Totara Release Notes

Totara TXP 17.12, 16.18, 15.24, 14.29, 13.37 and Totara Learn 12.58 are now available

 
David Curry (Core Developer)
Totara TXP 17.12, 16.18, 15.24, 14.29, 13.37 and Totara Learn 12.58 are now available
par David Curry (Core Developer), Sunday 29 October 2023, 21:24
Groupe Totara

Hello everyone,

The following versions of Totara Learn have now been released:

These versions do contain security fixes, and for this reason we strongly recommend upgrading.
Each release also includes various bug fixes and improvements.

A big thanks to the following people for their contributions to this release:

  • James Tombs at Think Learning - TL-36597

Kind regards,
Release Team

Release 17.12 (30th October 2023):

Important:

    TL-38442       Made sure the upgrade step for the previously fixed TL-36874 runs properly

                   This upgrade was included in the previous releases, 13.35, 14.27, 15.22, 16.16,
                   17.10. However due to a conflict with versions, it would not run if upgrading
                   from the version directly prior to that. i.e. 16.15->16.16 or 17.9->17.10. This
                   has been fixed to ensure the upgrade runs correctly, updating the default of the
                   status column in the course completions table to 10, and setting all existing
                   records with an invalid value to that default on upgrade.

    TL-38627       Clarification of upgrade behaviour of TL-32205 introduced in 14.5 and 15.0

                   The improvement TL-32205 was introduced in version 14.5 and 15.0, changing the
                   way Totara calculates the actual due dates for users on programs and
                   certifications.
                   
                   The impact during upgrade as described in the changelog entry for this ticket
                   was not clear enough. The following is a more detailed explanation of what
                   happens during upgrade coming from an older version of Totara.
                   
                   In Totara versions before 14.5, due dates based on months or years in the
                   program and certification assignments were calculated based on hard-coded
                   constants of 30 and 365 days respectively, not based on the actual calendar
                   months/years. 
                   
                   This has been changed with the introduction of two new database fields that now
                   store proper date offset information.
                   Using this information, users' due dates are now calculated correctly based on
                   what the user sees in the assignment interface.
                   
                   *Upgrades from 14.4 or older to 14.5 or higher:*
                   
                   TL-32205 updates all existing program and certification assignments from using a
                   multiple of 30 days for months, and 365 days for years to the actual calendar
                   months/years. Following the upgrade the next execution of either
                   "\totara_program\task\assignments_deferred_task" or
                   "\totara_program\task\user_assignments_task" cron task, the actual due dates for
                   the users assigned to the programs/certifications will be recalculated. This can
                   potentially set users' due dates to a later date than before.
                   
                   *Example:* 
                   
                   A program assignment was previously set to 3 months. In the table
                   prog_assignment it was stored as 3 * 30 days (converted to seconds). On upgrade
                   the assignment converts to 3 calendar months, stored in separate fields in the
                   table.
                   
                   The due dates for the users assigned and who have not completed the program will
                   be updated to 92 days on execution of the cronjob. The due dates will not be set
                   to earlier dates during this process, only later ones.
                   
                   If this behaviour is not desired the due dates for any program or certification
                   assignment need to be changed to days AFTER running the upgrade but BEFORE
                   running cron the next time.
                   
                   If a site has already been upgraded to one of the affected versions, assignments
                   can be manually changed to a multiple of 30 days or 365 days to reflect the
                   previous behaviour but this will not affect any due date which has been updated
                   during the upgrade to a later date.


Security issues:

    TL-38428       Sanitized user search inputs on the 'Permissions > Check system permissions' page
    TL-38434       Added restrictions to the evidence bank embedded report to ensure that users can only view their own evidence
    TL-38519       Fixed handling of error responses from ReCAPTCHA version 2
    TL-38658       Added stricter cleaning of message processor type parameter
    TL-38664       Improved checks when editing comments in the Wiki module
    TL-38686       Updated the IMSCP module to use appropriate unserialization of package structures
    TL-38687       Improved the unserializing and comparison of properties in the Lesson module

Performance improvements:

    TL-36597       Improved performance of course visibility checks when being part of a database query

Improvements:

    TL-37693       Improved a multi-choice question edit behaviour when there are already answers submitted

                   When a user tries to *update* the values of a Multi-choice or Multi-choice
                   (rated) question, the warning banner will be displayed and warns the user of
                   potential data corruption or data loss.

