Hello Everyone,
I am pleased to announce that the Totara TXP 18.0 release is now available.
To see a summary of the new features and improvements included in this release, visit the What's new page on the Totara help site.
For detailed change-management information, please see the Technical Release Notes immediately following this post.
A big thank you as well to everyone who has contributed to this release!
Release 18.0 (28th November 2023):
Important:
TL-32537 Removed legacy program and certification assignment interface
The program assignment interface was replaced in Totara 13 to improve usability
with large numbers of assignments, deprecating the legacy interface and hiding
it behind the 'enablelegacyprogramassignment' setting.
This legacy interface, and associated setting, have now been removed.
TL-36674 Login screen refresh
A new login screen is available with a new look and feel, and a prominently
presented image to the side. The image can be configured inside theme settings.
The old login screen is still available, but is deprecated in Totara 18. You can
revert to it by setting `$CFG->enable_legacy_login = true;` in config.php.
TL-37624 Legacy Appraisals and 360 Feedback activities are forced to read-only as part
of the deprecation process for those features
An optional read-only setting for Legacy Appraisals and Legacy 360 Feedback was
added in Totara 17.9. This setting is now forced on, and the associated task is
queued for the next cron run.
* All action functionality such as Create, Activate, Copy, Edit etc. is
disabled.
* Users and administrator/manager see a banner notifying them that all actions
are in transition to close before the cron task has occurred.
* After the cron task has occurred all active activities will be closed.
Users and administrator/manager will still have access to Legacy Appraisals
and/or Legacy 360 Feedback historic records.
TL-38114 Improved request performance by closing user session before resolving GraphQL queries
This enhancement improves the performance of GraphQL queries that are executed
concurrently, by automatically closing the user session for writing before the
query resolves. It does not apply to mutations.
As a direct consequence of this change, modifying website sessions during
GraphQL query resolution is no longer possible without modifying the resolver.
Attempting to do so will result in an exception being thrown:
`totara_webapi\exception\reopen_session_for_writing_exception`
To maintain the ability to write to sessions within custom query resolvers,
developers must take the following steps:
- Add the `core\webapi\middleware\reopen_session_for_writing middleware` to the
GraphQL query resolver class.
- Ensure that the `core\webapi\middleware\reopen_session_for_writing` middleware
is positioned as the topmost middleware in the list of middleware used in the
query.
This change may increase the total number of PHP processes running concurrently
so it might be a good idea to review your webserver configuration to make sure
it can handle the increased number of total concurrent connections.
Additionally, it is possible to disable this optimization completely by setting
`$CFG->graphqlsessionwritecloseenabled` to false in the config.php file. This
allows users to retain the previous behaviour of session handling within GraphQL
queries, should it be required for specific use cases.
TL-38476 Upcoming changes to component overrides in themes
In order to enable a future upgrade to Vue 3, we had to make some changes to how
component overrides in themes work.
Partial component overrides in themes have been deprecated, and will be removed
in Totara 19. Partial component overrides are those that do not contain a
`script` tag, or `script extends`, unless they _only_ contain a `style`
tag.
This mainly affects components where only the `template` tag was overridden. All
components overridden in themes will need to replace the entire component from
Totara 19 onwards, unless they are only overriding `style` tags.
New features:
TL-16231 Site Administrator users can now use multi-factor authentication
The login process has been modified to introduce multi-factor authentication
(MFA) for Site Administrator users. To set up, first enable the appropriate MFA
plugin in the plugins page, and then each Site Administrator user can register
their own authenticator app via manage user login.
MFA will only support authentication methods that have been updated for
compatibility. All authentication methods included by Totara have been updated,
however any third-party plugins installed will need to be updated before they
are available with MFA. The MFA and authentication screens will report any
incompatibilities.
TL-28559 Added site administration tool to test outgoing email settings
The Quick-access menu > Server > Email > Test outgoing email settings page
allows administrators to send an email from Totara, with SMTP debugging
information displayed.
Also available in 17.3 and later releases.
TL-30141 Tenant isolation setting has been taken out of experimental mode
The tenant isolation setting has now been taken out of experimental mode. The
setting has been moved from the experimental settings page to the shared
services settings page.
