Totara Release Notes

Totara Suite 20.0.0 is now available

 
Chris Snyder
Totara 20 Technical release notes
by Chris Snyder - Tuesday, 27 January 2026, 4:06 PM
Group Totara

A change management guide for Totara developers and implementers.

This file is included with the Totara source as release_notes.md.

For a description of new features, improvements, and bugs fixed in Totara 20, please start with our change logs in the post above.

Table of contents

System requirements

These are summaries, see our readme for details.

Note that we have started explicitly recommending PostgreSQL as the database for any large enterprise instance of Totara.

  • PHP
    PHP 8.3 is now the recommended version.
    Removed support for PHP 8.1
    Added support for PHP 8.4
    The OpenSSL and Sodium PHP extensions are now required to support encrypted entity attributes and other tokens in the database.
    Additionally, the Excimer and Pspell extensions are recommended to enable realtime performance monitoring and improved catalogue search, respectively.

  • Composer
    Totara install / upgrade now requires Composer unless you are using a distribution which includes a full vendor/ directory. Composer will be installed automatically if it is not found.
    For more details, please see Third-party libraries with Composer

  • PostgreSQL
    PostgreSQL 16 is the recommended version.
    Removed support for PostgreSQL 13
    Added support for PostgreSQL 17

  • MariaDB
    MariaDB 11.4 is the recommended version.
    Removed support for MariaDB 10.5 and 10.6
    Added support for MariaDB 11.8

  • MySQL
    MySQL 8.4 is the recommended version.
    No change in supported versions, still 8.0.1+ and 8.4

  • MSSQL
    MSSQL 15.0 (2019) is the recommended version.
    Removed support for MSSQL 14.0 (2017)
    Added support for MSSQL 16.0 (2022)

  • Node.js
    Minimum version of node.js for building Tui frontend is v20
    Removed support for Node.js v21
    Added support for Node.js v22 and above

  • Web browsers - no change

  • Python
    The Totara Machine Learning service is now packaged and distributed separately.
    Please see readme.md in that repository for system requirements.

Table of contents

Breaking and important code changes

Admin settings tree refactor

core_setting
Settings classes have been moved from adminlib.php to server/lib/classes/setting/setting/, the core\setting\setting namespace. Additionally, the classes have been renamed to strip the admin_setting_ prefix. Plugins written for Totara 19 and below will continue to work, but will trigger debugging notices until settings.php is updated to use the new classes.

Instantiation of the admin menu has been optimized by converting select, and multi-choice type settings to lazy-load their options.
Custom select and multi-choice settings classes should also be changed to also lazy load.

'Recommended for you' block improvements

block_totara_recommendations
The recommendation block has been updated to use Tui components, to match the explore catalogue.

Note that existing 'Recommended for you' block instances with the type set to 'Trending' are converted to Trending blocks on upgrade.

If you rely on custom catalogue learning item types, see the implementation note in server/blocks/totara_recommendations/upgrade.txt

Embedded reports may not be used in report blocks

block_totara_report_graph
block_totara_report_table
The 'Report table' and 'Report graph' blocks no longer display embedded reports.

Acceptance and encryption of stored secrets

core Secrets stored in the Totara database, such as virtual meeting API keys and HR Import remote database passwords, will now be encrypted using the system encryption key. Existing values are not updated; they remain in cleartext until the next time the value is changed/saved.

The functions optional_param(), optional_param_array(), required_param(), and required_param_array() now accept a new optional boolean parameter: secure_retrieval (default: false). When set to true, the parameter ensures values are only retrieved using secure sources (e.g., avoiding GET parameters). This is intended for use when handling sensitive information such as tokens, passwords, or other secure request data.

MongoDB cachestore plugin removed

cachestore_mongodb has been removed as it is not compatible with PHP 7+ and PHP 8+

Basic goal type (Perform goal)

goaltype_basic
Moved client/components/manage/PerformGoalActionModalCreate.vue to client/components/manage/create/CreateManual.vue

AI subsystem

core_ai
The AI plugin framework has been refactored (in Totara 19.1.0), and plugins will need to be updated to continue working with it. If you rely on custom AI plugins in Totara 19.0 or earlier, please see server/integrations/ai/upgrade.txt for details.

OpenAI connector

ai_openai
The class ai_openai\feature\gen_prompt has been renamed ai_openai\feature\generative_prompt.

Multifactor authentication

core_mfa
MFA plugins must now use mfa::require_editing_user_id() instead of $USER->id in order to support forced registration as part of the login process.

Machine Learning Service changes

The Python recommender service extensions/ml_service has been moved out of the Totara Suite distribution, and is available as a supported extension from a new git repository.

The deprecated Python recommendation engine extensions/ml_recommender has been deleted.

The ml_recommender plugin has been extensively refactored to remove support for the extensions/ml_recommender extension.