    TL-37694       Rearranged user report output so that session can be closed before report data is fetched and displayed

                   Report builder now closes the user session before fetching user report data,
                   meaning that long-running reports no longer prevent a user from carrying out
                   other actions in the system.
                   
                   In the event that a custom report source uses a custom display function that
                   attempts to write to the user session during report generation, this patch will
                   cause that session access to throw an exception. If this happens, please set
                   $CFG->keep_session_open_during_report_generation = true to disable session
                   close, and contact support. This option will be removed in version 18.

    TL-38112       Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10) that are not supported
    TL-38397       Improved error messages when notifications scheduled tasks encounter errors
    TL-38409       Renamed centralised notifications scheduled tasks to make them easier to understand

Bug fixes:

    TL-36814       Fixed the "customheading" option when define a new default column heading

                   For third party report source which extend Totara report sources, the custom
                   heading option for a column was not working as expected. This has now been
                   fixed.

    TL-37765       Fixed and improved guest user consent functionality

                   * Improved the memory usage of validation for the site policy page when a new or
                   returning user accesses the page
                   * The system now creates a single record in the tool_sitepolicy_user_consent
                   table for a site policy page when a guest user accesses the page

    TL-37965       Fixed setting relative course duedates

                   In some scenarios course_completion is created before the user enrols into the
                   course. In these cases, the relative course duedate was set to the 1st of
                   January 1970. 
                   
                   This patch fixes this behaviour and ensures the correct due dates are set on
                   enrolment. This patch does not correct existing due dates. Manual due date
                   correction can be done via the course completion editor. Alternatively changing
                   the due date in a course triggers recalculation of due dates of all users
                   enrolled.

    TL-38188       Fixed \core_completion\task\update_completion_due_dates_task throwing an exception if course got deleted before it runs
    TL-38581       Improved handling of course due date calculation

                   This partly reverts TL-36732 as the adhoc task to calculate course due dates was
                   triggered in too many places causing performance issues on large sites.
                   
                   The performance of updating due dates for entires courses has been further
                   optimised. 
                   
                   This also addresses missing completion cache invalidations which caused outdated
                   due dates being displayed for users.


Technical changes:

    TL-38634       Updated the unserialize array function to support some extra characters

                   This updates the unserialize_array() function moodlelib, allowing support for
                   characters like semi-colons.


Contributions:

    * James Tombs at Think Learning - TL-36597

Release 16.18 (30th October 2023):

Important:

    TL-38442       Made sure the upgrade step for the previously fixed TL-36874 runs properly

                   This upgrade was included in the previous releases, 13.35, 14.27, 15.22, 16.16,
                   17.10. However due to a conflict with versions, it would not run if upgrading
                   from the version directly prior to that. i.e. 16.15->16.16 or 17.9->17.10. This
                   has been fixed to ensure the upgrade runs correctly, updating the default of the
                   status column in the course completions table to 10, and setting all existing
                   records with an invalid value to that default on upgrade.

    TL-38627       Clarification of upgrade behaviour of TL-32205 introduced in 14.5 and 15.0

                   The improvement TL-32205 was introduced in version 14.5 and 15.0, changing the
                   way Totara calculates the actual due dates for users on programs and
                   certifications.
                   
                   The impact during upgrade as described in the changelog entry for this ticket
                   was not clear enough. The following is a more detailed explanation of what
                   happens during upgrade coming from an older version of Totara.
                   
                   In Totara versions before 14.5, due dates based on months or years in the
                   program and certification assignments were calculated based on hard-coded
                   constants of 30 and 365 days respectively, not based on the actual calendar
                   months/years. 
                   
                   This has been changed with the introduction of two new database fields that now
                   store proper date offset information.
                   Using this information, users' due dates are now calculated correctly based on
                   what the user sees in the assignment interface.
                   
                   *Upgrades from 14.4 or older to 14.5 or higher:*
                   
                   TL-32205 updates all existing program and certification assignments from using a
                   multiple of 30 days for months, and 365 days for years to the actual calendar
                   months/years. Following the upgrade the next execution of either
                   "\totara_program\task\assignments_deferred_task" or
                   "\totara_program\task\user_assignments_task" cron task, the actual due dates for
                   the users assigned to the programs/certifications will be recalculated. This can
                   potentially set users' due dates to a later date than before.
                   
