Hello Everyone,
I am pleased to announce that the Totara TXP 18.0 release is now available.
To see a summary of the new features and improvements included in this release, visit the What's new page on the Totara help site.
For detailed change-management information, please see the Technical Release Notes immediately following this post.
A big thank you as well to everyone who has contributed to this release!
Release 18.0 (28th November 2023):
Important: TL-32537 Removed legacy program and certification assignment interface The program assignment interface was replaced in Totara 13 to improve usability with large numbers of assignments, deprecating the legacy interface and hiding it behind the 'enablelegacyprogramassignment' setting. This legacy interface, and associated setting, have now been removed. TL-36674 Login screen refresh A new login screen is available with a new look and feel, and a prominently presented image to the side. The image can be configured inside theme settings. The old login screen is still available, but is deprecated in Totara 18. You can revert to it by setting `$CFG->enable_legacy_login = true;` in config.php. TL-37624 Legacy Appraisals and 360 Feedback activities are forced to read-only as part of the deprecation process for those features An optional read-only setting for Legacy Appraisals and Legacy 360 Feedback was added in Totara 17.9. This setting is now forced on, and the associated task is queued for the next cron run. * All action functionality such as Create, Activate, Copy, Edit etc. is disabled. * Users and administrator/manager see a banner notifying them that all actions are in transition to close before the cron task has occurred. * After the cron task has occurred all active activities will be closed. Users and administrator/manager will still have access to Legacy Appraisals and/or Legacy 360 Feedback historic records. TL-38114 Improved request performance by closing user session before resolving GraphQL queries This enhancement improves the performance of GraphQL queries that are executed concurrently, by automatically closing the user session for writing before the query resolves. It does not apply to mutations. As a direct consequence of this change, modifying website sessions during GraphQL query resolution is no longer possible without modifying the resolver. Attempting to do so will result in an exception being thrown: `totara_webapi\exception\reopen_session_for_writing_exception` To maintain the ability to write to sessions within custom query resolvers, developers must take the following steps: - Add the `core\webapi\middleware\reopen_session_for_writing middleware` to the GraphQL query resolver class. - Ensure that the `core\webapi\middleware\reopen_session_for_writing` middleware is positioned as the topmost middleware in the list of middleware used in the query. This change may increase the total number of PHP processes running concurrently so it might be a good idea to review your webserver configuration to make sure it can handle the increased number of total concurrent connections. Additionally, it is possible to disable this optimization completely by setting `$CFG->graphqlsessionwritecloseenabled` to false in the config.php file. This allows users to retain the previous behaviour of session handling within GraphQL queries, should it be required for specific use cases. TL-38476 Upcoming changes to component overrides in themes In order to enable a future upgrade to Vue 3, we had to make some changes to how component overrides in themes work. Partial component overrides in themes have been deprecated, and will be removed in Totara 19. Partial component overrides are those that do not contain a `script` tag, or `script extends`, unless they _only_ contain a `style` tag. This mainly affects components where only the `template` tag was overridden. All components overridden in themes will need to replace the entire component from Totara 19 onwards, unless they are only overriding `style` tags.
New features: TL-16231 Site Administrator users can now use multi-factor authentication The login process has been modified to introduce multi-factor authentication (MFA) for Site Administrator users. To set up, first enable the appropriate MFA plugin in the plugins page, and then each Site Administrator user can register their own authenticator app via manage user login. MFA will only support authentication methods that have been updated for compatibility. All authentication methods included by Totara have been updated, however any third-party plugins installed will need to be updated before they are available with MFA. The MFA and authentication screens will report any incompatibilities. TL-28559 Added site administration tool to test outgoing email settings The Quick-access menu > Server > Email > Test outgoing email settings page allows administrators to send an email from Totara, with SMTP debugging information displayed. Also available in 17.3 and later releases. TL-30141 Tenant isolation setting has been taken out of experimental mode The tenant isolation setting has now been taken out of experimental mode. The setting has been moved from the experimental settings page to the shared services settings page. TL-33784 Scheduled user actions You can schedule actions to occur on users, using filters. This initial version allows you to delete users who have been suspended for a certain amount of time, and optionally restrict by audience. In conjunction with configured purge types, this is designed to assist organisations in automating the deletion of user data in line with their own data retention policy and relevant GDPR requirements. Also available in 17.3 and later releases. TL-34972 Added a new show and hide input for client secrets Client secrets can now be viewed by clicking on the new 'Show/Hide' button on the API clients and OAuth2.0 provider details pages. Also available in 17.3 and later releases. TL-34982 Added a new Check API and converted security, performance and system status reports to use it A new Check API has been implemented, with all system status, performance and security reports converted to use it. The Check API is extensible, and plugins can now introduce their own checks. Additionally this is compatible with Moodle's Check API, and Moodle plugins that implement it will start reporting their state. The API includes a CLI script at server/admin/cli/checks.php that can be used to check the status of the system via the command line. TL-34991 Added totara_job_job_assignments query to the external API A new query 'totara_job_job_assignments' was added to the external API to fetch all job_assignments, providing options for sorting and paginating results. Also available in 17.1 and later releases. TL-35895 Added support for privacy-aware page titles to $PAGE object It is now possible for a page to optionally set a 'privacy-aware' page title as well as the normal title. This title is stored in the $PAGE object and can be retrieved when a page title that does not contain personally identifiable information is needed. We have modified all known pages that contain the users' names to specify a second title that excludes the name. A use case for this is to avoid sending Personal Identifiable Information (PII) to a third-party