TL-33784 Scheduled user actions
You can schedule actions to occur on users, using filters. This initial version
allows you to delete users who have been suspended for a certain amount of time,
and optionally restrict by audience. In conjunction with configured purge types,
this is designed to assist organisations in automating the deletion of user data
in line with their own data retention policy and relevant GDPR requirements.
Also available in 17.3 and later releases.
TL-34972 Added a new show and hide input for client secrets
Client secrets can now be viewed by clicking on the new 'Show/Hide' button on
the API clients and OAuth2.0 provider details pages.
Also available in 17.3 and later releases.
TL-34982 Added a new Check API and converted security, performance and system status
reports to use it
A new Check API has been implemented, with all system status, performance and
security reports converted to use it.
The Check API is extensible, and plugins can now introduce their own checks.
Additionally this is compatible with Moodle's Check API, and Moodle plugins that
implement it will start reporting their state.
The API includes a CLI script at server/admin/cli/checks.php that can be used to
check the status of the system via the command line.
TL-34991 Added totara_job_job_assignments query to the external API
A new query 'totara_job_job_assignments' was added to the external API to fetch
all job_assignments, providing options for sorting and paginating results.
Also available in 17.1 and later releases.
TL-35895 Added support for privacy-aware page titles to $PAGE object
It is now possible for a page to optionally set a 'privacy-aware' page title as
well as the normal title. This title is stored in the $PAGE object and can be
retrieved when a page title that does not contain personally identifiable
information is needed.
We have modified all known pages that contain the users' names to specify a
second title that excludes the name.
A use case for this is to avoid sending Personal Identifiable Information (PII)
to a third-party analytics service.
Also available in 17.1 and later releases.
TL-36262 Added a new performance overview page which summarises a user's progression
in performance activities, competencies and Totara goals The performance overview page displays items with four progression states based
on the selected period filter.
The progression states are:
* Not started: No progression has ever been made
* In progress: Progression has been made in the current period
* Not progressed: Progression has not been made in the current period
* Achieved/Completed: Progression has been marked as completed in the current
period
Progression for competencies is based on current scale values:
* A new checkbox option was included on the scale setting pages that allows the
least complete scale values to be considered 'Not started'
* Completion is based on the scale 'Consider complete' values
The performance activities use existing activity progress states to track
progression:
* Completion is based on all required participants having completed their
participation
A new concept of 'Due soon' was also introduced for goals and performance
activities, this is when they are due within the next seven working days.
The page also includes a 'Require action' block which provides a summary of the
user's participation in others' activities and if they are required to select
participants for certain activities.
TL-36328 Add SAML 2.0 (SSO) authentication plugin
Totara can now authenticate via SAML 2.0. To configure a SAML 2.0 connection
visit the Quick-access menu > Plugins > Manage authentication page, and enable
SAML SSO (2.0) to start registering identity providers.
TL-36505 Added H5P plugin
Added the H5P activity plugin, which allows you to author content directly into
your courses with an easy-to-use library of creation and editing tools. Select
from activity types such as interactive video, quizzes, collage, timelines, and
more.
TL-37567 Database column values can be encrypted
Individual columns in the database can now be encrypted, preventing the values
from being read unless they are accessed via the appropriate model. This
implementation is only appropriate for storing generated values such as security
tokens.
On a new install or upgrade a new encryption key will be generated
automatically. If needed, we provide a command line script to add new keys and
to roll over any previously encrypted values, where it is required.
Encrypted columns are currently only used by the authentication SSO SAML plugin
and Multi-factor Authentication TOTP plugin, to store authentication-related
tokens.
To ensure that columns can be encrypted, we require the mcrypt PHP module to be
installed. If it is not installed then features that require encryption will not
be available.
TL-37570 Added IntelliData plugin which allows integration with IntelliBoard Learning
Analytics Platform
IntelliBoard is a learning analytics platform that provides reports showing user
engagement, learner completion, engagement metrics, instructor activity,
progress summaries, and more. It integrates with Totara with the help of the
IntelliData plugin, which is built on top of Totara's GraphQL external API. You
can access this plugin via a new group of business intelligence plugins under
Quick-access menu > Plugins > Business intelligence.
TL-37594 Added a new 'Pathway' course format
The Pathway format adds a more modern UI using Tui componentry, providing a more
streamlined experience for learners.