                   *Example:* 
                   
                   A program assignment was previously set to 3 months. In the table
                   prog_assignment it was stored as 3 * 30 days (converted to seconds). On upgrade
                   the assignment converts to 3 calendar months, stored in separate fields in the
                   table.
                   
                   The due dates for the users assigned and who have not completed the program will
                   be updated to 92 days on execution of the cronjob. The due dates will not be set
                   to earlier dates during this process, only later ones.
                   
                   If this behaviour is not desired the due dates for any program or certification
                   assignment need to be changed to days AFTER running the upgrade but BEFORE
                   running cron the next time.
                   
                   If a site has already been upgraded to one of the affected versions, assignments
                   can be manually changed to a multiple of 30 days or 365 days to reflect the
                   previous behaviour but this will not affect any due date which has been updated
                   during the upgrade to a later date.


Security issues:

    TL-38428       Sanitized user search inputs on the 'Permissions > Check system permissions' page
    TL-38434       Added restrictions to the evidence bank embedded report to ensure that users can only view their own evidence
    TL-38519       Fixed handling of error responses from ReCAPTCHA version 2
    TL-38658       Added stricter cleaning of message processor type parameter
    TL-38664       Improved checks when editing comments in the Wiki module
    TL-38686       Updated the IMSCP module to use appropriate unserialization of package structures
    TL-38687       Improved the unserializing and comparison of properties in the Lesson module

Performance improvements:

    TL-36597       Improved performance of course visibility checks when being part of a database query

Improvements:

    TL-37693       Improved a multi-choice question edit behaviour when there are already answers submitted

                   When a user tries to *update* the values of a Multi-choice or Multi-choice
                   (rated) question, the warning banner will be displayed and warns the user of
                   potential data corruption or data loss.

    TL-37694       Rearranged user report output so that session can be closed before report data is fetched and displayed

                   Report builder now closes the user session before fetching user report data,
                   meaning that long-running reports no longer prevent a user from carrying out
                   other actions in the system.
                   
                   In the event that a custom report source uses a custom display function that
                   attempts to write to the user session during report generation, this patch will
                   cause that session access to throw an exception. If this happens, please set
                   $CFG->keep_session_open_during_report_generation = true to disable session
                   close, and contact support. This option will be removed in version 18.

    TL-38112       Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10) that are not supported

Bug fixes:

    TL-36814       Fixed the "customheading" option when define a new default column heading

                   For third party report source which extend Totara report sources, the custom
                   heading option for a column was not working as expected. This has now been
                   fixed.

    TL-37579       Fixed an issue where an external respondent viewed a page for a performance activity, and the subject user profileimagealt field had a null value
    TL-37765       Fixed and improved guest user consent functionality

                   * Improved the memory usage of validation for the site policy page when a new or
                   returning user accesses the page
                   * The system now creates a single record in the tool_sitepolicy_user_consent
                   table for a site policy page when a guest user accesses the page

    TL-37965       Fixed setting relative course duedates

                   In some scenarios course_completion is created before the user enrols into the
                   course. In these cases, the relative course duedate was set to the 1st of
                   January 1970. 
                   
                   This patch fixes this behaviour and ensures the correct due dates are set on
                   enrolment. This patch does not correct existing due dates. Manual due date
                   correction can be done via the course completion editor. Alternatively changing
                   the due date in a course triggers recalculation of due dates of all users
                   enrolled.

    TL-38188       Fixed \core_completion\task\update_completion_due_dates_task throwing an exception if course got deleted before it runs
    TL-38581       Improved handling of course due date calculation

                   This partly reverts TL-36732 as the adhoc task to calculate course due dates was
                   triggered in too many places causing performance issues on large sites.
                   
                   The performance of updating due dates for entires courses has been further
                   optimised. 
                   
                   This also addresses missing completion cache invalidations which caused outdated
                   due dates being displayed for users.


Technical changes:

    TL-38634       Updated the unserialize array function to support some extra characters

                   This updates the unserialize_array() function moodlelib, allowing support for
                   characters like semi-colons.