analytics service. Also available in 17.1 and later releases. TL-36262 Added a new performance overview page which summarises a user's progression in performance activities, competencies and Totara goals The performance overview page displays items with four progression states based on the selected period filter. The progression states are: * Not started: No progression has ever been made * In progress: Progression has been made in the current period * Not progressed: Progression has not been made in the current period * Achieved/Completed: Progression has been marked as completed in the current period Progression for competencies is based on current scale values: * A new checkbox option was included on the scale setting pages that allows the least complete scale values to be considered 'Not started' * Completion is based on the scale 'Consider complete' values The performance activities use existing activity progress states to track progression: * Completion is based on all required participants having completed their participation A new concept of 'Due soon' was also introduced for goals and performance activities, this is when they are due within the next seven working days. The page also includes a 'Require action' block which provides a summary of the user's participation in others' activities and if they are required to select participants for certain activities. TL-36328 Add SAML 2.0 (SSO) authentication plugin Totara can now authenticate via SAML 2.0. To configure a SAML 2.0 connection visit the Quick-access menu > Plugins > Manage authentication page, and enable SAML SSO (2.0) to start registering identity providers. TL-36505 Added H5P plugin Added the H5P activity plugin, which allows you to author content directly into your courses with an easy-to-use library of creation and editing tools. Select from activity types such as interactive video, quizzes, collage, timelines, and more. TL-37567 Database column values can be encrypted Individual columns in the database can now be encrypted, preventing the values from being read unless they are accessed via the appropriate model. This implementation is only appropriate for storing generated values such as security tokens. On a new install or upgrade a new encryption key will be generated automatically. If needed, we provide a command line script to add new keys and to roll over any previously encrypted values, where it is required. Encrypted columns are currently only used by the authentication SSO SAML plugin and Multi-factor Authentication TOTP plugin, to store authentication-related tokens. To ensure that columns can be encrypted, we require the mcrypt PHP module to be installed. If it is not installed then features that require encryption will not be available. TL-37570 Added IntelliData plugin which allows integration with IntelliBoard Learning Analytics Platform IntelliBoard is a learning analytics platform that provides reports showing user engagement, learner completion, engagement metrics, instructor activity, progress summaries, and more. It integrates with Totara with the help of the IntelliData plugin, which is built on top of Totara's GraphQL external API. You can access this plugin via a new group of business intelligence plugins under Quick-access menu > Plugins > Business intelligence. TL-37594 Added a new 'Pathway' course format The Pathway format adds a more modern UI using Tui componentry, providing a more streamlined experience for learners. This includes: * An improved course header and administration settings * New side panel for navigation, showing the activities in order and the user's progress through the course * A content panel to display the current activity without navigating away from the course page TL-37614 Programs can now be cloned Users with the `totara/program:cloneprogram` permission can now clone programs, selecting which parts of the program to clone. Any combination of the details, course sets, and notifications can be cloned. TL-37615 Updated interface when managing program content When managing a program's course sets, the interface has been improved to be more dynamic using the Tui framework. Using a recurring course set or a competency course set still uses the old interface. The old interface can also be forced by using the 'Enable legacy program content' setting. TL-37619 Introducing tenant reports Tenant Domain Managers now have the ability to generate reports that focus exclusively on tenant-specific data. * Tenant-level reporting: Tenant Domain Managers now have the ability to generate reports that focus exclusively on tenant-specific data. Tenant Domain Managers will be required to have the `totara_reportbuilder:managereports` capability to generate tenant reports. * Data isolation for tenant members: With tenant reports, the reported data is isolated for tenant members to reflect only the content pertinent to the tenant. * My reports page: Site Managers now have the ability to create tenant-specific reports from the 'My reports' page. In order for Tenant Domain Managers to create tenant reports, we recommend allowing two capabilities on the system Tenant Domain Manager role: * totara/reportbuilder:managereports * totara/reportbuilder:overrideexportoptions TL-37726 New tenant selection filter for user reports A new tenant selection filter has been added for user reports. Users with the `totara/tenant:view` capability can use this filter to filter the users to tenant members in a report. TL-38227 Added activity completion report source TL-39058 Added new endpoints to the external API to enable the functionality necessary for integration with e-commerce platforms Introduced new functionalities to our external API, allowing integration with e-commerce platforms. Here's a breakdown of the key features: Audiences support: - Added core_cohort_static_cohorts query to retrieve a list of audiences - Added core_cohort_is_user_member query to check if a user is a member of an audience - Added core_cohort_add_cohort_member mutation to add a user to an audience - Added core_cohort_remove_cohort_member mutation to remove a user from an audience - Expanded functionality for interacting with cohorts via a core_interactor class - Added a 'tags' property to the core_cohort type Courses API upgrades: - Added core_course_courses query to retrieve a list of courses - Added core_course_is_user_enrolled query to check if a user is enrolled in a course - Added core_completion_get_course_completion query to retrieve course completion details - Added a 'tags' property to the {{core_course}} type Users API enhancements: - Added core_user_user query to retrieve details of a specific user - Added filters to core_user_users query for more refined user queries Enrolment API advancements: - Added enrol_manual_enrol_user mutation to enrol a user into a course using a manual enrol plugin - Added enrol_manual_unenrol_user mutation to unenrol a user from a course using a manual enrol plugin Security issues: TL-34338 Prevented content author information display to non-privileged users in global search Previously, it was possible for global search users to see the author of documents, even if they did not have the appropriate capabilities. Now users need the 'moodle/user:viewdetails' or 'moodle/course:viewparticipants' capability