Approval workflows

mod_approval
Approvalform plugins or other customizations that rely on $workflow_stage->name should be refactored to use $workflow_stage->scripting_id to be resilient to stage name changes or localisations.

On upgrade, all workflow stages have their scripting_id set to their current stage name.

Feedback activity

mod_feedback
Parameters of feedback_item_base::excelprint_item() have changed and are now strongly typed.

Performance activities

mod_perform
Altered the existing Totara notification participant_reopen_activity to exclude external respondents as recipients.

Added a new Totara notification participant_reopen_activity_for_external_respondent for external respondents only, to display placeholders correctly.

Manual competency rating

pathway_manual
Abstract class pathway_manual\models\roles\role changed the signature of the apply_role_restriction_to_builder() abstract method.
Any custom classes extending this rating role base class should be updated accordingly.

Course logs report

report_log
The report_log_usercourse() function signature has changed, see server/report/upgrade.txt for details.

Inspire theme

theme_inspire
Updated Navigation.vue to show collapse/expand button on hover/focus, and switched to action icon.

Audiences

totara_cohort
Dynamic audience configuration is now implemented in GraphQL and Tui, and the legacy interface is deprecated.

Totara core

totara_core
The learning items completed() function will now only return the 100 most-recently-completed records.

Totara forms

totara_form
server/totara/form/templates/element_filemanager.mustache has changed to use totara_form/validation_errors.

Mobile app support

totara_mobile
mobile_findlearning
Added new App download URL setting to redirect users to the correct URL. The urlscheme setting was previously set to the app download URL; it should be set to 'totara://' instead.

Updated catalog_retrieval::get_page_of_objects() to use the parent version and instead use catalog_retrieval::get_page() for mobile specific overrides.

Updated Graphql query mobile_findlearning_filter_catalog to mobile_findlearning_filter_catalog_v2.

Learning plans

totara_plan
In rb_source_dp_certification, the certifpath column and filter have been removed. This property is no longer used.

Report builder

totara_report
Reports are now exported in the background by default, using adhoc tasks.

  • Report sources can opt-out of background export by setting the $allow_background on the $report->export_data() function to false.
  • The \rb_config::set_embeddata() method should only be provided simple scalar values (or arrays/nulls) - anything that can be fed into json_encode(). This is because the values will be serialized and preserved for the background export to run. If a PHP object is passed in, a debugging message will be triggered and the report will export in the foreground instead. To ignore this restriction, set the $allow_background option on $report->export_data to false.

'PDF portrait export (wkhtml2pdf)' tabexport_wkpdfportrait and 'PDF landscaoe export (wkhtml2pdf)' tabexport_wkpdflandscape have been removed as output formats, because wkhtml2pdf is no longer supported.

Certifications and Programs

totara_certification
totara_program
The architecture of certifications and programs has changed to allow for multiple completion paths.

  • The certifpath property is no longer used. Totara functions will no longer update the property as expected. For example, if a user certifies, the property will not be updated to CERTIFPATH_RECERT. Any custom code which uses this field or property should be rewritten to use the new progpathid property instead.
  • Coursesets are now assigned to a prog_path with each certification able to support multiple paths
  • Table fields named certifpath have been abandoned, and will no longer be updated by core.
  • All server/totara/certification/lib.php functions are deprecated and refactored into classes.
  • The business logic for managing and displaying certification and program content has been refactored, and there are a number of function and class methods that will throw an exception if called.
  • The configuration interface for programs and certifications has been combined and exists in totara_program. A program is a certification with one and only one path.
  • See server/totara/certification/upgrade.txt and server/totara/program/upgrade.txt for a comprehensive list of breaking changes and deprecations.

The learner view of certifications and programs is now rendered using Tui components, and the legacy user interface is deprecated.

Parts of the certification and program admin experience have also been upgraded to Tui.

Tui components

totara_tui
Updated NotificationBanner and NotificationToast to treat the message prop as plain text instead of HTML, unless it is TrustedHtml.
This also affects the notify() API from tui/notifications, as that renders NotificationToast.

Updated LearningCard action wrapper to show/hide using opacity instead of display: none.

Core user

core_user
User custom field checkboxes now treat unchecked and unspecified differently. Previously blank & undefined would return a 0, now undefined returns a 2 which evaluates to an empty string in the display function. This is so a user not checking the box can be distinguished from a user never having the option to check the box.

Custom user profile field definitions are now cached.
Any custom code that creates, edits, or deletes custom user profile fields will need to be updated to ensure caches are purged after these actions.

Legacy (Moodle) webservices

core_webservice
Authentication credentials for legacy webservices must be provided via POST. Passing them as GET parameters is no longer supported.

