Hello everyone,
The following versions of Totara Learn have now been released:
These versions do contain security fixes, and for this reason, we strongly recommend the upgrade.
Each release also includes various bug fixes and improvements.
Kind regards Release Team
Release 18.3 (26th February 2024):
Security issues:
TL-37622 Fixed bypass of SSRF protection for specific IP addresses
Performance improvements:
TL-36115 Split query in batches to improve performance of the completion_start_user_bulk function
TL-39258 Addressed performance issues with performance activity participation management and response reporting
Previously, the participation management and response reporting relied on
database queries to check for the
'mod/perform:manage_subject_user_participation' and
'mod/perform:report_on_subject_responses' capabilities which in certain
conditions are very costly and can lead to poor performance.
To address this, we simplified the logic to rely solely on new capabilities in
combination with checking whether the users are managed directly by the current
user.
If the role of the current user has the new capabilities assigned it will
automatically use the simplified and more performant check. Please note that
this version might not be suitable for every use case. Its suitability would
need to be carefully evaluated before making use of it. The new capabilities
will not be added automatically on upgrades. On installation only
'mod/perform:manage_staff_participation' will be added automatically.
* New capability 'mod/perform:manage_staff_participation':
When a user has this capability assigned in their own context, they will be able
to access the 'Manage participation' functionality for their direct staff only,
according to their job assignments.
* New capability 'mod/perform:report_on_staff_responses':
Similarly, when a user has this capability assigned in their own context, they
will be able to access the 'Performance activity response data' reports for
their direct staff only, according to their job assignments.
Improvements:
TL-38579 Added hook to alter reports before they are processed
We added a new hook 'totara_reportbuilder\hook\scheduled_report_pre_process'
which can be used to alter reports before they are processed.
TL-38615 Added a landing page for managers to view their team members' goals
Managers can now view their team members' Totara goals by going to Develop >
Team, then clicking the 'Goals' link under a team member's name. This page is
identical to what the team member sees, and the manager can add/edit/delete
goals for that team member as well.
The manager goal landing page is also accessible from the team member's
performance overview page (Develop > Team > Performance overview). If the
manager clicks on the goals section title, they will see all of the goals for
that team member. Clicking on one of the displayed goals in the various overview
progress sections will take the manager to that specific goal for the team
member.
TL-39195 Added the ability to schedule 'program assigned' messages after the assignment
With the updated UI separating program assignments and the setting of the due
date for the assignment, it was found that sometimes the instant ‘assigned
notification’ would send before the due date was entered. This would lead to
notifications that used the due date replacement variable saying 'No due date
set'. These can now be scheduled to go out the next day, giving the admin plenty
of time to set the due date.
TL-39588 Allow usage of tags in Engage content
Administrators can now select to use tags instead of topics. Regardless of which
tag collection Engage is set to use, it only allows "standard" tags, so if you
switch it to the default collection please check your tags are marked as
standard.
Endpoints formerly used for managing topics now redirect to the standard tag
management interface.
Bug fixes:
TL-36762 Fixed issue where learners with the mod/facetoface:signupwaitlist capability cannot sign up for an event that does not have an available seat
TL-37464 Tenant dynamic audiences will no longer add or remove members if the tenant is deleted
Previously when a tenant was deleted, any dynamic audiences belonging to that
tenant automatically became system-level audiences, which meant that unexpected
users could be added to audience. Now when a tenant is deleted the dynamic
audience is frozen, and members will not be added or removed until an
administrator edits it and adjusts the rules.
TL-37760 Updated the name of the 'job assignment start date' option for program relative due date assignments
The name of this option was updated to ‘Position start date’ to more
accurately reflect its behaviour.
TL-37793 Fixed that course notifications were being sent to users despite them being unenrolled or suspended
TL-38183 Fixed caching issue when uploading a theme logo file with the same name as the current logo
TL-38185 Fixed exception being thrown when updating the seminar with 'require event over' setting sets
TL-38625 Extended date range for certification completion window
TL-38668 Fixed a zero display value for the Menu customfield
TL-38842 Fixed LinkedIn Learning sync if it fails on initial sync
TL-38965 Fixed goal formatters to return null for (effectively) empty goal description
TL-39076 Fixed [recipient:url] placeholder not working in notifications
TL-39131 Fixed H5P 'General' section heading spacing and form legend spacing
TL-39132 Added missing alt tag on QR code image in the MFA TOTP
TL-39190 Fixed that the text editor for the textarea custom field is inconsistent
TL-39392 Fixed a case where the 'View full notification' link may have overlapped with a notification in the notifications window
TL-39434 Fixed a format float function when the decimal points is 'zero' and 'strip zeroes' is true
TL-39540 Fixed Weka editor missing associated form label in some cases
TL-39569 Changed breadcrumbs to use 'Home' instead of 'Dashboards' as the base element
TL-39571 Improved keyboard navigation on the learning type list in the catalogue
The up, down, and space keys now navigate and select the lists.