to see the author. Fixes CVE-2022-30598 Also available in 17.13 and later releases. TL-35830 Fixed trending content block showing items across tenant boundaries With this change trending content from different tenants can no longer show across tenants. Also available in 17.13 and later releases. TL-38789 Fixed possible XSS vulnerability in course activity headings on some pages TL-38845 Fixed an XSS vulnerability in activity names when restoring courses Also available in 17.13 and later releases. Visual improvements: TL-33818 Block titles are no longer all uppercase Also available in 17.9 and later releases. TL-37206 Improved the look of the legacy progress bar TL-37207 Improved the look of the quick-access menu TL-37350 Added a single point for typography to improve consistency of typography throughout the product TL-37352 Improved the look of the top navigation toolbar TL-37353 Improved styling of dropdowns Both Tui and non-Tui dropdowns now have a similar design, with rounded corners and better spacing. TL-37355 Improved styling of mobile navigation menu TL-37465 Adjusted Tui grid spacing for consistency TL-37466 Improved UI grid alignment consistency across Totara TL-37597 Improved alignment in Totara Learn's Find Learning page TL-38015 Updated dropdown menu styling TL-38016 Centre aligned breadcrumb elements vertically TL-38481 Made styling changes to the Tui Tree component TL-38490 Moved header menu dropdown chevron to the right and aligned to the end horizontally. TL-38528 Updated the default theme to be more consistent across product With this change we have aligned the look and feel across different aspects of the default theme. This includes admin forms, Tui forms, legacy forms, legacy and Tui tabs and the layout of the header and footer. TL-38534 In various pages (such as Define Roles) the page heading position is now standardised, with action buttons moved to the right. TL-38560 Updated the look of the Messages and Notifications menu items TL-38578 Updated Tui modal design TL-38612 Improved button and input styling Button, input, and select styles now no longer apply to plain buttons, inputs, and selects. Add `btn btn-default`, `form-control`, or `custom-select` classes (respectively) to elements you need to be styled. The Bootstrap implementation of button and form styling has been replaced with a custom one, compatible with the same classes, but with improved styles aligned with the Tui design system. TL-38640 Improved display of secondary nav items TL-38742 Updated the look and feel of blocks Updated the default block style to round the corners and align the padding with the rest of the site. TL-39037 Improved consistency of modals Modals have numerous CSS changes so that they look more consistent across the application. These will be applied across YUI, Bootstrap and Tui Modals. Performance improvements: TL-34242 Improved performance of seminar session list display by optimising the loading of enrollable sessions Also available in 17.6 and later releases. TL-34384 Improved performance of file picker on large sites Also available in 17.5 and later releases. TL-36192 Updated user data query to convert username to lowercase prior to execution The user data query was querying with the username in a case-insensitive way, this change converts the username to lowercase prior to execution which should improve the query's performance. Also available in 17.3 and later releases. TL-36204 Removed a needless check for new notifications happening at the start of each page Also available in 17.3 and later releases. TL-36206 Improved the performance of the Global Search API This patch improves the performance of the Global Search API in how it finds searchable areas. Also available in 17.3 and later releases. TL-36236 Optimised the query that removes orphaned competency assignment user records In some circumstances, this function was taking a long time to run and timing out. The SQL in the function was optimised. Also available in 17.3 and later releases. TL-36530 Improved the performance of the audience enrolment tab on courses when using MariaDB Also available in 17.11 and later releases. TL-36597 Improved performance of course, program and certification visibility checks when being part of a database query Also available in 17.12 and later releases. TL-36829 Improved the performance of the catalogue A logic bug was fixed in how course category caches were primed before being needed by the catalogue, the improved priming will increase cache use and decrease interaction with the database. Also available in 17.10 and later releases. TL-38548 Reduced number of database queries on the course and category management page When multitenancy is enabled an additional database query was triggered for each category to check whether the category is a tenant category or not. This is now being cached to avoid the unnecessary queries and to improve the performance of the page load. Also available in 17.13 and later releases. TL-38606 Improved the performance of the notification event queue task The performance of the task `\totara_notification\task\process_event_queue_task` has been improved by caching data which is loaded repeatedly. In addition the theme is not reset for each notification anymore which had quite an impact on performance. This has been addressed. To improve performance of the task further we recommend reviewing the setting 'SMTP session limit' (smtpmaxbulk) and consider increasing it. It defaults to 1 which means the task will create a new SMTP connection for each email it sends out and will not use an existing connection. Also available in 17.13 and later releases. Improvements: TL-30248 Added support for multi-selection position and organisation filters in tenant embedded reports Before the patch users with correct capabilities could not use multi-selection filters in tenant embedded reports. We removed the second check ability to see the report without embedded data. Also available in 17.11 and later releases. TL-33639 Added the 'new tab' icon to the warning links in the confirm activity deletion modal Also available in 17.7 and later releases. TL-33941 Improved the layout for the workflow settings on the activity management content tab Also added independent loading states for the 'On completion' and 'On due date' settings. TL-34302 Added a scheduled task for deleting expired OAuth 2.0 access tokens from the database Also available in 17.3 and later releases. TL-34814 Added a warning to seminar ad hoc messages when legacy notifications are disabled Also available in 17.1 and later releases. TL-34846 Extended create/update user services to offer more password-related options Boolean fields have been added to the create and update user mutations for 'force_password_change' and 'generate_password'. Also available in 17.2 and later releases. TL-34919 Disallowed API users from updating locked fields without valid capability if fields are locked by the authentication plugin Also available in 17.3 and later releases. TL-34922 The performance activity role change override settings now reflect the current global settings when not enabled TL-35074 Ensure sort order for seminar sessions is consistent Also available in 17.1 and later releases. TL-35096 Added the progress tracker