Additional core changes of note

core

  • Added new method \core_dml\moodle_database::get_size() to retrieve database size. Must be implemented by all DML classes.
  • \moodle_url is now serializable by json_encode
  • \curl->get_errno() now returns the constant CURLE_COULDNT_RESOLVE_HOST if the host is blocked instead of 0.
  • \core\files\curl_security_helper_base has a new required method, get_resolve_info().
  • Added \core\file_format\spreadsheet\writer\xlsx_writer to replace excellib/MoodleExcelWorkbook
  • Cleaning JSON_EDITOR content on input is no longer necessary. Rendering it is now always safe, regardless of what it contains.
  • The E_STRICT constant has been removed, as it is deprecated in PHP 8.4. Please ensure there are no remaining references in your code.
    If you previously hard-coded $CFG->debug to a numeric value (e.g., 32767), update it to use the appropriate constants that are compatible with supported PHP error levels.
  • Scripts injected by $CFG->customscripts will now execute after the IP blocker, maintenance page checks, and after_config hook.

Table of contents

GraphQL API

Changes to external API

  • The mutation tool_diagnostic_run_diagnostics was inoperative via the external API for security reasons, so was removed. It still exists in the AJAX API.
  • The coursesets field on both totara_certification_certification and totara_program_program is now not required to exist (may be null).
  • New field suggestion has been added to type totara_catalog_items_result, which contains a suggested alternative search term if a misspelling was detected.
  • New field timemodified has been added to types totara_hierarchy_organisation, totara_hierarchy_position, and totara_hierarchy_item.

For full documentation of the Totara 20.0 external API, see https://graphql-schema.totara.com/docs/totara-20.0.html

New capabilities added to the API User role archetype

totara/hierarchy:vieworganisationframeworks
totara/hierarchy:viewpositionframeworks
totara/certification:viewhiddencertifications
totara/program:configureassignments
totara/program:viewhiddenprograms
mod/assign:view
mod/certificate:view
mod/data:view
mod/facetoface:viewallsessions
mod/facetoface:signup
mod/facetoface:view
mod/feedback:view
mod/glossary:view
mod/lti:view
mod/quiz:view
mod/scorm:view

New external API queries & mutations

Programs and Certifications APIs

New queries and mutations were added for working with certificatons and programs via external API.

Note that the queries suffixed _v2 did not have previous external versions; the "v1" queries were internal (AJAX) only.

  • totara_certification_certification_v2
    Query to return a specific certification, given its reference.
  • totara_certification_certifications_v2
    Returns all certifications matching the given query parameters
  • totara_certification_groups
    Get a selection of groups
  • totara_certification_group_enrol (mutation)
    Enrol a user into a certification group

  • totara_certification_group_unenrol (mutation)
    Unenrol a user from a certification group

  • totara_program_program_v2
    Query to return a specific program, given its reference.

  • totara_program_programs_v2
    Returns all programs matching the given query parameters
  • totara_program_groups
    Get a selection of groups
  • totara_program_group_enrol (mutation)
    Enrol a user into a program group
  • totara_program_group_unenrol (mutation)
    Unenrol a user from a program group

Report builder API

  • totara_reportbuilder_get_report
    Query to fetch a paginated set of report data.

Seminar events API

  • mod_facetoface_event
    Get a single seminar event.
  • mod_facetoface_events
    Get a list of events.
  • mod_facetoface_event_user_booking
    Gets the user booking for a given seminar event.
  • mod_facetoface_seminar
    Get a single seminar activity's details.
  • mod_facetoface_seminars_in_course
    Get a list of seminar activities within a course.
  • mod_facetoface_event_cancel_user_booking (mutation)
    Cancel a user booking/signup for a seminar event.
  • mod_facetoface_event_create_user_booking (mutation)
    Create a user booking/signup for a seminar event.

Users API

  • core_user_user_v2
    Queries for a specific user in the system and returns its user information if found.
    The original core_user_user query does not allow for a response if the user was not found, and is now deprecated.

API client security update

It is now possible to whitelist API client IP addresses.

Table of contents

New capabilities

Database activity

  • Manage database activity javascript template
    mod/data:manage_jstemplate
    Allows the user to manage the JavaScript template for database course activities. A user with this capability can inject arbitrary JavaScript code in database activity pages. This is not assigned to any default roles.

Certifications – current compliance block

  • Add a new Certifications – current compliance block
    block/compliance_current_report:addinstance
  • Add a new Certifications – current compliance block to the dashboard
    block/compliance_current_report:myaddinstance
    These capabilities are granted to Site manager, Manager, Tenant user manager, and Tenant domain manager on new installations.

Team skill proficiency block

  • Add a new team skill proficiency block
    block/totara_competency_proficiency_gap:addinstance
    This is granted to Site manager on new installations.
    It is granted to roles with the moodle/site:manageblocks capability on upgrade.

  • Add a new team skill proficiency block to the My Learning page
    block/totara_competency_proficiency_gap:myaddinstance
    This is granted to Authenticated user on new installations. It is granted to roles with the moodle/my:manageblocks capability on upgrade.