Contributions:

    * James Tombs at Think Learning - TL-36597

Release 15.24 (30th October 2023):

Important:

    TL-38442       Made sure the upgrade step for the previously fixed TL-36874 runs properly

                   This upgrade was included in the previous releases, 13.35, 14.27, 15.22, 16.16,
                   17.10. However due to a conflict with versions, it would not run if upgrading
                   from the version directly prior to that. i.e. 16.15->16.16 or 17.9->17.10. This
                   has been fixed to ensure the upgrade runs correctly, updating the default of the
                   status column in the course completions table to 10, and setting all existing
                   records with an invalid value to that default on upgrade.

    TL-38627       Clarification of upgrade behaviour of TL-32205 introduced in 14.5 and 15.0

                   The improvement TL-32205 was introduced in version 14.5 and 15.0, changing the
                   way Totara calculates the actual due dates for users on programs and
                   certifications.
                   
                   The impact during upgrade as described in the changelog entry for this ticket
                   was not clear enough. The following is a more detailed explanation of what
                   happens during upgrade coming from an older version of Totara.
                   
                   In Totara versions before 14.5, due dates based on months or years in the
                   program and certification assignments were calculated based on hard-coded
                   constants of 30 and 365 days respectively, not based on the actual calendar
                   months/years. 
                   
                   This has been changed with the introduction of two new database fields that now
                   store proper date offset information.
                   Using this information, users' due dates are now calculated correctly based on
                   what the user sees in the assignment interface.
                   
                   *Upgrades from 14.4 or older to 14.5 or higher:*
                   
                   TL-32205 updates all existing program and certification assignments from using a
                   multiple of 30 days for months, and 365 days for years to the actual calendar
                   months/years. Following the upgrade the next execution of either
                   "\totara_program\task\assignments_deferred_task" or
                   "\totara_program\task\user_assignments_task" cron task, the actual due dates for
                   the users assigned to the programs/certifications will be recalculated. This can
                   potentially set users' due dates to a later date than before.
                   
                   *Example:* 
                   
                   A program assignment was previously set to 3 months. In the table
                   prog_assignment it was stored as 3 * 30 days (converted to seconds). On upgrade
                   the assignment converts to 3 calendar months, stored in separate fields in the
                   table.
                   
                   The due dates for the users assigned and who have not completed the program will
                   be updated to 92 days on execution of the cronjob. The due dates will not be set
                   to earlier dates during this process, only later ones.
                   
                   If this behaviour is not desired the due dates for any program or certification
                   assignment need to be changed to days AFTER running the upgrade but BEFORE
                   running cron the next time.
                   
                   If a site has already been upgraded to one of the affected versions, assignments
                   can be manually changed to a multiple of 30 days or 365 days to reflect the
                   previous behaviour but this will not affect any due date which has been updated
                   during the upgrade to a later date.


Security issues:

    TL-38428       Sanitized user search inputs on the 'Permissions > Check system permissions' page
    TL-38434       Added restrictions to the evidence bank embedded report to ensure that users can only view their own evidence
    TL-38519       Fixed handling of error responses from ReCAPTCHA version 2
    TL-38658       Added stricter cleaning of message processor type parameter
    TL-38664       Improved checks when editing comments in the Wiki module
    TL-38686       Updated the IMSCP module to use appropriate unserialization of package structures
    TL-38687       Improved the unserializing and comparison of properties in the Lesson module

Performance improvements:

    TL-36597       Improved performance of course visibility checks when being part of a database query

Improvements:

    TL-37693       Improved a multi-choice question edit behaviour when there are already answers submitted

                   When a user tries to *update* the values of a Multi-choice or Multi-choice
                   (rated) question, the warning banner will be displayed and warns the user of
                   potential data corruption or data loss.

    TL-37694       Rearranged user report output so that session can be closed before report data is fetched and displayed

                   Report builder now closes the user session before fetching user report data,
                   meaning that long-running reports no longer prevent a user from carrying out
                   other actions in the system.
                   
                   In the event that a custom report source uses a custom display function that
                   attempts to write to the user session during report generation, this patch will
                   cause that session access to throw an exception. If this happens, please set
                   $CFG->keep_session_open_during_report_generation = true to disable session
                   close, and contact support. This option will be removed in version 18.

    TL-38112       Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10) that are not supported

Bug fixes:

    TL-36814       Fixed the "customheading" option when define a new default column heading

                   For third party report source which extend Totara report sources, the custom
                   heading option for a column was not working as expected. This has now been
                   fixed.