to the activity 'View details' modal and made the sections collapsible TL-35097 Updated the 'View details' modal on a performance activity to align with the new design * The sections are now separated by role * Added the user avatar, progress status, and 'closed' message if the section is closed * Added the appropriate icon alongside the progress status TL-35098 Added a 'View more' button to the tables on the activity details modal when there are more than three participants TL-35099 Updated the 'View details' modal on a performance activity to align with the new design for anonymous responses * Included a count of the anonymous respondents excluding the current user * Included a count of the completed anonymous responses excluding the current user * Included the message 'All complete' when all other anonymous responses are complete TL-35120 Removed view-only participant instances upon relationship changes TL-35156 Added a capability to allow users access to their notification logs This adds a new capability 'totara/notification:auditownnotifications', which will allow the user to view their own notification logs. This is not added to any role by default. Also available in 17.1 and later releases. TL-35223 Added support for tenant isolation to user API Added support for tenant isolation to the external API. Tenant API clients can use external API if tenant isolation is on, and also can manage system users if they have capabilities at the system level. Also available in 17.3 and later releases. TL-35230 Added the 'Section title' multi-select filter to the performance activities response data report Also available in 17.1 and later releases. TL-35278 Added default filters to the performance activity response data reports for 'Element type', 'Response data text' and 'Review type' Also available in 17.1 and later releases. TL-35410 Added default error response_debug site setting Added a 'response_debug' setting to the API site-level settings to configure the amount of error information returned in API responses. Also available in 17.1 and later releases. TL-35460 Improved the language string for the seminar purge type Also available in 17.5 and later releases. TL-35483 Allow administrators to approve requests that require role approval Also available in 17.3 and later releases. TL-35517 Updated help for MySQL collation conversion script to advise increasing execution time Also available in 17.8 and later releases. TL-35593 Added a 'Go back' button on the performance activity content print view TL-35628 Improved documentation for API client settings token expiration form field Also available in 17.1 and later releases. TL-35898 API client can now delete an existing user custom profile field value This improvement adds a 'delete' flag to the 'custom_fields' per-field input for the 'core_user_update_user' mutation, allowing an external API client to remove custom user profile field values when updating a target user's profile. Also available in 17.2 and later releases. TL-35908 Added support to the performance activity redisplay element for redisplaying elements in previous sections of the same performance activity TL-35942 Added ability to change external API debug level setting per API client Each API client can now have its own debug level setting. Also available in 17.2 and later releases. TL-35947 Added job assignments to core_user type for the external API Also available in 17.3 and later releases. TL-36067 Replaced the manage program header with Vue componentry TL-36134 Added support for tenant isolation to job assignments external API Also available in 17.3 and later releases. TL-36137 Added a description to the 'Enable comments' setting under 'Shared services settings' Also available in 17.3 and later releases. TL-36154 Improved the performance of pluginfile.php This is achieved by responding to HTTP HEAD requests more efficiently, and detecting when file data doesn't exist. Also available in 17.3 and later releases. TL-36179 Improved error handling on tenant participant report page when opening the report without the required parameter Also available in 17.3 and later releases. TL-36187 Added support for additional languages to LinkedIn Learning Also available in 17.3 and later releases. TL-36196 Cherry-picked MDL-64454: Admin screen should show warning if cron does not run frequently A new config option has been added to specify a maximum time elapsed since last cron run before showing the warning about running the cron on the admin pages. Previously it would show after 24 hours, this allows for more regular checks. Default setting is 200 seconds. Also available in 17.3 and later releases. TL-36208 Added CLI script that allows plugins to be programmatically uninstalled A new CLI script has been added at server/admin/cli/uninstall_plugins.php It can be used to programmatically run the uninstall routines for plugins. It also can list plugins, including missing plugins which have been previously installed, but which no longer have code in place. Also available in 17.3 and later releases. TL-36217 Added a new event that is triggered when an admin uses the database search and replace tool Port of MDL-68193 / MDL-68276 to provide an audit trail when values are replaced in the database. Also available in 17.3 and later releases. TL-36327 Improved the gap between course multi-select custom fields Also available in 17.4 and later releases. TL-36347 Improved alignment for text in answers for the Lesson activity Also available in 17.8 and later releases. TL-36475 Improved the description for the seminar 'One email per day' setting The description of the setting has been improved to indicate that it only relates to legacy seminar notifications, and describes how attachments are sent when using centralised notifications. The setting is now hidden when legacy seminar notifications are disabled. Also available in 17.7 and later releases. TL-36542 Changed featured links to use editor instead of plain text TL-36552 Added middle location option for featured links headings Featured links now include the option to vertically align content to the middle of the tile. TL-36559 Added full width (no page margins) option for featured links sizing at block level TL-36641 Added setting to allow automatic redirection from login page to a selected authentication provider A new 'Automatic single sign-on redirect' setting has been added to the 'Manage authentication' settings page. When a provider is selected, users will automatically be redirected to the selected provider when accessing the login page. The redirect can be avoided by adding 'nossoautoredirect=1' to the URL. This setting has priority over any similar functionality provided by individual authentication plugins. TL-36700 Added a setting to disable enforced visibility checks in certain report sources The following reports automatically apply visibility checks for courses: * Course completion * Course completion including history * Course membership * Seminar events * Seminar sign-ups * Seminar sign-in sheet * Seminar sessions Previously it was not possible to deactivate those visibility checks and make full use of the existing content restrictions. We have now introduced a new setting in the 'General' tab of these reports which allows admins to