Trending block

  • Add a new trending block
    block/totara_trending:addinstance
    This is granted to Editing trainer, Site manager, and Tenant domain manager on new installations. It is granted to roles with the moodle/site:manageblocks capability on upgrade.

  • Add a new trending block
    block/totara_trending:myaddinstance
    This is granted to Authenticated user on new installations. It is granted to roles with the moodle/my:manageblocks capability on upgrade.

Certifications

  • View certification compliance
    totara/certification:viewcompliance
    This is granted to Manager, Tenant user manager, and Tenant domain manager on new installations.

  • View all certification compliance
    totara/certification:viewallcompliance
    This is granted to Site manager on new installations.

Totara TUI frontend framework

  • Access samples page
    totara/tui:samples
    The Tui samples page is now restricted to users with capability. This is granted to Site manager on new installations.

Webhooks

  • View Webhooks
    totara/webhook:viewtotara_webhooks
  • Manage Webhooks
    totara/webhook:managetotara_webhooks
    These capabilities are granted to Site manager on new installations.

Competencies / Skills

28 capabilities were renamed while changing 'Competencies' to 'Skills', but they retain their system name. For example, View a competency became View a skill but retains the system name totara/hierarchy:viewcompetency.

The renamed competencies are:

  • Manage HR Import skills tool/totara_sync:managecomp
  • Upload HR Import skills tool/totara_sync:uploadcomp
  • View skill assignments totara/competency:view_assignments
  • Manage skill assignments totara/competency:manage_assignments
  • Assign skill to yourself totara/competency:assign_self
  • Assign skill to other users totara/competency:assign_other
  • View your own skill profile totara/competency:view_own_profile
  • View profile of other users totara/competency:view_other_profile
  • Rate own skills totara/competency:rate_own_competencies
  • Assess skills of other users totara/competency:rate_other_competencies
  • View a skill totara/hierarchy:viewcompetency
  • Create a skill totara/hierarchy:createcompetency
  • Update a skill totara/hierarchy:updatecompetency
  • Delete a skill totara/hierarchy:deletecompetency
  • Create a skill type totara/hierarchy:createcompetencytype
  • Update a skill type totara/hierarchy:updatecompetencytype
  • Delete a skill type totara/hierarchy:deletecompetencytype
  • Create a skill framework totara/hierarchy:createcompetencyframeworks
  • Update a skill framework totara/hierarchy:updatecompetencyframeworks
  • Delete a skill framework totara/hierarchy:deletecompetencyframeworks
  • Create a skill template totara/hierarchy:createcompetencytemplate
  • Update a skill template totara/hierarchy:updatecompetencytemplate
  • Manage skill custom fields totara/hierarchy:competencymanagecustomfield
  • View skill scales totara/hierarchy:viewcompetencyscale
  • Create skill scales totara/hierarchy:createcompetencyscale
  • Update skill scales totara/hierarchy:updatecompetencyscale
  • Delete skill scales totara/hierarchy:deletecompetencyscale
  • View skill frameworks totara/hierarchy:viewcompetencyframeworks

Approval workflows

Note that capability Edit active workflows mod/approval:edit_active_workflow now allows editing of workflow stage name and formviews on active workflows, previously these could only be changed on draft workflows.

Table of contents

New scheduled tasks

Core

Send queued emails to users was added to enable process separation between preparing emails on the server, and sending them via outbound SMTP, which can take a relatively long time.

Deletes old cron task logs from the database cleans up stale records from the new scheduled task log table.

Perform

Synchronize access to performance activities This will go through all subject instances that have been flagged as needing synchronisation. For these, participant instances are created or closed according to current relationships and configuration settings.

Audiences

Cleanup audience preview drafts was added to remove stale records from the new audience preview table.

Report builder

Remove logs entries for report run times was added to remove stale records from the new report running time log table.

The following scheduled tasks were added to support the new background report export feature:

  • Process queued report exports
  • Clean up queued report exports

Totara webhooks

The following scheduled tasks were added to support the new Webhooks subsystem:

  • Totara webhook default queue consumer
  • Totara webhook default queue purger
  • Totara webhook dead letter queue purger

Excimer profiling tool

The following scheduled tasks were added to support the new Excimer performance profiling tool:

  • Expire excimer logs
  • Purge fastest excimer profiles
  • Purge page group approximate count data

Competencies / Skills

The following scheduled tasks were renamed while changing 'Competencies' to 'Skills':

  • Aggregate skill achievements for all users with active skill assignments
  • Expand skills to users relation for skill assignment
  • Aggregate skill achievements for queued aggregation only
  • Skill HR Import

Table of contents

New notifications

Perform

  • Reopened activity

Report builder

  • User report is ready for download
  • User report export failed

Table of contents

Settings changes

Default password policies changes

New defaults have been created for existing password policy settings to align with OWASP recommendation ASVS 4.x. We recommend updating these settings on existing sites.