    TL-37579       Fixed an issue where an external respondent viewed a page for a performance activity, and the subject user profileimagealt field had a null value
    TL-37765       Fixed and improved guest user consent functionality

                   * Improved the memory usage of validation for the site policy page when a new or
                   returning user accesses the page
                   * The system now creates a single record in the tool_sitepolicy_user_consent
                   table for a site policy page when a guest user accesses the page


Technical changes:

    TL-38634       Updated the unserialize array function to support some extra characters

                   This updates the unserialize_array() function moodlelib, allowing support for
                   characters like semi-colons.


Contributions:

    * James Tombs at Think Learning - TL-36597

Release 14.29 (30th October 2023):

Important:

    TL-38442       Made sure the upgrade step for the previously fixed TL-36874 runs properly

                   This upgrade was included in the previous releases, 13.35, 14.27, 15.22, 16.16,
                   17.10. However due to a conflict with versions, it would not run if upgrading
                   from the version directly prior to that. i.e. 16.15->16.16 or 17.9->17.10. This
                   has been fixed to ensure the upgrade runs correctly, updating the default of the
                   status column in the course completions table to 10, and setting all existing
                   records with an invalid value to that default on upgrade.

    TL-38627       Clarification of upgrade behaviour of TL-32205 introduced in 14.5 and 15.0

                   The improvement TL-32205 was introduced in version 14.5 and 15.0, changing the
                   way Totara calculates the actual due dates for users on programs and
                   certifications.
                   
                   The impact during upgrade as described in the changelog entry for this ticket
                   was not clear enough. The following is a more detailed explanation of what
                   happens during upgrade coming from an older version of Totara.
                   
                   In Totara versions before 14.5, due dates based on months or years in the
                   program and certification assignments were calculated based on hard-coded
                   constants of 30 and 365 days respectively, not based on the actual calendar
                   months/years. 
                   
                   This has been changed with the introduction of two new database fields that now
                   store proper date offset information.
                   Using this information, users' due dates are now calculated correctly based on
                   what the user sees in the assignment interface.
                   
                   *Upgrades from 14.4 or older to 14.5 or higher:*
                   
                   TL-32205 updates all existing program and certification assignments from using a
                   multiple of 30 days for months, and 365 days for years to the actual calendar
                   months/years. Following the upgrade the next execution of either
                   "\totara_program\task\assignments_deferred_task" or
                   "\totara_program\task\user_assignments_task" cron task, the actual due dates for
                   the users assigned to the programs/certifications will be recalculated. This can
                   potentially set users' due dates to a later date than before.
                   
                   *Example:* 
                   
                   A program assignment was previously set to 3 months. In the table
                   prog_assignment it was stored as 3 * 30 days (converted to seconds). On upgrade
                   the assignment converts to 3 calendar months, stored in separate fields in the
                   table.
                   
                   The due dates for the users assigned and who have not completed the program will
                   be updated to 92 days on execution of the cronjob. The due dates will not be set
                   to earlier dates during this process, only later ones.
                   
                   If this behaviour is not desired the due dates for any program or certification
                   assignment need to be changed to days AFTER running the upgrade but BEFORE
                   running cron the next time.
                   
                   If a site has already been upgraded to one of the affected versions, assignments
                   can be manually changed to a multiple of 30 days or 365 days to reflect the
                   previous behaviour but this will not affect any due date which has been updated
                   during the upgrade to a later date.


Security issues:

    TL-38428       Sanitized user search inputs on the 'Permissions > Check system permissions' page
    TL-38434       Added restrictions to the evidence bank embedded report to ensure that users can only view their own evidence
    TL-38519       Fixed handling of error responses from ReCAPTCHA version 2
    TL-38658       Added stricter cleaning of message processor type parameter
    TL-38664       Improved checks when editing comments in the Wiki module
    TL-38686       Updated the IMSCP module to use appropriate unserialization of package structures
    TL-38687       Improved the unserializing and comparison of properties in the Lesson module

Performance improvements:

    TL-36597       Improved performance of course visibility checks when being part of a database query

Improvements:

    TL-37693       Improved a multi-choice question edit behaviour when there are already answers submitted

                   When a user tries to *update* the values of a Multi-choice or Multi-choice
                   (rated) question, the warning banner will be displayed and warns the user of
                   potential data corruption or data loss.