disable the checks if required. Default behaviour for these report sources is unchanged. In addition we added the ability to use the 'Enforce sitewide visibility restrictions' content restriction for the following report sources: * Record of learning: certifications * Seminar asset assignments * Seminar facilitators assignments * Seminar room assignments * Seminar interest Also available in 17.10 and later releases. TL-36774 Added placeholders for the currently logged-in user to the featured links block This adds a new placeholder provider to allow user placeholders like `[user:full_name]` to be added to the descriptions of featured link tiles when using the Weka editor. TL-36824 Improved the help text for the seminar direct enrolment automatic signup setting Also available in 17.8 and later releases. TL-37065 Updated program and certification extension request notifications to use centralised notifications TL-37187 Updated course save to turn on editing mode by default if the user has sufficient permissions When a user saves a course, they will automatically have editing mode switched on when being redirected to the sections and activities page. TL-37260 Added requirements for Totara 18 to the environments checks page and readme file TL-37282 Added empty state for pie charts Empty states have been added for pie, doughnut and progress charts for report builder to remove unnecessary whitespace and tidy up the page. TL-37311 Set up the 'Facilitator sessions details changed' trigger to activate when there is a change in the room Whenever a room changes in the session, you will receive a notification called 'Facilitator sessions details changed'. Additionally, the title of the notification resolver has been changed from 'Facilitator sessions date/time changed' to 'Facilitator sessions details changed' to make it more suitable for all session changes. TL-37383 The quiz navigation block now appears above the page content when no block regions are available Previously when a course format or theme did not support blocks a user could not jump around between questions easily. Now the quiz will have the equivalent navigation displayed above the question that the learner is currently viewing. TL-37438 Added option to unset the 'force password change' flag to bulk user actions It is now possible to run a bulk user action to remove the 'force password change' flag from a large number of users at the same time. TL-37493 Improved the responsiveness of learning plan page content Also available in 17.8 and later releases. TL-37525 Added support for PostgreSQL 15 TL-37527 Added support for MariaDB 10.11 TL-37587 Added new 'Display link' option in URL and File course resources A new 'Display link' setting has been added to the URL and File course resources and is available in these resources by default. When enabled in a URL or File resource, clicking the resource will show a page containing a link to the URL or file. When clicked, the URL or file will be opened in the current page. When the course format is set to Pathway, only the Link and Embed options can be used. TL-37623 Added more specific information to course completion log In the completion log, added text to indicate which function was responsible for the call to completion_completion::_save. Also available in 17.8 and later releases. TL-37640 Added exclude_courses hook to the Current learning block The new hook on the Current learning block gives third-party components the ability to exclude specific courses from appearing in the Current learning block. In addition the exclude courses argument on the Last course accessed block has been updated to be passed by reference. TL-37650 Refined the naming conventions for tenant pages to ensure consistency with our help documentation This improvement aims to make it easier for users to locate the information they need and navigate through the system effortlessly. TL-37651 Modify auto-guest login behaviour to only occur on courses with guest access enabled Previously it was possible to configure site-wide guest access such that a user would be enrolled as a guest when visiting a course that didn't have guest access enabled. This would then lead to an error and prevent them from being directed to login. Now in the same situation the user will only be auto logged in as a guest if the course they are visiting has guest enrolment enabled. TL-37655 Hide Feedback preview mode control to avoid non-submissions User feedback pointed out that users were able to mistakenly view a Feedback preview, thinking their feedback was being submitted. The user control for this has been visually hidden, but the functionality still remains. TL-37656 Added small visual improvements to Quiz module question and control display Display of images inserted into Quiz module questions and minor spacing changes have been made to make minor visual alignment and readability improvements. TL-37693 Improved the edit behaviour of multi-choice questions when there are already answers submitted When a user tries to update the values of a 'Multi-choice' or 'Multi-choice (rated)' question, the warning banner will be displayed and warns the user of potential data corruption or data loss. Also available in 17.12 and later releases. TL-37694 Rearranged user report output so that session can be closed before report data is fetched and displayed Report builder now closes the user session before fetching user report data, meaning that long-running reports no longer prevent a user from carrying out other actions in the system. Also available in 17.12 and later releases. TL-37729 It is now possible to grant the 'log in as' capability to Tenant Domain Managers TL-37752 Restricted access to the Feedback module's preview feature to roles capable of editing the module TL-37854 Added language string support for section and field labels in approval workflow forms TL-37870 Updated environment checks for PHP Just-In-Time opcache compilation Totara currently does not support PHP with Just-In-Time compilation enabled. This change adds a check to both the install/upgrade environments check, and the internal environments check page. Also available in 17.11 and later releases. TL-37883 Added a lozenge on edit report page for tenant reports Added a lozenge on tenant reports in edit report page to indicate that it is a tenant report. TL-38055 Added description field to approval workflow forms TL-38065 Cleaned up the approval workflow class to allow for easier extendability TL-38075 Moved feature text to below title in catalogue TL-38093 Changed default event filter when learner views a seminar When learners navigate to a seminar, if they have upcoming booked events then the 'Booked' filter will automatically be applied. If they have no upcoming booked events, or they navigate to the seminar by clicking 'All events', then the 'Booked' filter will not be applied. TL-38112 Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10) that are not supported Also available in 17.12 and later releases. TL-38145 Swapped user menu language list for a language preferences link In the user menu we no longer have quick-switching of languages available. Instead, there is now a link to the user language preferences page. As changing languages is usually fairly infrequent, this should