  • Default value for minpasswordlength is raised to 12 (previously 8)
  • Default value for minpassworddigits is lowered to 0 (previously 1)
  • Default value for minpasswordlower is lowered to 0 (previously 1)
  • Default value for minpasswordupper is lowered to 0 (previously 1)
  • Default value for minpasswordnonalphanum is lowered to 0 (previously 1)

Default docroot

The default for the docroot config setting was changed to 'https://totara.help/docs'.

Trending block

  • block_totara_trending_dayctr Number of days worth of activity to take into account for trending.
  • block_totara_trending_overctr Number of items to over-fetch.
  • block_totara_trending_recctr Number of items to show in block.

Other new core settings

  • defaultpreference_showuserstatus Show user profile status if suspended.
  • enable_excimer Enable the Excimer real-time profiling plugin.
  • enabletotara_webhook Enable the webhooks feature.
  • mfa_plugins Which MFA plugins are enabled for use.
  • perform_sync_participant_instance_closure_access_remove Remove access to closed participant instances on role change. When enabled, closed participant instances will be hidden from a user who no longer needs access to an activity due to a change of job assignment.

New settings for Microsoft SQL Server support

These settings only apply when Totara needs to connect to an external Microsoft SQL Server database.

  • auth_db/dbpersist
  • auth_db/encrypt
  • auth_db/trustservercertificate
  • logstore_database/encrypt
  • logstore_database/trustservercertificate

New settings for MS Teams integration

  • totara_msteams/bot_tenant_id when specified will authenticate the bot using the tenant ID rather than the global Azure bot framework scope.
    This allows single tenanted Azure bots to be used with this integration.
  • virtualmeeting_msteams/tenant_id The ID of the application's Entra tenant. This must be set if the application is configured as a single tenant application.

New Report builder settings

  • reportbuilder/backgroundexport Background export feature enabled (default yes)
  • reportbuilder/backgroundexport_queue_size_per_user Background export queue size (number of pending reports) per user (default 5)
  • reportbuilder/runtimeloggingthreshold Log report run time if execution exceeds specified duration (in seconds). (default 15)
  • reportbuilder/runtimeloglifetime Specifies how many days report run time logs should be retained. Older logs will be automatically deleted. (default 7 days)
  • totara_reportbuilder/filesizelimit This setting allows administrators to adjust the maximum scheduled report file size for email attachments, in megabytes.

Totara mobile app settings

  • totara_mobile/urlscheme The default value has changed to 'totara://'
  • totara_mobile/appdownloadurl Specifies the URL users should use to download the Totara app (default https://mobile.totaralearning.com/register)

New settings for Excimer profiling tool

  • tool_excimer/enable_auto Any page will be automatically profiled if they exceed the minimum duration.
  • tool_excimer/enable_fuzzy_count This will cause the plugin to maintain an approximate count of page runs using the approximate counting algorithm. Automatic profiling must also be enabled.
  • tool_excimer/enable_partial_save This will save partial profiles of slow web processes every processing interval.
  • tool_excimer/expiry_fuzzy_counts The number of full months worth of data to keep.
  • tool_excimer/expiry_s Remove profiles after this long.
  • tool_excimer/long_interval_s Checks the current status of long running tasks every N seconds and processes as required.
  • tool_excimer/num_slowest Only the N slowest profiles will be kept.
  • tool_excimer/num_slowest_by_page Only the N slowest profiles will be kept for each script page.
  • tool_excimer/redact_params These parameters (one per line) will have their values removed before their profile is saved. Redacting of parameters 'authtoken', 'key', 'nonce', 'sesskey', 'wstoken' is builtin, and will always be done.
  • tool_excimer/sample_ms Frequency of sampling (in milliseconds)
  • tool_excimer/samplelimit The maximum number of samples that will be recorded.
  • tool_excimer/stacklimit The maximum permitted recursion or stack depth before the task is flagged.
  • tool_excimer/task_min_duration For scheduled and ad-hoc tasks, the minimum approx duration, in seconds.
  • tool_excimer/trigger_ms Record a profile only if it runs at least this long, in milliseconds.

Other new plugin settings

  • filter_mediaplugin/scan_all_links Convert all media links - If enabled, all links to URLs recognised by a media plugin will be converted to embedded players. If disabled, only links with a data-embed attribute will be converted. (default no)
  • totara_catalog/search_fallback This setting configures whether a fallback query should be run against the index for partial word matching. This may have a performance impact on large sites but may find more results. (default 'Only when no results found')
  • totara_cohort/previewdraftlifetime Number of days to keep dynamic audience preview results in the draft table before they are deleted by the cleanup task. (default 30)

Removed settings

  • cachestore_mongodb/testserver
  • ml_recommender/py3path
  • ml_recommender/query
  • ml_recommender/threads
  • totara_tui/pre_php74_allow_unperformant_css

Table of contents

New hooks

Core

  • core\hook\before_session_start added to enable plugins to do something before the PHP session is started
  • core\hook\moodleform_process_submission added to enable plugins to see/modify a form submission during processing

