Hello everyone,
The following versions of Totara have now been released:
Each of these releases includes various bug fixes and improvements.
A big thanks to the following people for their contributions to this release:
- * Noemie Ariste at Catalyst - TL-42082 - Noemie Ariste at Catalyst, Noemie Ariste at Catalyst
Kind regards Release Team
Release 18.11 (22nd October 2024):
Important:
TL-42109 Added a new setting to control whether uploaded HTML files can be viewed in-page when consistent cleaning is disabled
Previously when the consistent cleaning feature was disabled HTML files could be
uploaded to File activities and directly viewed/linked in the page. This is a
security risk, and so a change was made in TL-38232 which disabled this
behaviour. However this change broke some sites using File resources or custom
code to upload custom HTML content in the site.
With this change we are introducing the configuration option
{{$CFG->allow_inline_uploaded_html = 1;}} which when set will revert back to the
previous behaviour, allowing HTML files to be loaded without force downloads,
for those sites that use custom content. We do not recommend using this flag
unless it is critical to your site's operation. If enabled it will appear as a
warning in the sites security report.
TL-40710 Added tool_usagedata (Product Usage Analytics) to Totara
Product Usage Analytics (usagedata) is an analytics tool used by Totara to
collect and query usage data of Totara instances to be used to improve the
product.
Collected data will never include personally identifiable information (PII) or
sensitive data. All data is anonymous other than:
* The site identifier: Used to allow us to identify subsequent usage statistics
sent from this site.
* The site’s URL: Used to allow us to match the site's usage data to a
subscription. This is only used should we identify an issue with your site and
need to contact you.
For the full list of data collected by Product Usage Analytics, see the overview
page (Quick Access Menu > System Information > Collect Usage Data)
Performance improvements:
TL-40865 Resolved issue where unnecessary updates were executed for course completion aggregation
TL-41684 Refactored the mod_approval dashboard N/A filter for better performance
TL-41704 Updated the update_record_of_learning_task task to split the queries up so the tables will not be locked for very long
TL-41867 Added missing indexes on notifications and message_metadata tables
Without these table indexes, notifications and message_metadata were performing
full table scans when retrieving read notifications which could cause
performance problems on larger sites.
TL-41965 Updated the capability map generator for approval workflows to reduce the number of table joins
TL-42082 Fixed the 'XSS trusted users security' report to run faster
Improvements:
TL-41288 Improved approval workflow administration options menu by grouping similar items together
Grouped the options in the dropdown menu.
Bug fixes:
TL-40389 Fixed an error when awarding a badge that includes over 60 courses in the criteria
TL-40400 Fixed a UI issue on your library where add resource button was not respecting engage/article:create and engage/survey:create capability
TL-40940 Fixed a case where course cards in Engage were not updating when a course's name was changed
TL-41051 Fixed a problem where an audience could not be cloned
TL-41052 Fixed export of audience's enrolled learning to files
TL-41727 Fixed a problem where the playlist count would be wrong when more than one course is added to a playlist
The underlying issue was caused by duplicate resource records in a playlist.
Playlists are only allowed to have one instance of any given resource, and this
requirement is now enforced at the API level. Duplicates were not displayed
previously.
Duplicate resources will be removed from all playlists on upgrade, and any
impacted playlists will also have their counts reset.
TL-41831 Fixed a problem where an error could appear on approval workflow dashboards when multiple workflow types exist
TL-41858 Fixed uploading subtitles to videos in weka editor
TL-41935 Fixed program enrolment cohort rule with multiple assignments
When a user was assigned by more than one method, the rule excluded the user.
TL-41941 Updated MS Teams bot to provide a valid response to 'help,' 'sign in', 'sign out' command typed in lowercase or uppercase or a combination of both.
TL-41964 Resolved the issue of report builder exports becoming unresponsive
When the report builder encountered an exception during export, it could enter
an infinite loop instead of returning the exception and completing execution,
leading to degraded application performance. This issue was caused by the
ob_gzhandler output buffer not reducing the buffer level to 0 when cleared. The
fix now checks the buffer level during each clean cycle and exits early if the
level is not reduced.
