Hello everyone,
The following versions of Totara have now been released:
- Release 19.0.6
- Release 18.19
- Release 17.32
- Release 16.38
- Release 15.44
- Release 14.49
- Release 13.57
- Release 12.74
- Release 11.74
- Release 10.76
- Release 9.82
These versions do contain security fixes, and for this reason we strongly recommend upgrade.
Each release also includes various bug fixes and improvements.
Kind regards Release Team
Release 19.0.6 (25th June 2025):
Security issues:
TL-44468 Backported MDL-84473: Fixed a security problem with EQUELLA repository (CVE-2025-3642)
TL-45240 Disabled caching on the login page (CVE-2025-49513)
TL-45250 Fixed external API's disable introspection setting
Performance improvements:
TL-43676 Improved performance of menu item checks for course category and content marketplace administration
Bug fixes:
TL-40822 Fixed an issue where the seminar signups report was containing duplicate records for session attendance
TL-41712 Fixed page layout in some situations with the Pathway course format
TL-44289 Fixed an issue on some browsers where reloading the page would incorrectly show a form resubmission warning
TL-44376 Fixed an accessibility issue by removing menu bar roles on the legacy primary navigation
TL-44377 Fixed a bug when SAML metadata was signed
In previous versions if you enabled the “Sign metadata” option, the
signature would be applied and then the metadata would be formatted. The act of
formatting the metadata though would change the signature and invalidate it.
With this fix when the metadata is signed we no longer format it for visibility,
leaving it as it was exactly when signed.
TL-44597 Updated JMeter script
TL-44679 Added missing ARIA attributes on grid catalog details popover
TL-44788 Added userdata classes for AI interactions
TL-45007 Fixed a problem when installing Totara without the openssl extension
TL-45036 Courses set to the Single Activity format are now available in the Recently Viewed block
TL-45125 Updated mobile language strings to match current app requirements
TL-44375 Fixed a bug where the user profile picture was unintentionally visible to screen readers
TL-44378 Changed the parent container role from 'log' to 'list' to properly contain message items with role 'listitem'
TL-44380 Updated ARIA attributes for message, notification, and admin menu popovers
Technical changes:
TL-43993 New OAuth2 issuers will be encrypted when created
TL-44831 Added Encrypt & TrustServerCertificate options for MSSQL PHPUnit tests
Release 18.19 (25th June 2025):
Security issues:
TL-44468 Backported MDL-84473: Fixed a security problem with EQUELLA repository (CVE-2025-3642)
TL-45240 Disabled caching on the login page (CVE-2025-49513)
Performance improvements:
TL-43676 Improved performance of menu item checks for course category and content marketplace administration
Bug fixes:
TL-40822 Fixed an issue where the seminar signups report was containing duplicate records for session attendance
TL-44376 Fixed an accessibility issue by removing menu bar roles on the legacy primary navigation
TL-44377 Fixed a bug when SAML metadata was signed
In previous versions if you enabled the “Sign metadata” option, the
signature would be applied and then the metadata would be formatted. The act of
formatting the metadata though would change the signature and invalidate it.
With this fix when the metadata is signed we no longer format it for visibility,
leaving it as it was exactly when signed.
TL-44679 Added missing ARIA attributes on grid catalog details popover
TL-44788 Added userdata classes for AI interactions
TL-45007 Fixed a problem when installing Totara without the openssl extension
TL-45125 Updated mobile language strings to match current app requirements
TL-44375 Fixed a bug where the user profile picture was unintentionally visible to screen readers
TL-44378 Changed the parent container role from 'log' to 'list' to properly contain message items with role 'listitem'
TL-44380 Updated ARIA attributes for message, notification, and admin menu popovers
Technical changes:
TL-43993 New OAuth2 issuers will be encrypted when created
Release 17.32 (25th June 2025):
Security issues:
TL-44468 Backported MDL-84473: Fixed a security problem with EQUELLA repository (CVE-2025-3642)
TL-45240 Disabled caching on the login page (CVE-2025-49513)
Bug fixes:
TL-40822 Fixed an issue where the seminar signups report was containing duplicate records for session attendance
TL-45125 Updated mobile language strings to match current app requirements
TL-44375 Fixed a bug where the user profile picture was unintentionally visible to screen readers
Release 16.38 (25th June 2025):
Security issues:
TL-44468 Backported MDL-84473: Fixed a security problem with EQUELLA repository (CVE-2025-3642)
TL-45240 Disabled caching on the login page (CVE-2025-49513)
Bug fixes:
TL-40822 Fixed an issue where the seminar signups report was containing duplicate records for session attendance
TL-45125 Updated mobile language strings to match current app requirements
TL-44375 Fixed a bug where the user profile picture was unintentionally visible to screen readers
Release 15.44 (25th June 2025):
Security issues:
TL-44468 Backported MDL-84473: Fixed a security problem with EQUELLA repository (CVE-2025-3642)
TL-45240 Disabled caching on the login page (CVE-2025-49513)
Bug fixes:
TL-45125 Updated mobile language strings to match current app requirements
Release 14.49 (25th June 2025):
Security issues:
TL-44468 Backported MDL-84473: Fixed a security problem with EQUELLA repository (CVE-2025-3642)
TL-45240 Disabled caching on the login page (CVE-2025-49513)
Bug fixes:
TL-44375 Fixed a bug where the user profile picture was unintentionally visible to screen readers
Release 13.57 (25th June 2025):
Security issues:
TL-44468 Backported MDL-84473: Fixed a security problem with EQUELLA repository (CVE-2025-3642)
TL-45240 Disabled caching on the login page (CVE-2025-49513)
Bug fixes:
TL-44375 Fixed a bug where the user profile picture was unintentionally visible to screen readers
Release 12.74 (25th June 2025):
Security issues:
TL-44468 Backported MDL-84473: Fixed a security problem with EQUELLA repository (CVE-2025-3642)
TL-45240 Disabled caching on the login page (CVE-2025-49513)
Release 11.74 (25th June 2025):
Security issues:
TL-44468 Backported MDL-84473: Fixed a security problem with EQUELLA repository (CVE-2025-3642)
TL-45240 Disabled caching on the login page (CVE-2025-49513)
Release 10.76 (25th June 2025):
Security issues:
TL-44468 Backported MDL-84473: Fixed a security problem with EQUELLA repository (CVE-2025-3642)
TL-45240 Disabled caching on the login page (CVE-2025-49513)
Release 9.82 (25th June 2025):
Security issues:
TL-44468 Backported MDL-84473: Fixed a security problem with EQUELLA repository (CVE-2025-3642)
TL-45240 Disabled caching on the login page (CVE-2025-49513)