Perform goals

  • goaltype_basic\hook\creation_options added to enable plugins to implement alternative goal creation workflows

Approval workflows

  • mod_approval\hook\allowed_relationships added to allow plugins to add or remove available approval relationships
  • mod_approval\hook\application_interactor_user_capability added to allow plugins to allow arbitrary users to work with applications
  • mod_approval\hook\approvers_embedded_report added to allow plugins to specify an alternative 'Approvers report'
  • mod_approval\hook\available_approval_plugins added to allow plugins to modify the list of approval workflows available depending on context

Totara MVC

  • totara_mvc\hook\tui_props added to allow plugins to arbitrarily changes the page props passed to Tui components by the controller

Totara webhooks

  • totara_webhook\hook\data_sanitiser_hook added to allow plugins to redact or expose additional data via webhook

Table of contents

New events

Core

  • File added to draft area core\event\draft_file_added

Multi-factor authentication

  • MFA rule created core_mfa\event\rule_created
  • MFA rule deleted core_mfa\event\rule_deleted
  • MFA rule updated core_mfa\event\rule_updated

Perform

  • Performance activity participant instance changed access mod_perform\event\participant_instance_access_changed

Skills / Competencies

Many competency-related events have new names due to changing 'Competencies' to 'Skills'. The event classes remain the same, so event observers do not need to be updated.

A new event was added:

  • Rating submitted pathway_manual\event\manual_rating_created

Totara API

  • API client request blocked totara_api\event\api_client_request_blocked

Totara OAuth2

  • Rotated secret event totara_oauth2\event\rotated_secret_event

Report builder

  • Report background export downloaded totara_reportbuilder\event\report_background_downloaded
  • Report background export completed totara_reportbuilder\event\report_background_exported
  • Report background export failed totara_reportbuilder\event\report_background_failed
  • Scheduled report task failed totara_reportbuilder\event\scheduled_report_task_failed
  • Track report run time totara_reportbuilder\event\track_report_run_time

Table of contents

New plugins

Trending block

block_totara_trending
Split from the 'Recommended for you' block (block_totara_recommendations), because it doesn't require the machine learning service.
Existing trending-type 'Recommended for you' blocks are automatically converted to Trending blocks on upgrade.

Team skill proficiency block

block_totara_competency_proficiency_gap
Allows manager users to view the competencies and proficiency values for their reporting users at a glance.

Certifications – current compliance block

block_compliance_current_report
Provides a quick, visual way to monitor certification compliance across teams, job roles, or organisational units.

NoAI connector

ai_noai
Supports demonstration, troubleshooting, and testing of the AI plugin framework and plugins, without requiring an LLM.

Webauthn (Passkey) authentication factor

mfa_webauthn
Allows users to create and use a browser passkey as an authentication factor when logging in.

Excimer profiling tool

tool_excimer
Uses the Excimer PHP extension to profile pages and log potential performance issues. Totara is using this tool on production sites to find and help diagnose performance issues.

Database anonymisation tool

tool_anon
A command-line tool for exporting a sanitised version of a site's database to a series of auditable CSV files, and then reimporting the anonymised data into a fresh database for quality assurance and testing purposes. Only Totara core tables are exported, though plugins can also declare support for the tool. All user data and content is stripped and replaced with short random text values.

Webhooks

totara_webhook
Turn any Totara system event into a webhook, to make an HTTP post request with event details to an external system.

Table of contents

New Tui components

Embedded content fragment

client/component/tui/src/components/content/EmbeddedFragment.vue

Gradient outline decoration

client/component/tui/src/components/decor/GradientOutline.vue

New form components

client/component/tui/src/components/form/InputGroupDivider.vue client/component/tui/src/components/form/InputGroupLabel.vue client/component/tui/src/components/form/InputGroupSelect.vue

Sparkle loading spinner

client/component/tui/src/components/loading/SparkleLoader.vue

New icons

client/component/tui/src/components/icons/Clipboard.js client/component/tui/src/components/icons/Confirm.js client/component/tui/src/components/icons/Cube.js client/component/tui/src/components/icons/Incomplete.js client/component/tui/src/components/icons/MoreInfo.js client/component/tui/src/components/icons/QrCode.js client/component/tui/src/components/icons/Repeat.js client/component/tui/src/components/icons/Sparkle.js client/component/tui/src/components/icons/Stars.vue client/component/tui/src/components/icons/StopCircle.js client/component/tui/src/components/icons/Upload.js

Table of contents

Deprecations

Tui

  • core_auth/Footer.vue now accepts a content prop. html prop is deprecated.
    LoginLayout.vue now passes content to footer instead of html.
  • pathway_manual: Deprecated RatingPopover.vue, replaced with CompetencyRatingModal.vue

