Totara Release Notes

Totara TXP 18.13, 17.26, 16.32, 15.38, 14.43, 13.51, 12.68, 11.68, 10.70 and 9.76 are now available

 
David Curry (Core Developer)
Totara TXP 18.13, 17.26, 16.32, 15.38, 14.43, 13.51, 12.68, 11.68, 10.70 and 9.76 are now available
von David Curry (Core Developer) – Wednesday, 18 December 2024, 8:50 PM
Gruppe Totara
Hello everyone,

The following versions of Totara have now been released:

These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes various bug fixes and improvements.

Kind regards Release Team

Release 18.13 (19th December 2024):

Important:

    TL-42161       Added new setting, 'Allow page caching' to the HTTP Security settings page

                   All sites now by default disable back/forward button caching, which prevents the
                   page from loading after logout from the cache. To allow pages to take advantage
                   of back/forward button caching again, the setting ‘Allow page caching’ can
                   be enabled.
                   
                   We recommend leaving this off as page caching may expose personal information on
                   shared devices.


Security issues:

    TL-40609       Added additional sanitising when opening the equation editor (CVE-2024-33997)
    TL-42641       Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
    TL-42912       Fixed cross-site scripting issue when editing topics format section titles

Performance improvements:

    TL-40445       Improved the performance when saving a course or category

                   When saving a course or category on a site with a large number of courses, it
                   may take a while to proceed due to the fact that every course and category are
                   re-sorted. With this change only the relevant courses and categories are
                   resaved.

                   Additionally there is an optional scheduled task that runs weekly to re-sort
                   every course and category on the site using the old method, however this must be
                   enabled specifically with the ‘Use legacy course sort order’ setting.


Improvements:

    TL-41880       Improved the efficiency of the approval workflows role map by limiting it to relevant contexts only

Bug fixes:

    TL-37500       Prevented removing options from several multi-option quiz questions once answers are recorded

                   It is no longer possible to reduce the total number of options for ‘Select
                   missing words’, ‘Drag and drop into text’, ‘Drag and drop markers’ and
                   ‘Drag and drop onto image’ quiz question types if answers have already been
                   recorded by one or more learners. Before this change, it was possible to remove
                   an answer option, which made the answers provided by learners invalid.

    TL-40750       Hid the back link on the pathway course page for guests when guest access is disabled
    TL-41755       Added aria-label to enrol button in course user enrolment modal
    TL-42305       Fixed version information Product Usage Analytics export class

                   Previously, the version.php class was not exporting the Totara version
                   information because it was not correctly loading the root version.php file.

    TL-42436       Fixed link to the course completion report after uploading completion records
    TL-42525       Fixed an issue where the raw language string appeared at the page title in approval workflows

                   The raw language string ‘{$a->name}’ will no longer be shown as the page
                   title of the override confirm page of approval workflows.


Release 17.26 (19th December 2024):

Security issues:

    TL-40609       Added additional sanitising when opening the equation editor (CVE-2024-33997)
    TL-42641       Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
    TL-42912       Fixed cross-site scripting issue when editing topics format section titles

Bug fixes:

    TL-37500       Prevented removing options from several multi-option quiz questions once answers are recorded

                   It is no longer possible to reduce the total number of options for ‘Select
                   missing words’, ‘Drag and drop into text’, ‘Drag and drop markers’ and
                   ‘Drag and drop onto image’ quiz question types if answers have already been
                   recorded by one or more learners. Before this change, it was possible to remove
                   an answer option, which made the answers provided by learners invalid.

    TL-42305       Fixed version information Product Usage Analytics export class

                   Previously, the version.php class was not exporting the Totara version
                   information because it was not correctly loading the root version.php file.

    TL-42436       Fixed link to the course completion report after uploading completion records

Release 16.32 (19th December 2024):

Security issues:

    TL-40609       Added additional sanitising when opening the equation editor (CVE-2024-33997)
    TL-42641       Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
    TL-42912       Fixed cross-site scripting issue when editing topics format section titles

Bug fixes:

    TL-37500       Prevented removing options from several multi-option quiz questions once answers are recorded

                   It is no longer possible to reduce the total number of options for ‘Select
                   missing words’, ‘Drag and drop into text’, ‘Drag and drop markers’ and
                   ‘Drag and drop onto image’ quiz question types if answers have already been
                   recorded by one or more learners. Before this change, it was possible to remove
                   an answer option, which made the answers provided by learners invalid.

    TL-42305       Fixed version information Product Usage Analytics export class

                   Previously, the version.php class was not exporting the Totara version
                   information because it was not correctly loading the root version.php file.

    TL-42436       Fixed link to the course completion report after uploading completion records

Release 15.38 (19th December 2024):

Security issues:

    TL-40609       Added additional sanitising when opening the equation editor (CVE-2024-33997)
    TL-42641       Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
    TL-42912       Fixed cross-site scripting issue when editing topics format section titles

Bug fixes:

    TL-37500       Prevented removing options from several multi-option quiz questions once answers are recorded

                   It is no longer possible to reduce the total number of options for ‘Select
                   missing words’, ‘Drag and drop into text’, ‘Drag and drop markers’ and
                   ‘Drag and drop onto image’ quiz question types if answers have already been
                   recorded by one or more learners. Before this change, it was possible to remove
                   an answer option, which made the answers provided by learners invalid.

    TL-40716       Backport of TL-36431 - Fixed inline seminar editing updating calendar entries for all seminar events
    TL-42305       Fixed version information Product Usage Analytics export class

                   Previously, the version.php class was not exporting the Totara version
                   information because it was not correctly loading the root version.php file.

    TL-42436       Fixed link to the course completion report after uploading completion records

Release 14.43 (19th December 2024):

Security issues:

    TL-40609       Added additional sanitising when opening the equation editor (CVE-2024-33997)
    TL-42641       Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
    TL-42912       Fixed cross-site scripting issue when editing topics format section titles

Bug fixes:

    TL-42305       Fixed version information Product Usage Analytics export class

                   Previously, the version.php class was not exporting the Totara version
                   information because it was not correctly loading the root version.php file.

    TL-42436       Fixed link to the course completion report after uploading completion records

Release 13.51 (19th December 2024):

Security issues:

    TL-40609       Added additional sanitising when opening the equation editor (CVE-2024-33997)
    TL-42641       Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
    TL-42912       Fixed cross-site scripting issue when editing topics format section titles

Bug fixes:

    TL-42305       Fixed version information Product Usage Analytics export class

                   Previously, the version.php class was not exporting the Totara version
                   information because it was not correctly loading the root version.php file.

    TL-42436       Fixed link to the course completion report after uploading completion records

Release 12.68 (19th December 2024):

Security issues:

    TL-40609       Added additional sanitising when opening the equation editor (CVE-2024-33997)
    TL-42641       Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
    TL-42912       Fixed cross-site scripting issue when editing topics format section titles

Release 11.68 (19th December 2024):

Security issues:

    TL-40609       Added additional sanitising when opening the equation editor (CVE-2024-33997)
    TL-42641       Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
    TL-42912       Fixed cross-site scripting issue when editing topics format section titles

Release 10.70 (19th December 2024):

Security issues:

    TL-40609       Added additional sanitising when opening the equation editor (CVE-2024-33997)
    TL-42641       Fixed a vulnerability with the TCPDF library (CVE-2024-51058)
    TL-42912       Fixed cross-site scripting issue when editing topics format section titles

Release 9.76 (19th December 2024):

Security issues:

    TL-40609       Added additional sanitising when opening the equation editor (CVE-2024-33997)
    TL-42641       Fixed a vulnerability with the TCPDF library (CVE-2024-51058)