This includes:
* An improved course header and administration settings
* New side panel for navigation, showing the activities in order and the user's
progress through the course
* A content panel to display the current activity without navigating away from
the course page
TL-37614 Programs can now be cloned
Users with the `totara/program:cloneprogram` permission can now clone programs,
selecting which parts of the program to clone. Any combination of the details,
course sets, and notifications can be cloned.
TL-37615 Updated interface when managing program content
When managing a program's course sets, the interface has been improved to be
more dynamic using the Tui framework.
Using a recurring course set or a competency course set still uses the old
interface. The old interface can also be forced by using the 'Enable legacy
program content' setting.
TL-37619 Introducing tenant reports
Tenant Domain Managers now have the ability to generate reports that focus
exclusively on tenant-specific data.
* Tenant-level reporting: Tenant Domain Managers now have the ability to
generate reports that focus exclusively on tenant-specific data. Tenant Domain
Managers will be required to have the `totara_reportbuilder:managereports`
capability to generate tenant reports.
* Data isolation for tenant members: With tenant reports, the reported data is
isolated for tenant members to reflect only the content pertinent to the tenant.
* My reports page: Site Managers now have the ability to create tenant-specific
reports from the 'My reports' page.
In order for Tenant Domain Managers to create tenant reports, we recommend
allowing two capabilities on the system Tenant Domain Manager role:
* totara/reportbuilder:managereports
* totara/reportbuilder:overrideexportoptions
TL-37726 New tenant selection filter for user reports
A new tenant selection filter has been added for user reports. Users with the
`totara/tenant:view` capability can use this filter to filter the users to
tenant members in a report.
TL-38227 Added activity completion report source
TL-39058 Added new endpoints to the external API to enable the functionality necessary
for integration with e-commerce platforms Introduced new functionalities to our external API, allowing integration with
e-commerce platforms. Here's a breakdown of the key features:
Audiences support:
- Added core_cohort_static_cohorts query to retrieve a list of audiences
- Added core_cohort_is_user_member query to check if a user is a member of an
audience
- Added core_cohort_add_cohort_member mutation to add a user to an audience
- Added core_cohort_remove_cohort_member mutation to remove a user from an
audience
- Expanded functionality for interacting with cohorts via a
core_interactor class
- Added a 'tags' property to the core_cohort type
Courses API upgrades:
- Added core_course_courses query to retrieve a list of courses
- Added core_course_is_user_enrolled query to check if a user is enrolled in a
course
- Added core_completion_get_course_completion query to retrieve course
completion details
- Added a 'tags' property to the {{core_course}} type
Users API enhancements:
- Added core_user_user query to retrieve details of a specific user
- Added filters to core_user_users query for more refined user queries
Enrolment API advancements:
- Added enrol_manual_enrol_user mutation to enrol a user into a course using a
manual enrol plugin
- Added enrol_manual_unenrol_user mutation to unenrol a user from a course using
a manual enrol plugin
Security issues:
TL-34338 Prevented content author information display to non-privileged users in
global search
Previously, it was possible for global search users to see the author of
documents, even if they did not have the appropriate capabilities. Now users
need the 'moodle/user:viewdetails' or 'moodle/course:viewparticipants'
capability to see the author.
Fixes CVE-2022-30598
Also available in 17.13 and later releases.
TL-35830 Fixed trending content block showing items across tenant boundaries
With this change trending content from different tenants can no longer show
across tenants.
Also available in 17.13 and later releases.
TL-38789 Fixed possible XSS vulnerability in course activity headings on some pages
TL-38845 Fixed an XSS vulnerability in activity names when restoring courses
Also available in 17.13 and later releases.
Visual improvements:
TL-33818 Block titles are no longer all uppercase
Also available in 17.9 and later releases.
TL-37206 Improved the look of the legacy progress bar
TL-37207 Improved the look of the quick-access menu
TL-37350 Added a single point for typography to improve consistency of typography
throughout the product
TL-37352 Improved the look of the top navigation toolbar
TL-37353 Improved styling of dropdowns
Both Tui and non-Tui dropdowns now have a similar design, with rounded corners
and better spacing.