Approval workflows

  • deprecated variables() in mod_approval/src/js/graphql_selectors/selectable_applicants.js
  • deprecated getNameSearch in mod_approval/src/js/application/index/create_new/selectors.js
  • deprecated unsetActiveFullnameSearch in mod_approval/src/js/workflow/edit/actions.js
  • deprecated fullnameSearch
  • Deprecated addStage state in the edit workflow xState machine
  • Deprecated setRenameWorkflowStageId() and updateStageName() in client/component/mod_approval/src/js/workflow/edit/actions.js
  • Deprecated addWorkflowStage() and editStage() in client/component/mod_approval/src/js/workflow/edit/services.js
  • Deprecated ADD_WORKFLOW_STAGE and RENAME_WORKFLOW_STAGE constants, and addingStage stage in the workflowEdit xState state machine
  • mod_approval\data_provider\user\selectable_applicants_base::filter_query_by_fullname() has been deprecated, please call filter_query_by_search() instead.
  • GraphQL input type mod_approval_selectable_users_filter_input has been deprecated, use mod_approval_selectable_users_filter_search_input

'Recommended for you' block

  • Deprecated main.mustache template

Course

  • core_course\local\archive_progress_helper\data_repository::get_course_completed_users_count() has been deprecated, please call core_course\local\archive_progress_helper\data_repository::get_users_for_archive_reset() instead.
  • core_course_renderer::coursecat_search_form() is deprecated

Core

  • server/adminlib.php has been deprecated, and replaced with classes in the \core\setting\type namespace.
  • The has_capability_in_any_context() function has been deprecated. Please use totara_core\access::has_role_with_capability_allowed() instead.
  • The has_role_with_capability() function has been deprecated. Please use totara_core\access::has_role_with_capability_allowed() instead.
  • The E_STRICT constant has been removed, as it is deprecated in PHP 8.4. Please ensure there are no remaining references in your code.
  • The following are now unnecessary and deprecated, there is no replacement:
    • \core\json_editor\helper\document_helper::clean_json_document
    • \core\json_editor\helper\document_helper::clean_json
    • \core\json_editor\helper\document_helper::do_clean_raw_nodes
    • \core\json_editor\node::clean_raw_node and implementations
    • \core\json_editor\node::clean_raw_node_content
    • \core\json_editor\node::clean_raw_node_marks
    • \core\webapi\middleware\clean_editor_content GraphQL middleware
  • The deprecated setting pathtowkhtmltopdf is no longer automatically added to the executable whitelist.
  • The abstract method \core\json_editor\node\node::to_html has been deprecated and will be removed in a future version. If you have a custom JSON_EDITOR node, please implement to_trusted_html(), as that will be required from Totara 21.
  • The following json_editor methods have been deprecated and will be removed in a future version:
    • \core\json_editor\formatter\formatter::to_html (replaced with to_trusted_html())
    • \core\json_editor\formatter\formatter::print_nodes (replaced with print_raw_nodes_html() and print_raw_nodes_text())
    • \core\json_editor\formatter\formatter::print_node (replaced with raw_node_to_html() and raw_node_to_text())
    • \core\json_editor\formatter\formatter::print_html_node (replaced with node_to_html())
    • \core\json_editor\formatter\formatter::print_text_node (replaced with node_to_text())
    • \core\json_editor\formatter\formatter::apply_marks (replaced with apply_marks_html() and apply_marks_text())
    • \core\json_editor\formatter\formatter::apply_mark (no replacement)
  • Deprecated behat_form_checkbox::trigger_on_change()
  • The following classes have been deprecated. Please use the Totara core \curl class when making CURL requests as it has built in SSRF security.
    • \core\link\http\request
    • \core\link\http\response
    • \core\link\url_final_destination
    • \core\link\url_validator
  • excellib classes have been deprecated:
    • MoodleExcelWorkbook has been deprecated. Use \core\file_format\spreadsheet\writer\xlsx_writer instead.
    • MoodleExcelWorksheet has been deprecated. Use \core\file_format\spreadsheet\writer\xlsx_writer instead.
    • MoodleExcelFormat has been deprecated. Use \core\file_format\spreadsheet\writer\xlsx_writer instead.
  • GraphQL query core_user_user has been deprecated, please call core_user_user_v2 instead.

Certification

  • server/totara/certification/lib.php is deprecated. All functions and constants within this file are deprecated. Functions and constants which are still applicable have been implemented in new helper classes.
  • totara_certification\user_learning\item::certification_path property has been deprecated and is not updated. Use item::prog_path_id instead.
  • totara_certification\user_learning\courseset::certifpath property has been deprecated and is not updated. Use courseset::progpathid instead.
  • Class totara_certification\rb\display\certif_certifpath is deprecated. It is no longer used.
  • totara_certification\entity\certification_completion::certifpath property is deprecated. It is no longer used.
  • GraphQL field certification.activeperiod has been deprecated, please update all calls to use certification.paths.activeperiod instead.
  • totara_certification\totara_catalog\certification\dataformatter\activeperiod has been deprecated. The property that it related to is no longer valid.
  • totara_certification\totara_catalog\certification\dataholder_factory\active_period has been deprecated. The property that it related to is no longer valid.
  • server/totara/certification/edit_certification.php has been deprecated and should no longer be linked to.
  • server/totara/certification/edit_content.php has been deprecated and should no longer be linked to.