declutter the menu. TL-38156 Removed dashed separator and find workspace link from workspace sidebar TL-38206 Added hook to base event class A new hook has been added to the base event class to allow watchers to modify event content. TL-38207 Added report log hook for modification of user's full name TL-38222 Added lang string support for the content of the help icons in approval workflows TL-38235 Added multitenancy support to the course completion report source TL-38397 Improved error messages when notifications scheduled tasks encounter errors Also available in 17.12 and later releases. TL-38409 Renamed centralised notifications scheduled tasks to make them easier to understand Also available in 17.12 and later releases. TL-38445 Page layouts no longer display the breadcrumbs bar when the theme "nonavbar" is set to true TL-38734 Prevented notification processing warnings if the event context they relate to no longer exists Also available in 17.13 and later releases. TL-38767 Prevent users from running more than one report simultaneously Recently we introduced a change which allows a user to continue using the site while a report loads in another tab/window. This inadvertently allowed a user to run more than one report at once. With this change, only one user report or report export (user or embedded) can be run at once. Viewing embedded reports are excluded, so that pages which render embedded reports will continue to work as normal. Also available in 17.13 and later releases. TL-38897 Improved warning message in the performance tab of reports when caching is not available Also available in 17.13 and later releases. Accessibility improvements: TL-28041 Updated focus styles to meet future accessibility requirements Focus rings are now 2px thick and solid instead of dashed. Now that :focus-visible is supported by all of our supported browsers, we have also made use of it where possible, in order to only show the focus ring when navigating by keyboard. TL-37400 Notification content in the list of received notifications is now accessible via keyboard Bug fixes: TL-23403 Fixed modals closing when you click and drag from the inside to the outside TL-36934 Fixed the full text search for MySQL binary mode to prevent wildcard character errors Also available in 17.13 and later releases. TL-37199 Fixed course completion historic grades corrupted by course changes When changing course grades, historic course completions are affected and the 'Grade at time of completion' column in reports does not reflect the right information as the grade is taken from the current information stored in the grade tables for the course and not the information at the time the historic record was created. To fix that, we have included two more fields in the course_completion_history database table to fill accordingly when this happens. The new report builder column 'Grade at time of completion' will now display the value calculated using the course grade minimum and maximum that were set at the time the grade was achieved. On upgrade, all records of prior learning will be updated to include the current course min and max grade. If the course max or min grade has changed since the completion records were added then they may appear to have a different 'Grade at time of completion' compared to what they originally had. This can be corrected manually by using the completion editor and setting the course grade min and max that were present at the time the grade was achieved. When resetting and therefore archiving all completion records any record with values in the rplgrade database column was not properly transformed to decimal values usually stored in the course_completion_history table. This has also been addressed with this patch. Changes introduced with this fix: * Added new fields grademax and grademin to the course_completion_history DB table. * Added new fields "Maximum Grade" and "Minimum Grade" to be filled when creating or editing historic course completions in the completion editor. * The "Grade at completion" report builder column has been renamed to "Grade based on current course" in the course completion reports. * A new "Grade at time of completion" report builder column has been added to the course completion reports and its value is calculated based on min/max grade at the time of completion for historic records and current completion records deemed as completed by the user. This column replaces the renamed default column "Grade at completion" for reports based on the "Course Completion Including History" or "Record of Learning: Previous Course Completions" report sources. TL-37205 Fixed the UTF-8 encoding of embedded calendar blocks in emails for foreign characters Also available in 17.13 and later releases. TL-37292 Removed confusing help text from the Virtual Meeting Provider Connect button Also available in 17.13 and later releases. TL-37324 Fixed featured link heading levels and sizes TL-37602 Created correct supersede submission after rejecting approval workflow application Also available in 17.13 and later releases. TL-37645 Fixed incorrect path in eslintignore file TL-37683 Fixed visibility map query causing database crash on MariaDB 10.8 Only on MariaDB 10.8 the visibility map query causes the database to crash. This has been addressed now. Also available in 17.13 and later releases. TL-37757 Removed broken help links from the course activity selector TL-37808 Fixed the alignment of popups in reports grid TL-37812 Event custom field URLs are no longer double-escaped in notifications TL-37841 Prevent infinite redirect when receiving Oauth2 errors and admin setting 'loginpageredirect' is enabled In some situations, instead of displaying an OAuth2 authentication error users could end up in an infinite loop of redirects if the site has enabled the admin setting 'loginpageredirect' and set it to use the OAuth2 provider. TL-37984 Updated event log description for tenant reports TL-38021 Fixed find learning popup escaping bounds of item grid TL-38098 Added a legacy Moodle constant back into Totara, so the Big Blue Button plugin can still operate Also available in 17.13 and later releases. TL-38233 Deprecated \core_component::get_component_classes_in_namespace() This method has a big performance impact and should not be used anymore. \core_component::get_namespace_classes() can be used instead. All existing usages have been replaced with calls to \core_component::get_namespace_classes() and tests added to make sure both return the same result. TL-38570 Fixed User profile hover style TL-38626 Updated LTI OAuth provider URL The previous server reference for the LTI OAuth provider was not working when a reverse proxy was set. This change updates the URL to reference $FULLME, rather than the $_SERVER vars TL-38653 Ensured content marketplace course activity visible if completed_initial_sync_learning_asset was failed to set LinkedIn Learning's initial sync task should set the completed_initial_sync_learning_asset flag to true. If the initial process is interrupted LinkedIn Learning courses can be used but they are not available in the list when adding activities to an existing course. After the patch, you can add available courses as activities even if the initial sync task has not finished successfully. Also