaning that long-running reports no longer prevent a user from carrying out
other actions in the system.
In the event that a custom report source uses a custom display function that
attempts to write to the user session during report generation, this patch will
cause that session access to throw an exception. If this happens, please set
$CFG->keep_session_open_during_report_generation = true to disable session
close, and contact support. This option will be removed in version 18.
TL-38112 Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10) that are not supported
Bug fixes:
TL-36814 Fixed the "customheading" option when define a new default column heading
For third party report source which extend Totara report sources, the custom
heading option for a column was not working as expected. This has now been
fixed.
TL-37579 Fixed an issue where an external respondent viewed a page for a performance activity, and the subject user profileimagealt field had a null value
TL-37765 Fixed and improved guest user consent functionality
* Improved the memory usage of validation for the site policy page when a new or
returning user accesses the page
* The system now creates a single record in the tool_sitepolicy_user_consent
table for a site policy page when a guest user accesses the page
Technical changes:
TL-38634 Updated the unserialize array function to support some extra characters
This updates the unserialize_array() function moodlelib, allowing support for
characters like semi-colons.
Contributions:
* James Tombs at Think Learning - TL-36597
Release 13.37 (30th October 2023):
Important:
TL-38442 Made sure the upgrade step for the previously fixed TL-36874 runs properly
This upgrade was included in the previous releases, 13.35, 14.27, 15.22, 16.16,
17.10. However due to a conflict with versions, it would not run if upgrading
from the version directly prior to that. i.e. 16.15->16.16 or 17.9->17.10. This
has been fixed to ensure the upgrade runs correctly, updating the default of the
status column in the course completions table to 10, and setting all existing
records with an invalid value to that default on upgrade.
Security issues:
TL-38434 Added restrictions to the evidence bank embedded report to ensure that users can only view their own evidence
TL-38519 Fixed handling of error responses from ReCAPTCHA version 2
TL-38658 Added stricter cleaning of message processor type parameter
TL-38664 Improved checks when editing comments in the Wiki module
TL-38686 Updated the IMSCP module to use appropriate unserialization of package structures
TL-38687 Improved the unserializing and comparison of properties in the Lesson module
Performance improvements:
TL-36597 Improved performance of course visibility checks when being part of a database query
Improvements:
TL-37693 Improved a multi-choice question edit behaviour when there are already answers submitted
When a user tries to *update* the values of a Multi-choice or Multi-choice
(rated) question, the warning banner will be displayed and warns the user of
potential data corruption or data loss.
TL-37694 Rearranged user report output so that session can be closed before report data is fetched and displayed
Report builder now closes the user session before fetching user report data,
meaning that long-running reports no longer prevent a user from carrying out
other actions in the system.
In the event that a custom report source uses a custom display function that
attempts to write to the user session during report generation, this patch will
cause that session access to throw an exception. If this happens, please set
$CFG->keep_session_open_during_report_generation = true to disable session
close, and contact support. This option will be removed in version 18.
TL-38112 Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10) that are not supported
Bug fixes:
TL-37765 Fixed and improved guest user consent functionality
* Improved the memory usage of validation for the site policy page when a new or
returning user accesses the page
* The system now creates a single record in the tool_sitepolicy_user_consent
table for a site policy page when a guest user accesses the page
Technical changes:
TL-38634 Updated the unserialize array function to support some extra characters
This updates the unserialize_array() function moodlelib, allowing support for
characters like semi-colons.
Contributions:
* James Tombs at Think Learning - TL-36597
Release 12.58 (30th October 2023):
Security issues:
TL-38658 Added stricter cleaning of message processor type parameter
TL-38664 Improved checks when editing comments in the Wiki module
TL-38686 Updated the IMSCP module to use appropriate unserialization of package structures
TL-38687 Improved the unserializing and comparison of properties in the Lesson module
Technical changes:
TL-38634 Updated the unserialize array function to support some extra characters
This updates the unserialize_array() function moodlelib, allowing support for
characters like semi-colons.