Audiences

  • totaracohort_event_handler::members_updated() is now deprecated, use totara_cohort_observer::members_updated() instead
  • The following ajax endpoints are now deprecated and replaced by GraphQL APIs:
    • /server/totara/cohort/rules/updateoptions.php is replaced by totara_cohort_rule_set_automatic
    • /server/totara/cohort/rules/updateoperator.php is replaced by totara_cohort_rule_set_operator

Totara customfield

  • The \totara_customfield\watcher\customfield watcher class is deprecated

Report builder

  • \rb_source_dp_certification::rb_filter_certifpath() is deprecated

Program

  • server/totara/program/categories.php has been deprecated and should no longer be linked to.
  • The following methods are deprecated:
    • prog_display_duedate() from lib.php - use prog_display_due_date() instead.
    • totara_program\program::is_single_course() - use is_single_course_path instead.
    • totara_program\task\send_messages_task::program_cron_enrolment_messages() - legacy notifications have been removed.
    • totara_program\task\send_messages_task::program_cron_programs_due() - legacy notifications have been removed.
    • totara_program\task\send_messages_task::program_cron_coursesets_due() - legacy notifications have been removed.
    • totara_program\task\send_messages_task::program_cron_programs_overdue() - legacy notifications have been removed.
    • totara_program\task\send_messages_task::program_cron_coursesets_overdue() - legacy notifications have been removed.
    • totara_program\task\send_messages_task::program_cron_learner_followups() - legacy notifications have been removed.
    • totara_program\content\course_set::set_certifpath() - calling this has no effect.
    • prog_display_progress() - use prog_display_path_progress() instead. If $certifpath is provided and is not null then an exception will be thrown.
    • prog_reset_course_set_completions() - use prog_reset_courseset_completions() instead. If $path is provided and is not null then an exception will be thrown.
    • program_content_nonedit_form::display_course_sets() throws an exception - use TUI/VUE instead.
    • program_content_nonedit_form::display_time_allowed() throws an exception - use display_path_time_allowed() instead.
    • totara_program\program::get_messagesmanager() throws an exception - the message manager was deprecated earlier and has now been removed.
    • totara_program\program::display_courseset() throws an exception - use display_course_sets() instead.
    • totara_program\testing\generator::add_courseset_to_program() throws an exception - use add_course_set_to_program() instead.
    • totara_program\testing\generator::legacy_add_coursesets_to_program() throws an exception - use legacy_add_course_sets_to_program() instead.
    • totara_program\content\program_content::cmp_set_sortorder() throws an exception - use cmp_path_set_sortorder() instead.
    • totara_program\content\program_content::get_course_sets_path() throws an exception - use get_path_course_sets() instead.
    • totara_program\content\program_content::copy_coursesets_to_recert() throws an exception - this functionality is no longer available.
    • totara_program\content\program_content::get_total_time_allowance() throws an exception - use get_path_time_allowance() instead.
    • totara_program\content\program_content::get_courseset_groups throws() an exception - use get_course_set_groups() instead.
    • totara_program\content\program_content::group_coursesets() throws an exception - use group_course_sets() instead.
    • totara_program\content\program_content::get_content_form_template() throws an exception - use get_path_content_form_template() instead.
  • totara_program\content\course_set::certifpath property is now deprecated and does not have a valid value set. Use course_set::progpathid instead.
  • totara_program\assignment\individual::certificationpath property is now deprecated and does not have a valid value set. Use individual::certiftimecompleted instead.
  • program.class.php is deprecated. The class inside this file was deprecated earlier and has been removed. The remaining constants and ProgramException class are deprecated and will be removed in a future release.
  • server\totara\program\completion.php has been deprecated and should no longer be linked to.
  • server\totara\program\edit_assignments.php has been deprecated and should no longer be linked to.
  • server\totara\program\edit_content.php has been deprecated and should no longer be linked to.
  • server\totara\program\edit_notifications.php has been deprecated and should no longer be linked to.
  • server\totara\program\exceptions.php has been deprecated and should no longer be linked to.
  • totara_program\program::display() has been deprecated. program::display_learner() should be used instead. Note that the new function uses TUI/VUE, so works differently than the original function.
  • totara_program\program::display_course_sets() has been deprecated. Use TUI/VUE instead. This function was created to temporarily allow program::display(), which has also been deprecated, to continue to work.

Totara mobile

  • Deprecated totara_mobile_completed_learning GraphQL query in favour of the mobile_completedlearning_my_items query in the sub-plugin

Table of contents

 
Permalink | Show parent