TL-37355 Improved styling of mobile navigation menu
TL-37465 Adjusted Tui grid spacing for consistency
TL-37466 Improved UI grid alignment consistency across Totara
TL-37597 Improved alignment in Totara Learn's Find Learning page
TL-38015 Updated dropdown menu styling
TL-38016 Centre aligned breadcrumb elements vertically
TL-38481 Made styling changes to the Tui Tree component
TL-38490 Moved header menu dropdown chevron to the right and aligned to the end
horizontally.
TL-38528 Updated the default theme to be more consistent across product
With this change we have aligned the look and feel across different aspects of
the default theme.
This includes admin forms, Tui forms, legacy forms, legacy and Tui tabs and the
layout of the header and footer.
TL-38534 In various pages (such as Define Roles) the page heading position is now
standardised, with action buttons moved to the right.
TL-38560 Updated the look of the Messages and Notifications menu items
TL-38578 Updated Tui modal design
TL-38612 Improved button and input styling
Button, input, and select styles now no longer apply to plain buttons, inputs,
and selects. Add `btn btn-default`, `form-control`, or `custom-select` classes
(respectively) to elements you need to be styled.
The Bootstrap implementation of button and form styling has been replaced with a
custom one, compatible with the same classes, but with improved styles aligned
with the Tui design system.
TL-38640 Improved display of secondary nav items
TL-38742 Updated the look and feel of blocks
Updated the default block style to round the corners and align the padding with
the rest of the site.
TL-39037 Improved consistency of modals
Modals have numerous CSS changes so that they look more consistent across the
application. These will be applied across YUI, Bootstrap and Tui Modals.
Performance improvements:
TL-34242 Improved performance of seminar session list display by optimising the loading
of enrollable sessions
Also available in 17.6 and later releases.
TL-34384 Improved performance of file picker on large sites
Also available in 17.5 and later releases.
TL-36192 Updated user data query to convert username to lowercase prior to execution
The user data query was querying with the username in a case-insensitive way,
this change converts the username to lowercase prior to execution which should
improve the query's performance.
Also available in 17.3 and later releases.
TL-36204 Removed a needless check for new notifications happening at the start of each page
Also available in 17.3 and later releases.
TL-36206 Improved the performance of the Global Search API
This patch improves the performance of the Global Search API in how it finds
searchable areas.
Also available in 17.3 and later releases.
TL-36236 Optimised the query that removes orphaned competency assignment user records
In some circumstances, this function was taking a long time to run and timing
out. The SQL in the function was optimised.
Also available in 17.3 and later releases.
TL-36530 Improved the performance of the audience enrolment tab on courses when using
MariaDB
Also available in 17.11 and later releases.
TL-36597 Improved performance of course, program and certification visibility checks
when being part of a database query
Also available in 17.12 and later releases.
TL-36829 Improved the performance of the catalogue
A logic bug was fixed in how course category caches were primed before being
needed by the catalogue, the improved priming will increase cache use and
decrease interaction with the database.
Also available in 17.10 and later releases.
TL-38548 Reduced number of database queries on the course and category management page
When multitenancy is enabled an additional database query was triggered for each
category to check whether the category is a tenant category or not. This is now
being cached to avoid the unnecessary queries and to improve the performance of
the page load.
Also available in 17.13 and later releases.
TL-38606 Improved the performance of the notification event queue task
The performance of the task `\totara_notification\task\process_event_queue_task`
has been improved by caching data which is loaded repeatedly. In addition the
theme is not reset for each notification anymore which had quite an impact on
performance. This has been addressed.
To improve performance of the task further we recommend reviewing the setting
'SMTP session limit' (smtpmaxbulk) and consider increasing it. It defaults to 1
which means the task will create a new SMTP connection for each email it sends
out and will not use an existing connection.
Also available in 17.13 and later releases.
Improvements:
TL-30248 Added support for multi-selection position and organisation filters in
tenant embedded reports
Before the patch users with correct capabilities could not use multi-selection
filters in tenant embedded reports. We removed the second check ability to see
the report without embedded data.
Also available in 17.11 and later releases.
TL-33639 Added the 'new tab' icon to the warning links in the confirm
activity deletion modal
Also available in 17.7 and later releases.
TL-33941 Improved the layout for the workflow settings on the activity management
content tab
Also added independent loading states for the 'On completion' and 'On due date'
settings.
