Hello everyone,
The following versions of Totara have now been released:
- Release 19.0.5
- Release 18.18
- Release 17.31
- Release 16.37
- Release 15.43
- Release 14.48
- Release 13.56
- Release 12.73
- Release 11.73
- Release 10.75
- Release 9.81
These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes various bug fixes and improvements.
Kind regards br> Release Team br>
Release 19.0.5 (23rd May 2025):
Security issues:
TL-44469 Fixed an issue with Dropbox and serialisation (CVE-2025-3641)
Performance improvements:
TL-43188 Improved the performance for mobile completed learning API calls
Previously the completed learning API was fetching the entirety of a users
completed learning, before combining learning types, and paginating. This could
potentially lead to a performance hit for users with large amounts of completed
learning, so we have limited this to the 100 most recently completed items of
each type.
Improvements:
TL-44127 Wrapped update_certification_task operations in a try-catch and transaction block
Previously, the totara_certification\task\update_certification_task scheduled
task would stop processing if a failure occurred for one record. It would not
process the following records.
The next time the task ran, it would try to process the same record again and
possibly fail again. As the records are probably ordered, it means that the
records following the failing record would never be processed.
This patch wraps the operations which might fail in a transaction and catch any
exceptions and continues to the next record.
Bug fixes:
TL-40320 Fixed error on My Goals page caused by duplicates created when 2 operations ran at same time
TL-40827 Fixed learning plan not respecting the global ‘Default role’ or ‘Enrolment period’ settings for new instances
TL-41033 Fixed error when showing custom profile fields that are both locked and required
TL-41222 Fixed an accessibility issue where tabbing would move focus incorrectly on an un-contained dropdown
TL-43569 Excluded instance results where the user does not have access from being shown on the performance activity 'Select participants' page
TL-43825 Fixed rendering of special characters in catalogue block title
TL-44339 Fixed an accessibility issue with colour contrast in the current learning block
Implemented consistent white background for "Sets" with a faint grey border.
TL-44495 Fixed an issue with the positioning of the user tour on inspire theme navigation items
Also added a border radius to the tour popover.
TL-44532 Fixed a bug where the uniform FormField component would have an empty aria-describedby attribute
TL-44653 Fixed a LTI (external tool) authentication issue with JWT
Fixed JWT handling for LTI (Learning Tools Interoperability) authentication to
support strict encoding.
TL-44698 Fixed require passing grade completion criteria not being checked in external tool
TL-44712 Fixed filestore cache so when a file cannot be unserialised it will log a debug message instead of crashing the entire site
TL-44742 Fixed a bug where users who login via SAML were unable to launch LTI activities
TL-40292 Improved accessibility on assignment submission table
Release 18.18 (23rd May 2025):
Security issues:
TL-44469 Fixed an issue with Dropbox and serialisation (CVE-2025-3641)
Improvements:
TL-44127 Wrapped update_certification_task operations in a try-catch and transaction block
Previously, the totara_certification\task\update_certification_task scheduled
task would stop processing if a failure occurred for one record. It would not
process the following records.
The next time the task ran, it would try to process the same record again and
possibly fail again. As the records are probably ordered, it means that the
records following the failing record would never be processed.
This patch wraps the operations which might fail in a transaction and catch any
exceptions and continues to the next record.
Bug fixes:
TL-40320 Fixed error on My Goals page caused by duplicates created when 2 operations ran at same time
TL-40827 Fixed learning plan not respecting the global ‘Default role’ or ‘Enrolment period’ settings for new instances
TL-41033 Fixed error when showing custom profile fields that are both locked and required
TL-43569 Excluded instance results where the user does not have access from being shown on the performance activity 'Select participants' page
TL-44532 Fixed a bug where the uniform FormField component would have an empty aria-describedby attribute
TL-44653 Fixed a LTI (external tool) authentication issue with JWT
Fixed JWT handling for LTI (Learning Tools Interoperability) authentication to
support strict encoding.
TL-44698 Fixed require passing grade completion criteria not being checked in external tool
TL-44712 Fixed filestore cache so when a file cannot be unserialised it will log a debug message instead of crashing the entire site
TL-44742 Fixed a bug where users who login via SAML were unable to launch LTI activities
TL-40292 Improved accessibility on assignment submission table
Release 17.31 (23rd May 2025):
Security issues:
TL-44469 Fixed an issue with Dropbox and serialisation (CVE-2025-3641)
Bug fixes:
TL-40320 Fixed error on My Goals page caused by duplicates created when 2 operations ran at same time
TL-40827 Fixed learning plan not respecting the global ‘Default role’ or ‘Enrolment period’ settings for new instances
TL-41033 Fixed error when showing custom profile fields that are both locked and required
TL-41074 Excluded instance results the user does not have access to shown on the performance activity 'Select participants' page
TL-44653 Fixed a LTI (external tool) authentication issue with JWT
Fixed JWT handling for LTI (Learning Tools Interoperability) authentication to
support strict encoding.
TL-40292 Improved accessibility on assignment submission table
Release 16.37 (23rd May 2025):
Security issues:
TL-44469 Fixed an issue with Dropbox and serialisation (CVE-2025-3641)
Bug fixes:
TL-44653 Fixed a LTI (external tool) authentication issue with JWT
Fixed JWT handling for LTI (Learning Tools Interoperability) authentication to
support strict encoding.
Release 15.43 (23rd May 2025):
Security issues:
TL-44469 Fixed an issue with Dropbox and serialisation (CVE-2025-3641)
Bug fixes:
TL-44653 Fixed a LTI (external tool) authentication issue with JWT
Fixed JWT handling for LTI (Learning Tools Interoperability) authentication to
support strict encoding.
Release 14.48 (23rd May 2025):
Security issues:
TL-44469 Fixed an issue with Dropbox and serialisation (CVE-2025-3641)
Bug fixes:
TL-44653 Fixed a LTI (external tool) authentication issue with JWT
Fixed JWT handling for LTI (Learning Tools Interoperability) authentication to
support strict encoding.
Release 13.56 (23rd May 2025):
Security issues:
TL-44469 Fixed an issue with Dropbox and serialisation (CVE-2025-3641)
Release 12.73 (23rd May 2025):
Security issues:
TL-44469 Fixed an issue with Dropbox and serialisation (CVE-2025-3641)
Release 11.73 (23rd May 2025):
Security issues:
TL-44467 Fixed a potential cross-site scripting situation (CVE-2025-3643)
TL-44469 Fixed an issue with Dropbox and serialisation (CVE-2025-3641)
Release 10.75 (23rd May 2025):
Security issues:
TL-44467 Fixed a potential cross-site scripting situation (CVE-2025-3643)
TL-44469 Fixed an issue with Dropbox and serialisation (CVE-2025-3641)
Release 9.81 (23rd May 2025):
Security issues:
TL-44467 Fixed a potential cross-site scripting situation (CVE-2025-3643)
TL-44469 Fixed an issue with Dropbox and serialisation (CVE-2025-3641)