TL-39579 Fixed an issue where the certifications completion cron could hit exceptions updating course due dates
TL-39587 Fixed user 'Request data export' ad hoc task to return missing Totara goals info
TL-39589 Linked the category select to the category label on the Find learning page
TL-39625 Fixed user data purging for Totara goals
TL-39756 Fixed heading structure in user profile page
TL-39759 Fixed an issue with guest access to front page and catalogue when 'Auto-login guests' settings is enabled
In TL-36454 in version 18 we modified the behaviour of 'Auto-login guests'
setting with the intention of avoiding signing in users as guests on courses
where guest enrolment was disabled. This had the unintended side effect of also
preventing guests from accessing the site homepage and course catalogue.
This fix restores the original behaviour while retaining the intended change to
courses without guest enrolment enabled.
TL-39534 Fixed an accessibility issue on the Totara navigation close button by adding the menuitem role on the close anchor tag
TL-39536 Fixed an accessibility issue on the quick-access menu by changing the aside element to a div
TL-39537 Fixed an accessibility issue on the course navigation and admin subnavigation blocks by adding the correct roles to the list items
TL-39560 Fixed an accessibility issue with the current learning block items icons by adding alt text
TL-39562 Fixed an accessiblity issue in user menu link by changing the attribute title to aria-label
TL-39567 Removed empty caption elements from report builder tables
TL-39570 Fixed site logo link's accessible name
TL-39573 Fixed skip links on user profile page to specifically reference the block that is skipped
TL-39592 Fixed focus issue on help popover
Keyboard focus for the help popover now begins on the popover itself, rather
than the close button.
TL-39613 Fixed focus indicator in form content
TL-39615 Fixed 'Skip to main content' on the dashboards not scrolling to the top of the main column
TL-39745 Fixed focus ring overlapping link text
TL-39757 Fixed accessibility warning on Find learning page (duplicate landmarks)
Release 17.16 (26th February 2024):
Security issues:
TL-37622 Fixed bypass of SSRF protection for specific IP addresses
Performance improvements:
TL-36115 Split query in batches to improve performance of the completion_start_user_bulk function
TL-39258 Addressed performance issues with performance activity participation management and response reporting
Previously, the participation management and response reporting relied on
database queries to check for the
'mod/perform:manage_subject_user_participation' and
'mod/perform:report_on_subject_responses' capabilities which in certain
conditions are very costly and can lead to poor performance.
To address this, we simplified the logic to rely solely on new capabilities in
combination with checking whether the users are managed directly by the current
user.
If the role of the current user has the new capabilities assigned it will
automatically use the simplified and more performant check. Please note that
this version might not be suitable for every use case. Its suitability would
need to be carefully evaluated before making use of it. The new capabilities
will not be added automatically on upgrades. On installation only
'mod/perform:manage_staff_participation' will be added automatically.
* New capability 'mod/perform:manage_staff_participation':
When a user has this capability assigned in their own context, they will be able
to access the 'Manage participation' functionality for their direct staff only,
according to their job assignments.
* New capability 'mod/perform:report_on_staff_responses':
Similarly, when a user has this capability assigned in their own context, they
will be able to access the 'Performance activity response data' reports for
their direct staff only, according to their job assignments.
Improvements:
TL-38579 Added hook to alter reports before they are processed
We added a new hook 'totara_reportbuilder\hook\scheduled_report_pre_process'
which can be used to alter reports before they are processed.
TL-39195 Added the ability to schedule 'program assigned' messages after the assignment
With the updated UI separating program assignments and the setting of the due
date for the assignment, it was found that sometimes the instant ‘assigned
notification’ would send before the due date was entered. This would lead to
notifications that used the due date replacement variable saying 'No due date
set'. These can now be scheduled to go out the next day, giving the admin plenty
of time to set the due date.