available in 17.13 and later releases. TL-38670 Restored missing headings in the external API documentation Also available in 17.13 and later releases. TL-38704 Removed the ability to select a system user using the user_reference_record class as a tenant API user As part of this change, the behaviour of user_record_reference::get_record() (released in Totara 17) will no longer check the acting user's ability to see the target user. Please use user_record_reference::load_for_viewer() in custom GraphQL resolvers instead. Also available in 17.13 and later releases. TL-38788 Improved display of the review options section when editing a quiz's settings TL-38829 Added language strings for machine learning, JSON editor and multi-factor authentication on the plugins page Also available in 17.13 and later releases. TL-38938 Session language is reset when the user changes their language preference In some situations a language preference may be persisted to session. When a user changes their preferred language, previously Totara would not reset the session language, so the new language would not kick in until the user logged out and logged back in. With this fix, changing the preferred language option should immediately work for a user. TL-38955 Added title to reports pages when accessed by users who do not have access to it via the admin tree TL-39064 Prevented user list queries being triggered on initial load on the performance activity participant select page Previously, each user selector on the participant selection page for performance activities triggered a GraphQL query on page load to fetch the initial set of users. The more activities are listed on the page the longer it took for all initial queries to finish. During this time the user could not search in any of the user selectors. This patch ensures that GraphQL queries are only triggered when interacting with a user selector. Also available in 17.13 and later releases. TL-39104 Fixed the environment check for Totara 18 and MariaDB reporting incorrect incompatible versions Also available in 17.13 and later releases. Database upgrades: TL-36237 Introduced index for suspended column on user table Also available in 17.3 and later releases. TL-36808 Allow memoization for Postgres 14.2 and above. PostgreSQL 14 introduced memoization as a feature that can improve performance. However with PostgreSQL versions 14.0 or 14.1 it would cause several Totara queries to return incorrect results. Because of this a requirement was added for PostgreSQL 14 that the enable_memoize flag be set to off. This has been fixed from PostgreSQL 14.2. With this patch in place the enable_memoize=off setting is only required if you're using PostgreSQL 14.0 or 14.1. Also available in 17.7 and later releases. Technical changes: TL-35168 Added new after_require_login and after_config hooks There is a new hook at the end of the require_login() function 'after_require_login' that can be used to customise the function. There is also a new 'after_config' hook at the end of setup.php allowing customisations to be run as soon as possible after the config has been loaded. Also available in 17.3 and later releases. TL-35277 Remove unnecessary core component check in api builds Previously there was a check that the core component was included in the list of components on the front end. However the backend ensures the core component is always included, so it was unnecessary. Also available in 17.1 and later releases. TL-35315 Added custom field type property to core_user.custom_fields object Also available in 17.3 and later releases. TL-36039 Support for IE-specific JS and CSS builds and polyfills have been removed With partner consultation, we made the decision [to drop support for IE 11 in Totara 17](https://totara.community/mod/forum/discuss.php?d=26053). While Totara 17 does not support IE 11, the supporting build tooling and JavaScript polyfills were still present. In line with our announced plan, these were removed in Totara 18. See the [end-user system requirements](https://totara.help/docs/end-user-system-requirements) documentation for all supported browser versions. TL-36210 Redis cache store can now compress data before storage The Redis cache store now has a compression setting that allows a site to configure a Redis cache store to compress data before it is sent for storage. The options available are no compression, gzip compression, and zstandard compression (providing zstandard is available). Also available in 17.3 and later releases. TL-36274 The Redis5 session handler now supports connecting via TLS Also available in 17.6 and later releases. TL-36403 Added 'mobile_coursecompat' property to the catalog_item GraphQL type, so it could be used in the mobile_findlearning_view_catalog GraphQL query Also available in 17.7 and later releases. TL-36430 Added a new hook 'auth_enable' to allow watchers to interrupt the enabling of a specific auth plugin Added a new core hook which can be used by third-party plugins to prevent specific authentication plugins from being enabled, and optionally provide a reason which will be displayed to the user if they try to enable one. Also available in 17.4 and later releases. TL-36652 Added new /api/pluginfile.php endpoint for downloading files via external API TL-36727 Added a method to the flavour helper class to detect if the table belongs to the specified flavour TL-36840 Added require_plugin_enabled middleware that checks if the specified plugin is enabled TL-36845 Allowed flex_icons to be instantiated without checking they are valid Previously, when a flex_icon was instantiated, it was checked to make sure it existed. To do this, the theme had to be initialised. To avoid this, it is now possible to specify that the check should be skipped. Also available in 17.6 and later releases. TL-36878 Added hooks for setting page layout, modifying header, modifying footer Added 3 new hooks to modify page output: * The 'set_page_layout' hook allows modifications to the page layout * The 'modify_header' hook allows modifications to the HTML header * The 'modify_footer' hook allows modifications to the HTML footer TL-36882 Updated page_requirements_manager to support more detailed tracking of requirements The page_requirements_manager now tracks page-specific requirements separately from system-level requirements, in order to better support modernisation of the UI. If you have extended page_requirements_manager, you may need to update your code. TL-36889 Added new hook triggered when 'setup_blocks()' is called This hook will allow a single place for additional course formats to set the page layout, this should only ever be called once in the page setup. TL-36905 Added visible field to course activities and modules GraphQL types TL-36921 Added a new hook 'activity_enable' to allow watchers to interrupt the enabling of a specific activity module Added a new core hook which can be used by third-party plugins to prevent specific activity modules from being enabled, and optionally provide a reason which will be displayed to the user if they try to enable one. Note that this will not disable the plugin if it is enabled, but it will prevent it from being enabled if currently disabled. TL-36922 Added a new hook 'format_enable' to allow watchers to