TL-42002 Fixed a problem where suspended tenants were not handled on login correctly with OAuth2
TL-42047 Fixed a problem where a login page error could get lost when the redirect to SSO option is enabled
TL-42193 Fixed caption track not being passed to video in some situations
Technical changes:
TL-41506 Coding style in language strings has been fixed and strings have been alphabetically ordered
Contributions:
* Noemie Ariste at Catalyst - TL-42082
Release 17.24 (22nd October 2024):
Important:
TL-42109 Added a new setting to control whether uploaded HTML files can be viewed in-page when consistent cleaning is disabled
Previously when the consistent cleaning feature was disabled HTML files could be
uploaded to File activities and directly viewed/linked in the page. This is a
security risk, and so a change was made in TL-38232 which disabled this
behaviour. However this change broke some sites using File resources or custom
code to upload custom HTML content in the site.
With this change we are introducing the configuration option
{{$CFG->allow_inline_uploaded_html = 1;}} which when set will revert back to the
previous behaviour, allowing HTML files to be loaded without force downloads,
for those sites that use custom content. We do not recommend using this flag
unless it is critical to your site's operation. If enabled it will appear as a
warning in the sites security report.
TL-40710 Added tool_usagedata (Product Usage Analytics) to Totara
Product Usage Analytics (usagedata) is an analytics tool used by Totara to
collect and query usage data of Totara instances to be used to improve the
product.
Collected data will never include personally identifiable information (PII) or
sensitive data. All data is anonymous other than:
* The site identifier: Used to allow us to identify subsequent usage statistics
sent from this site.
* The site’s URL: Used to allow us to match the site's usage data to a
subscription. This is only used should we identify an issue with your site and
need to contact you.
For the full list of data collected by Product Usage Analytics, see the overview
page (Quick Access Menu > System Information > Collect Usage Data)
Performance improvements:
TL-42082 Fixed the 'XSS trusted users security' report to run faster
Bug fixes:
TL-40389 Fixed an error when awarding a badge that includes over 60 courses in the criteria
TL-41858 Fixed uploading subtitles to videos in weka editor
TL-41935 Fixed program enrolment cohort rule with multiple assignments
When a user was assigned by more than one method, the rule excluded the user.
TL-41941 Updated MS Teams bot to provide a valid response to 'help,' 'sign in', 'sign out' command typed in lowercase or uppercase or a combination of both.
TL-42002 Fixed a problem where suspended tenants were not handled on login correctly with OAuth2
TL-42193 Fixed caption track not being passed to video in some situations
Contributions:
* Noemie Ariste at Catalyst - TL-42082
Release 16.30 (22nd October 2024):
Important:
TL-42109 Added a new setting to control whether uploaded HTML files can be viewed in-page when consistent cleaning is disabled
Previously when the consistent cleaning feature was disabled HTML files could be
uploaded to File activities and directly viewed/linked in the page. This is a
security risk, and so a change was made in TL-38232 which disabled this
behaviour. However this change broke some sites using File resources or custom
code to upload custom HTML content in the site.
With this change we are introducing the configuration option
{{$CFG->allow_inline_uploaded_html = 1;}} which when set will revert back to the
previous behaviour, allowing HTML files to be loaded without force downloads,
for those sites that use custom content. We do not recommend using this flag
unless it is critical to your site's operation. If enabled it will appear as a
warning in the sites security report.
TL-40710 Added tool_usagedata (Product Usage Analytics) to Totara
Product Usage Analytics (usagedata) is an analytics tool used by Totara to
collect and query usage data of Totara instances to be used to improve the
product.
Collected data will never include personally identifiable information (PII) or
sensitive data. All data is anonymous other than:
* The site identifier: Used to allow us to identify subsequent usage statistics
sent from this site.
* The site’s URL: Used to allow us to match the site's usage data to a
subscription. This is only used should we identify an issue with your site and
need to contact you.
For the full list of data collected by Product Usage Analytics, see the overview
page (Quick Access Menu > System Information > Collect Usage Data)
TL-40389 Fixed an error when awarding a badge that includes over 60 courses in the criteria
TL-41941 Updated MS Teams bot to provide a valid response to 'help,' 'sign in', 'sign out' command typed in lowercase or uppercase or a combination of both.
TL-42002 Fixed a problem where suspended tenants were not handled on login correctly with OAuth2
Release 15.36 (22nd October 2024):
Important:
TL-42109 Added a new setting to control whether uploaded HTML files can be viewed in-page when consistent cleaning is disabled
Previously when the consistent cleaning feature was disabled HTML files could be
uploaded to File activities and directly viewed/linked in the page. This is a
security risk, and so a change was made in TL-38232 which disabled this
behaviour. However this change broke some sites using File resources or custom
code to upload custom HTML content in the site.