TL-34302 Added a scheduled task for deleting expired OAuth 2.0 access tokens from
the database
Also available in 17.3 and later releases.
TL-34814 Added a warning to seminar ad hoc messages when legacy notifications are disabled
Also available in 17.1 and later releases.
TL-34846 Extended create/update user services to offer more password-related options
Boolean fields have been added to the create and update user mutations for
'force_password_change' and 'generate_password'.
Also available in 17.2 and later releases.
TL-34919 Disallowed API users from updating locked fields without valid capability
if fields are locked
by the authentication plugin
Also available in 17.3 and later releases.
TL-34922 The performance activity role change override settings now reflect the current
global settings when not enabled
TL-35074 Ensure sort order for seminar sessions is consistent
Also available in 17.1 and later releases.
TL-35096 Added the progress tracker to the activity 'View details' modal and made
the sections collapsible
TL-35097 Updated the 'View details' modal on a performance activity to align with
the new design
* The sections are now separated by role
* Added the user avatar, progress status, and 'closed' message if the section is
closed
* Added the appropriate icon alongside the progress status
TL-35098 Added a 'View more' button to the tables on the activity details modal
when there are more than three participants
TL-35099 Updated the 'View details' modal on a performance activity to align with
the new design for anonymous responses
* Included a count of the anonymous respondents excluding the current user
* Included a count of the completed anonymous responses excluding the current
user
* Included the message 'All complete' when all other anonymous responses are
complete
TL-35120 Removed view-only participant instances upon relationship changes
TL-35156 Added a capability to allow users access to their notification logs
This adds a new capability 'totara/notification:auditownnotifications', which
will allow the user to view their own notification logs. This is not added to
any role by default.
Also available in 17.1 and later releases.
TL-35223 Added support for tenant isolation to user API
Added support for tenant isolation to the external API. Tenant API clients can
use external API if tenant isolation is on, and also can manage system users if
they have capabilities at the system level.
Also available in 17.3 and later releases.
TL-35230 Added the 'Section title' multi-select filter to the performance activities
response data report
Also available in 17.1 and later releases.
TL-35278 Added default filters to the performance activity response data reports
for 'Element type', 'Response data text' and 'Review type'
Also available in 17.1 and later releases.
TL-35410 Added default error response_debug site setting
Added a 'response_debug' setting to the API site-level settings to configure the
amount of error information returned in API responses.
Also available in 17.1 and later releases.
TL-35460 Improved the language string for the seminar purge type
Also available in 17.5 and later releases.
TL-35483 Allow administrators to approve requests that require role approval
Also available in 17.3 and later releases.
TL-35517 Updated help for MySQL collation conversion script to advise increasing
execution time
Also available in 17.8 and later releases.
TL-35593 Added a 'Go back' button on the performance activity content print view
TL-35628 Improved documentation for API client settings token expiration form field
Also available in 17.1 and later releases.
TL-35898 API client can now delete an existing user custom profile field value
This improvement adds a 'delete' flag to the 'custom_fields' per-field input for
the 'core_user_update_user' mutation, allowing an external API client to remove
custom user profile field values when updating a target user's profile.
Also available in 17.2 and later releases.
TL-35908 Added support to the performance activity redisplay element for
redisplaying elements in previous sections of the same performance activity
TL-35942 Added ability to change external API debug level setting per API client
Each API client can now have its own debug level setting.
Also available in 17.2 and later releases.
TL-35947 Added job assignments to core_user type for the external API
Also available in 17.3 and later releases.
TL-36067 Replaced the manage program header with Vue componentry
TL-36134 Added support for tenant isolation to job assignments external API
Also available in 17.3 and later releases.
TL-36137 Added a description to the 'Enable comments' setting under
'Shared services settings'
Also available in 17.3 and later releases.
TL-36154 Improved the performance of pluginfile.php
This is achieved by responding to HTTP HEAD requests more efficiently, and
detecting when file data doesn't exist.
Also available in 17.3 and later releases.
TL-36179 Improved error handling on tenant participant report page when opening the
report without the required parameter
Also available in 17.3 and later releases.
TL-36187 Added support for additional languages to LinkedIn Learning
Also available in 17.3 and later releases.
