Hello everyone,
The following versions of Totara have now been released:
The following versions of Totara have now been released:
- Release 18.13
- Release 17.26
- Release 16.32
- Release 15.38
- Release 14.43
- Release 13.51
- Release 12.68
- Release 11.68
- Release 10.70
- Release 9.76
These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes various bug fixes and improvements.
Kind regards Release Team
Release 18.13 (19th December 2024):
Important:
TL-42161 Added new setting, 'Allow page caching' to the HTTP Security settings page
All sites now by default disable back/forward button caching, which prevents the
page from loading after logout from the cache. To allow pages to take advantage
of back/forward button caching again, the setting ‘Allow page caching’ can
be enabled.
We recommend leaving this off as page caching may expose personal information on
shared devices.
Security issues:
TL-40609 Added additional sanitising when opening the equation editor (CVE-2024-33997)
TL-42641 Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
TL-42912 Fixed cross-site scripting issue when editing topics format section titles
Performance improvements:
TL-40445 Improved the performance when saving a course or category
When saving a course or category on a site with a large number of courses, it
may take a while to proceed due to the fact that every course and category are
re-sorted. With this change only the relevant courses and categories are
resaved.
Additionally there is an optional scheduled task that runs weekly to re-sort
every course and category on the site using the old method, however this must be
enabled specifically with the ‘Use legacy course sort order’ setting.
Improvements:
TL-41880 Improved the efficiency of the approval workflows role map by limiting it to relevant contexts only
Bug fixes:
TL-37500 Prevented removing options from several multi-option quiz questions once answers are recorded
It is no longer possible to reduce the total number of options for ‘Select
missing words’, ‘Drag and drop into text’, ‘Drag and drop markers’ and
‘Drag and drop onto image’ quiz question types if answers have already been
recorded by one or more learners. Before this change, it was possible to remove
an answer option, which made the answers provided by learners invalid.
TL-40750 Hid the back link on the pathway course page for guests when guest access is disabled
TL-41755 Added aria-label to enrol button in course user enrolment modal
TL-42305 Fixed version information Product Usage Analytics export class
Previously, the version.php class was not exporting the Totara version
information because it was not correctly loading the root version.php file.
TL-42436 Fixed link to the course completion report after uploading completion records
TL-42525 Fixed an issue where the raw language string appeared at the page title in approval workflows
The raw language string ‘{$a->name}’ will no longer be shown as the page
title of the override confirm page of approval workflows.
Release 17.26 (19th December 2024):
Security issues:
TL-40609 Added additional sanitising when opening the equation editor (CVE-2024-33997)
TL-42641 Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
TL-42912 Fixed cross-site scripting issue when editing topics format section titles
Bug fixes:
TL-37500 Prevented removing options from several multi-option quiz questions once answers are recorded
It is no longer possible to reduce the total number of options for ‘Select
missing words’, ‘Drag and drop into text’, ‘Drag and drop markers’ and
‘Drag and drop onto image’ quiz question types if answers have already been
recorded by one or more learners. Before this change, it was possible to remove
an answer option, which made the answers provided by learners invalid.
TL-42305 Fixed version information Product Usage Analytics export class
Previously, the version.php class was not exporting the Totara version
information because it was not correctly loading the root version.php file.
TL-42436 Fixed link to the course completion report after uploading completion records
Release 16.32 (19th December 2024):
Security issues:
TL-40609 Added additional sanitising when opening the equation editor (CVE-2024-33997)
TL-42641 Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
TL-42912 Fixed cross-site scripting issue when editing topics format section titles
Bug fixes:
TL-37500 Prevented removing options from several multi-option quiz questions once answers are recorded
It is no longer possible to reduce the total number of options for ‘Select
missing words’, ‘Drag and drop into text’, ‘Drag and drop markers’ and
‘Drag and drop onto image’ quiz question types if answers have already been
recorded by one or more learners. Before this change, it was possible to remove
an answer option, which made the answers provided by learners invalid.
TL-42305 Fixed version information Product Usage Analytics export class
Previously, the version.php class was not exporting the Totara version
information because it was not correctly loading the root version.php file.
TL-42436 Fixed link to the course completion report after uploading completion records
Release 15.38 (19th December 2024):
Security issues:
TL-40609 Added additional sanitising when opening the equation editor (CVE-2024-33997)
TL-42641 Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
TL-42912 Fixed cross-site scripting issue when editing topics format section titles
Bug fixes:
TL-37500 Prevented removing options from several multi-option quiz questions once answers are recorded
It is no longer possible to reduce the total number of options for ‘Select
missing words’, ‘Drag and drop into text’, ‘Drag and drop markers’ and
‘Drag and drop onto image’ quiz question types if answers have already been
recorded by one or more learners. Before this change, it was possible to remove
an answer option, which made the answers provided by learners invalid.
TL-40716 Backport of TL-36431 - Fixed inline seminar editing updating calendar entries for all seminar events
TL-42305 Fixed version information Product Usage Analytics export class
Previously, the version.php class was not exporting the Totara version
information because it was not correctly loading the root version.php file.
TL-42436 Fixed link to the course completion report after uploading completion records
Release 14.43 (19th December 2024):
Security issues:
TL-40609 Added additional sanitising when opening the equation editor (CVE-2024-33997)
TL-42641 Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
TL-42912 Fixed cross-site scripting issue when editing topics format section titles
Bug fixes:
TL-42305 Fixed version information Product Usage Analytics export class
Previously, the version.php class was not exporting the Totara version
information because it was not correctly loading the root version.php file.
TL-42436 Fixed link to the course completion report after uploading completion records
Release 13.51 (19th December 2024):
Security issues:
TL-40609 Added additional sanitising when opening the equation editor (CVE-2024-33997)
TL-42641 Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
TL-42912 Fixed cross-site scripting issue when editing topics format section titles
Bug fixes:
TL-42305 Fixed version information Product Usage Analytics export class
Previously, the version.php class was not exporting the Totara version
information because it was not correctly loading the root version.php file.
TL-42436 Fixed link to the course completion report after uploading completion records
Release 12.68 (19th December 2024):
Security issues:
TL-40609 Added additional sanitising when opening the equation editor (CVE-2024-33997)
TL-42641 Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
TL-42912 Fixed cross-site scripting issue when editing topics format section titles
Release 11.68 (19th December 2024):
Security issues:
TL-40609 Added additional sanitising when opening the equation editor (CVE-2024-33997)
TL-42641 Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
TL-42912 Fixed cross-site scripting issue when editing topics format section titles
Release 10.70 (19th December 2024):
Security issues:
TL-40609 Added additional sanitising when opening the equation editor (CVE-2024-33997)
TL-42641 Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
TL-42912 Fixed cross-site scripting issue when editing topics format section titles
Release 9.76 (19th December 2024):
Security issues:
TL-40609 Added additional sanitising when opening the equation editor (CVE-2024-33997)
TL-42641 Fixed a vulnerability with the TCPDF library (CVE-2024-51058)