interrupt the enabling of a specific course format plugin Added a new core hook which can be used by third-party plugins to prevent specific course format plugins from being enabled, and optionally provide a reason which will be displayed to the user if they try to enable one. Note that this will not disable the plugin if it is enabled, but it will prevent it from being enabled if currently disabled. TL-37278 Added a hook to allow course formats to control which activities can be added This hook is currently used by the new pathway format to limit the options when adding activities to a course, the limitations are: * Wiki * Book * Folder * Data * Label TL-37452 Legacy action menus are initialised at the time they are added to the DOM TL-37613 Modernised the back-end code for programs * TL-35960 - Cleaned up old deprecated code in the program code * TL-35966 - Moved old program classes into new auto-loaded namespaces. The classes in the following program files classes are no longer being used and have been deprecated, please refer to the programs upgrade.txt for a more detailed list of class names and suggested alternatives: - program.class.php - program_content.class.php - program_courseset.class.php - program_user_assignment.class.php - program_assignments.class.php - program_exception.class.php - program_exceptions.class.php - program_message.class.php, - program_messages.class.php * TL-36875, TL-36838 - Further modernisation improvements to the newly namespaced classes, including: - Additional docblocks - Additional parameter type hinting - Additional return type hinting * TL-35984, TL-36019, TL-36020 - Added entity and repository classes for core program tables, covering: - Programs (ttr_prog) - Group assignments (ttr_prog_assignment) - User assignments (ttr_prog_user_assignment) - Future user assignments (prog_future_user_assignment) - Exceptions (ttr_prog_exception) - Extension requests (ttr_prog_extension) - Completions (ttr_prog_completion) - Course sets (ttr_prog_courseset) - Course set courses (prog_courseset_course) - Recurrence settings (prog_recurrence) TL-37664 Added reset_theme_and_output hook TL-38113 Upgraded PHPUnit to 9.6.11 and Paratest to 6.8.1 and added tool to generate coverage map The CLI tool "test/phpunit/generate-coverage.map.php" has been added. It enables developers to update the phpunit.xml file, adding the files/directories which should be included/excluded for code coverage generation. The tool comes with a --help option. TL-38126 PHPUnit test file and class names now conform to a new standard PHPUnit test files must now conform to the following standard: * Test file names must end with "_test.php" * Test class names must be "_" (which always ends in _test) * Test files can only contain a single test class * Namespaces are not allowed in test files * advanced_testcase and basic_testcase can no longer be used Future improvements will see namespacing allowed providing it follows a standardised pattern, and will see autoloading improved so that in the future we can look to migrate to PHPUnit 10. Only standard core plugins _must_ conform to these standards, but other plugins _should_ conform. Also available in 17.11 and later releases. TL-38154 Added PHPUnit commands in test/phpunit/phpunit.php to run code coverage more easily TL-38200 Database module static caching is reset during unit tests Also available in 17.11 and later releases. TL-38634 Updated the unserialize array function to support some extra characters This updates the unserialize_array() function moodlelib, allowing support for characters like semi-colons. Also available in 17.12 and later releases. Tui front end framework: TL-34425 The filters icon was removed from FilterBar TL-34732 Added new AdvancedSelect component for the SelectTable component to provide a consistent UI for customisable bulk selections TL-35991 Created new core component InputGroup to handle multiple use cases for password input field Also available in 17.3 and later releases. TL-36239 Fixed audience adder being cut off in Safari 13.1 Also available in 17.3 and later releases. TL-36251 Fixed issue where buttons in dropdowns would not get separators applied Also available in 17.3 and later releases. TL-36379 Added a course adder Tui component This is designed to be used by Tui components to find courses and return them back to the calling component. TL-36495 Fixed display issue in the tree component where siblings sometimes looked like child nodes Also available in 17.5 and later releases. TL-36697 FilterBar component now uses the button component for the reset button Previously the reset button was a ButtonIcon component. TL-36713 A `copyText` clipboard helper is now available in `tui/dom/clipboard` TL-36714 Improved sizing of InputGroup InputGroupInput is now sized correctly when the type prop is not supplied, and InputGroup now supports the char-length prop. Also available in 17.5 and later releases. TL-36804 Fixed double scroll bar on adder core component. Also available in 17.9 and later releases. TL-36805 Added ability to add indicator icons to tabs TL-36843 Fixed InputSetCol sometimes being sized inconsistently TL-36965 Updated the Tag component to include various new properties * bold: A boolean which sets the font weight of the main text to bold * label: A string for providing a label text in addition to the main text * large: A boolean that increases the text size, padding, and border radius of the tag * noBorder: A boolean that removes the border from the tag These changes were made to accommodate the features in TL-36966. TL-37404 Added hidden state to ProgressTrackerNavCircleWorkflow.vue TL-37434 Aligned collapsible chevron to the top of collapsible components TL-37470 Confirmation modals can no longer be dismissed while the action is executing TL-37609 Refactored Tui Grid gutter handling to allow custom 2-d values Before this change, Grid component gutters accepted a single gutter size, although based on a CSS variable, the single usage limited all Grids to have the same gutter sizing regardless of their placement on the page, e.g. Page layout or deeply nested. This change refactors both vertical and horizontal gutters so that different values can be used for each axis, per-Grid. The Tui Samples page demonstrates the changes available via new props. TL-38210 Added a large variant to inputs TL-38438 Added lint warning for $str / getString usages that cannot be automatically replaced TL-38470 Added a new "drawer" style modal Recommendations engine: TL-37444 Upgraded the requests library to version 2.26.0 Also available in 17.8 and later releases. Library updates: TL-35875 Upgraded the library Video.js to version 7.21.1 Fixes CVE-2022-39353 Also available in 17.4 and later releases. TL-37326 Updated the nyholm/psr7 library to version 1.6.1 Fixes CVE-2023-29197 Also available in 17.7 and later releases. TL-37450 Updated the tcpdf library to version 6.6.2 With this change the ability to generate a QR code via the pdf library is now possible, by calling pdf::qr. TL-37451 Added the Constant Time Encoding library The Constant Time Encoding library has been included and the base32 encode/decode functions are now available. Contributions: * James Tombs at Think Learning - TL-36597 * Michael Trio at Kineo USA - TL-34242