TL-39593 Removed advanced element indicator for forms
Bug fixes:
TL-36762 Fixed issue where learners with the mod/facetoface:signupwaitlist capability cannot sign up for an event that does not have an available seat
TL-37464 Tenant dynamic audiences will no longer add or remove members if the tenant is deleted
Previously when a tenant was deleted, any dynamic audiences belonging to that
tenant automatically became system-level audiences, which meant that unexpected
users could be added to audience. Now when a tenant is deleted the dynamic
audience is frozen, and members will not be added or removed until an
administrator edits it and adjusts the rules.
TL-37760 Updated the name of the 'job assignment start date' option for program relative due date assignments
The name of this option was updated to ‘Position start date’ to more
accurately reflect its behaviour.
TL-37793 Fixed that course notifications were being sent to users despite them being unenrolled or suspended
TL-38183 Fixed caching issue when uploading a theme logo file with the same name as the current logo
TL-38185 Fixed exception being thrown when updating the seminar with 'require event over' setting sets
TL-38625 Extended date range for certification completion window
TL-38668 Fixed a zero display value for the Menu customfield
TL-38842 Fixed LinkedIn Learning sync if it fails on initial sync
TL-39076 Fixed [recipient:url] placeholder not working in notifications
TL-39190 Fixed that the text editor for the textarea custom field is inconsistent
TL-39540 Fixed Weka editor missing associated form label in some cases
TL-39561 Fixed colour contrast and focus state on the input fields
TL-39569 Changed breadcrumbs to use 'Home' instead of 'Dashboards' as the base element
TL-39571 Improved keyboard navigation on the learning type list in the catalogue
The up, down, and space keys now navigate and select the lists.
TL-39572 Improved contrast of card focus indicators to meet WCAG standards
TL-39579 Fixed an issue where the certifications completion cron could hit exceptions updating course due dates
TL-39589 Linked the category select to the category label on the Find learning page
TL-39756 Fixed heading structure in user profile page
TL-39534 Fixed an accessibility issue on the Totara navigation close button by adding the menuitem role on the close anchor tag
TL-39536 Fixed an accessibility issue on the quick-access menu by changing the aside element to a div
TL-39537 Fixed an accessibility issue on the course navigation and admin subnavigation blocks by adding the correct roles to the list items
TL-39560 Fixed an accessibility issue with the current learning block items icons by adding alt text
TL-39562 Fixed an accessiblity issue in user menu link by changing the attribute title to aria-label
TL-39567 Removed empty caption elements from report builder tables
TL-39570 Fixed site logo link's accessible name
TL-39573 Fixed skip links on user profile page to specifically reference the block that is skipped
TL-39592 Fixed focus issue on help popover
Keyboard focus for the help popover now begins on the popover itself, rather
than the close button.
TL-39613 Fixed focus indicator in form content
TL-39615 Fixed 'Skip to main content' on the dashboards not scrolling to the top of the main column
TL-39745 Fixed focus ring overlapping link text
TL-39757 Fixed accessibility warning on Find learning page (duplicate landmarks)
Release 16.22 (26th February 2024):
Performance improvements:
TL-36115 Split query in batches to improve performance of the completion_start_user_bulk function
TL-39258 Addressed performance issues with performance activity participation management and response reporting
Previously, the participation management and response reporting relied on
database queries to check for the
'mod/perform:manage_subject_user_participation' and
'mod/perform:report_on_subject_responses' capabilities which in certain
conditions are very costly and can lead to poor performance.
To address this, we simplified the logic to rely solely on new capabilities in
combination with checking whether the users are managed directly by the current
user.
If the role of the current user has the new capabilities assigned it will
automatically use the simplified and more performant check. Please note that
this version might not be suitable for every use case. Its suitability would
need to be carefully evaluated before making use of it. The new capabilities
will not be added automatically on upgrades. On installation only
'mod/perform:manage_staff_participation' will be added automatically.
* New capability 'mod/perform:manage_staff_participation':
When a user has this capability assigned in their own context, they will be able
to access the 'Manage participation' functionality for their direct staff only,
according to their job assignments.
* New capability 'mod/perform:report_on_staff_responses':
Similarly, when a user has this capability assigned in their own context, they
will be able to access the 'Performance activity response data' reports for
their direct staff only, according to their job assignments.