With this change we are introducing the configuration option
{{$CFG->allow_inline_uploaded_html = 1;}} which when set will revert back to the
previous behaviour, allowing HTML files to be loaded without force downloads,
for those sites that use custom content. We do not recommend using this flag
unless it is critical to your site's operation. If enabled it will appear as a
warning in the sites security report.
TL-40710 Added tool_usagedata (Product Usage Analytics) to Totara
Product Usage Analytics (usagedata) is an analytics tool used by Totara to
collect and query usage data of Totara instances to be used to improve the
product.
Collected data will never include personally identifiable information (PII) or
sensitive data. All data is anonymous other than:
* The site identifier: Used to allow us to identify subsequent usage statistics
sent from this site.
* The site’s URL: Used to allow us to match the site's usage data to a
subscription. This is only used should we identify an issue with your site and
need to contact you.
For the full list of data collected by Product Usage Analytics, see the overview
page (Quick Access Menu > System Information > Collect Usage Data)
TL-41941 Updated MS Teams bot to provide a valid response to 'help,' 'sign in', 'sign out' command typed in lowercase or uppercase or a combination of both.
Release 14.41 (22nd October 2024):
Important:
TL-42109 Added a new setting to control whether uploaded HTML files can be viewed in-page when consistent cleaning is disabled
Previously when the consistent cleaning feature was disabled HTML files could be
uploaded to File activities and directly viewed/linked in the page. This is a
security risk, and so a change was made in TL-38232 which disabled this
behaviour. However this change broke some sites using File resources or custom
code to upload custom HTML content in the site.
With this change we are introducing the configuration option
{{$CFG->allow_inline_uploaded_html = 1;}} which when set will revert back to the
previous behaviour, allowing HTML files to be loaded without force downloads,
for those sites that use custom content. We do not recommend using this flag
unless it is critical to your site's operation. If enabled it will appear as a
warning in the sites security report.
TL-40710 Added tool_usagedata (Product Usage Analytics) to Totara
Product Usage Analytics (usagedata) is an analytics tool used by Totara to
collect and query usage data of Totara instances to be used to improve the
product.
Collected data will never include personally identifiable information (PII) or
sensitive data. All data is anonymous other than:
* The site identifier: Used to allow us to identify subsequent usage statistics
sent from this site.
* The site’s URL: Used to allow us to match the site's usage data to a
subscription. This is only used should we identify an issue with your site and
need to contact you.
For the full list of data collected by Product Usage Analytics, see the overview
page (Quick Access Menu > System Information > Collect Usage Data)
TL-41941 Updated MS Teams bot to provide a valid response to 'help,' 'sign in', 'sign out' command typed in lowercase or uppercase or a combination of both.
Release 13.49 (22nd October 2024):
Important:
TL-42109 Added a new setting to control whether uploaded HTML files can be viewed in-page when consistent cleaning is disabled
Previously when the consistent cleaning feature was disabled HTML files could be
uploaded to File activities and directly viewed/linked in the page. This is a
security risk, and so a change was made in TL-38232 which disabled this
behaviour. However this change broke some sites using File resources or custom
code to upload custom HTML content in the site.
With this change we are introducing the configuration option
{{$CFG->allow_inline_uploaded_html = 1;}} which when set will revert back to the
previous behaviour, allowing HTML files to be loaded without force downloads,
for those sites that use custom content. We do not recommend using this flag
unless it is critical to your site's operation. If enabled it will appear as a
warning in the sites security report.
TL-40710 Added tool_usagedata (Product Usage Analytics) to Totara
Product Usage Analytics (usagedata) is an analytics tool used by Totara to
collect and query usage data of Totara instances to be used to improve the
product.
Collected data will never include personally identifiable information (PII) or
sensitive data. All data is anonymous other than:
* The site identifier: Used to allow us to identify subsequent usage statistics
sent from this site.
* The site’s URL: Used to allow us to match the site's usage data to a
subscription. This is only used should we identify an issue with your site and
need to contact you.
For the full list of data collected by Product Usage Analytics, see the overview
page (Quick Access Menu > System Information > Collect Usage Data)
Bug fixes:
TL-41941 Updated MS Teams bot to provide a valid response to 'help,' 'sign in', 'sign out' command typed in lowercase or uppercase or a combination of both.
(Edited by Simon Coggins - original submission Tuesday, 22 October 2024, 5:24 PM)