    TL-37694       Rearranged user report output so that session can be closed before report data is fetched and displayed

                   Report builder now closes the user session before fetching user report data,
                   meaning that long-running reports no longer prevent a user from carrying out
                   other actions in the system.
                   
                   In the event that a custom report source uses a custom display function that
                   attempts to write to the user session during report generation, this patch will
                   cause that session access to throw an exception. If this happens, please set
                   $CFG->keep_session_open_during_report_generation = true to disable session
                   close, and contact support. This option will be removed in version 18.

    TL-38112       Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10) that are not supported

Bug fixes:

    TL-36814       Fixed the "customheading" option when define a new default column heading

                   For third party report source which extend Totara report sources, the custom
                   heading option for a column was not working as expected. This has now been
                   fixed.

    TL-37579       Fixed an issue where an external respondent viewed a page for a performance activity, and the subject user profileimagealt field had a null value
    TL-37765       Fixed and improved guest user consent functionality

                   * Improved the memory usage of validation for the site policy page when a new or
                   returning user accesses the page
                   * The system now creates a single record in the tool_sitepolicy_user_consent
                   table for a site policy page when a guest user accesses the page


Technical changes:

    TL-38634       Updated the unserialize array function to support some extra characters

                   This updates the unserialize_array() function moodlelib, allowing support for
                   characters like semi-colons.


Contributions:

    * James Tombs at Think Learning - TL-36597

Release 13.37 (30th October 2023):

Important:

    TL-38442       Made sure the upgrade step for the previously fixed TL-36874 runs properly

                   This upgrade was included in the previous releases, 13.35, 14.27, 15.22, 16.16,
                   17.10. However due to a conflict with versions, it would not run if upgrading
                   from the version directly prior to that. i.e. 16.15->16.16 or 17.9->17.10. This
                   has been fixed to ensure the upgrade runs correctly, updating the default of the
                   status column in the course completions table to 10, and setting all existing
                   records with an invalid value to that default on upgrade.


Security issues:

    TL-38434       Added restrictions to the evidence bank embedded report to ensure that users can only view their own evidence
    TL-38519       Fixed handling of error responses from ReCAPTCHA version 2
    TL-38658       Added stricter cleaning of message processor type parameter
    TL-38664       Improved checks when editing comments in the Wiki module
    TL-38686       Updated the IMSCP module to use appropriate unserialization of package structures
    TL-38687       Improved the unserializing and comparison of properties in the Lesson module

Performance improvements:

    TL-36597       Improved performance of course visibility checks when being part of a database query

Improvements:

    TL-37693       Improved a multi-choice question edit behaviour when there are already answers submitted

                   When a user tries to *update* the values of a Multi-choice or Multi-choice
                   (rated) question, the warning banner will be displayed and warns the user of
                   potential data corruption or data loss.

    TL-37694       Rearranged user report output so that session can be closed before report data is fetched and displayed

                   Report builder now closes the user session before fetching user report data,
                   meaning that long-running reports no longer prevent a user from carrying out
                   other actions in the system.
                   
                   In the event that a custom report source uses a custom display function that
                   attempts to write to the user session during report generation, this patch will
                   cause that session access to throw an exception. If this happens, please set
                   $CFG->keep_session_open_during_report_generation = true to disable session
                   close, and contact support. This option will be removed in version 18.

    TL-38112       Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10) that are not supported

Bug fixes:

    TL-37765       Fixed and improved guest user consent functionality

                   * Improved the memory usage of validation for the site policy page when a new or
                   returning user accesses the page
                   * The system now creates a single record in the tool_sitepolicy_user_consent
                   table for a site policy page when a guest user accesses the page


Technical changes:

    TL-38634       Updated the unserialize array function to support some extra characters

                   This updates the unserialize_array() function moodlelib, allowing support for
                   characters like semi-colons.


Contributions:

    * James Tombs at Think Learning - TL-36597

Release 12.58 (30th October 2023):

Security issues:

    TL-38658       Added stricter cleaning of message processor type parameter
    TL-38664       Improved checks when editing comments in the Wiki module
    TL-38686       Updated the IMSCP module to use appropriate unserialization of package structures
    TL-38687       Improved the unserializing and comparison of properties in the Lesson module

Technical changes:

    TL-38634       Updated the unserialize array function to support some extra characters

                   This updates the unserialize_array() function moodlelib, allowing support for
                   characters like semi-colons.