Bug fixes:
TL-36762 Fixed issue where learners with the mod/facetoface:signupwaitlist capability cannot sign up for an event that does not have an available seat
TL-37464 Tenant dynamic audiences will no longer add or remove members if the tenant is deleted
Previously when a tenant was deleted, any dynamic audiences belonging to that
tenant automatically became system-level audiences, which meant that unexpected
users could be added to audience. Now when a tenant is deleted the dynamic
audience is frozen, and members will not be added or removed until an
administrator edits it and adjusts the rules.
TL-37760 Updated the name of the 'job assignment start date' option for program relative due date assignments
The name of this option was updated to ‘Position start date’ to more
accurately reflect its behaviour.
TL-37793 Fixed that course notifications were being sent to users despite them being unenrolled or suspended
TL-38668 Fixed a zero display value for the Menu customfield
TL-38842 Fixed LinkedIn Learning sync if it fails on initial sync
TL-39579 Fixed an issue where the certifications completion cron could hit exceptions updating course due dates
Release 15.28 (26th February 2024):
Performance improvements:
TL-36115 Split query in batches to improve performance of the completion_start_user_bulk function
TL-39258 Addressed performance issues with performance activity participation management and response reporting
Previously, the participation management and response reporting relied on
database queries to check for the
'mod/perform:manage_subject_user_participation' and
'mod/perform:report_on_subject_responses' capabilities which in certain
conditions are very costly and can lead to poor performance.
To address this, we simplified the logic to rely solely on new capabilities in
combination with checking whether the users are managed directly by the current
user.
If the role of the current user has the new capabilities assigned it will
automatically use the simplified and more performant check. Please note that
this version might not be suitable for every use case. Its suitability would
need to be carefully evaluated before making use of it. The new capabilities
will not be added automatically on upgrades. On installation only
'mod/perform:manage_staff_participation' will be added automatically.
* New capability 'mod/perform:manage_staff_participation':
When a user has this capability assigned in their own context, they will be able
to access the 'Manage participation' functionality for their direct staff only,
according to their job assignments.
* New capability 'mod/perform:report_on_staff_responses':
Similarly, when a user has this capability assigned in their own context, they
will be able to access the 'Performance activity response data' reports for
their direct staff only, according to their job assignments.
Bug fixes:
TL-36762 Fixed issue where learners with the mod/facetoface:signupwaitlist capability cannot sign up for an event that does not have an available seat
TL-37760 Updated the name of the 'job assignment start date' option for program relative due date assignments
The name of this option was updated to ‘Position start date’ to more
accurately reflect its behaviour.
TL-38842 Fixed LinkedIn Learning sync if it fails on initial sync
Release 14.33 (26th February 2024):
Performance improvements:
TL-39258 Addressed performance issues with performance activity participation management and response reporting
Previously, the participation management and response reporting relied on
database queries to check for the
'mod/perform:manage_subject_user_participation' and
'mod/perform:report_on_subject_responses' capabilities which in certain
conditions are very costly and can lead to poor performance.
To address this, we simplified the logic to rely solely on new capabilities in
combination with checking whether the users are managed directly by the current
user.
If the role of the current user has the new capabilities assigned it will
automatically use the simplified and more performant check. Please note that
this version might not be suitable for every use case. Its suitability would
need to be carefully evaluated before making use of it. The new capabilities
will not be added automatically on upgrades. On installation only
'mod/perform:manage_staff_participation' will be added automatically.
* New capability 'mod/perform:manage_staff_participation':
When a user has this capability assigned in their own context, they will be able
to access the 'Manage participation' functionality for their direct staff only,
according to their job assignments.
* New capability 'mod/perform:report_on_staff_responses':
Similarly, when a user has this capability assigned in their own context, they
will be able to access the 'Performance activity response data' reports for
their direct staff only, according to their job assignments.
Bug fixes:
TL-36762 Fixed issue where learners with the mod/facetoface:signupwaitlist capability cannot sign up for an event that does not have an available seat
TL-37760 Updated the name of the 'job assignment start date' option for program relative due date assignments
The name of this option was updated to ‘Position start date’ to more
accurately reflect its behaviour.
Release 13.41 (26th February 2024):
Bug fixes:
TL-36762 Fixed issue where learners with the mod/facetoface:signupwaitlist capability cannot sign up for an event that does not have an available seat
TL-37760 Updated the name of the 'job assignment start date' option for program relative due date assignments
The name of this option was updated to ‘Position start date’ to more
accurately reflect its behaviour.