TL-36196 Cherry-picked MDL-64454: Admin screen should show warning if cron does not
run frequently
A new config option has been added to specify a maximum time elapsed since last
cron run before showing the warning about running the cron on the admin pages.
Previously it would show after 24 hours, this allows for more regular checks.
Default setting is 200 seconds.
Also available in 17.3 and later releases.
TL-36208 Added CLI script that allows plugins to be programmatically uninstalled
A new CLI script has been added at server/admin/cli/uninstall_plugins.php
It can be used to programmatically run the uninstall routines for plugins.
It also can list plugins, including missing plugins which have been previously
installed, but which no longer have code in place.
Also available in 17.3 and later releases.
TL-36217 Added a new event that is triggered when an admin uses the database
search and replace tool
Port of MDL-68193 / MDL-68276 to provide an audit trail when values are replaced
in the database.
Also available in 17.3 and later releases.
TL-36327 Improved the gap between course multi-select custom fields
Also available in 17.4 and later releases.
TL-36347 Improved alignment for text in answers for the Lesson activity
Also available in 17.8 and later releases.
TL-36475 Improved the description for the seminar 'One email per day' setting
The description of the setting has been improved to indicate that it only
relates to legacy seminar notifications, and describes how attachments are sent
when using centralised notifications. The setting is now hidden when legacy
seminar notifications are disabled.
Also available in 17.7 and later releases.
TL-36542 Changed featured links to use editor instead of plain text
TL-36552 Added middle location option for featured links headings
Featured links now include the option to vertically align content to the middle
of the tile.
TL-36559 Added full width (no page margins) option for featured links sizing at block level
TL-36641 Added setting to allow automatic redirection from login page to
a selected authentication provider
A new 'Automatic single sign-on redirect' setting has been added to the 'Manage
authentication' settings page. When a provider is selected, users will
automatically be redirected to the selected provider when accessing the login
page. The redirect can be avoided by adding 'nossoautoredirect=1' to the URL.
This setting has priority over any similar functionality provided by individual
authentication plugins.
TL-36700 Added a setting to disable enforced visibility checks in certain report sources
The following reports automatically apply visibility checks for courses:
* Course completion
* Course completion including history
* Course membership
* Seminar events
* Seminar sign-ups
* Seminar sign-in sheet
* Seminar sessions
Previously it was not possible to deactivate those visibility checks and make
full use of the existing content restrictions. We have now introduced a new
setting in the 'General' tab of these reports which allows admins to disable the
checks if required.
Default behaviour for these report sources is unchanged.
In addition we added the ability to use the 'Enforce sitewide visibility
restrictions' content restriction for the following report sources:
* Record of learning: certifications
* Seminar asset assignments
* Seminar facilitators assignments
* Seminar room assignments
* Seminar interest
Also available in 17.10 and later releases.
TL-36774 Added placeholders for the currently logged-in user to the featured links block
This adds a new placeholder provider to allow user placeholders like
`[user:full_name]` to be added to the descriptions of featured link tiles when
using the Weka editor.
TL-36824 Improved the help text for the seminar direct enrolment automatic signup setting
Also available in 17.8 and later releases.
TL-37065 Updated program and certification extension request notifications to use
centralised notifications
TL-37187 Updated course save to turn on editing mode by default if the user has
sufficient permissions
When a user saves a course, they will automatically have editing mode switched
on when being redirected to the sections and activities page.
TL-37260 Added requirements for Totara 18 to the environments checks page and readme file
TL-37282 Added empty state for pie charts
Empty states have been added for pie, doughnut and progress charts for report
builder to remove unnecessary whitespace and tidy up the page.
TL-37311 Set up the 'Facilitator sessions details changed' trigger to activate
when there is a change in the room
Whenever a room changes in the session, you will receive a notification called
'Facilitator sessions details changed'. Additionally, the title of the
notification resolver has been changed from 'Facilitator sessions date/time
changed' to 'Facilitator sessions details changed' to make it more suitable for
all session changes.
TL-37383 The quiz navigation block now appears above the page content when no
block regions are available
Previously when a course format or theme did not support blocks a user could not
jump around between questions easily. Now the quiz will have the equivalent
navigation displayed above the question that the learner is currently viewing.
TL-37438 Added option to unset the 'force password change' flag to bulk user actions
It is now possible to run a bulk user action to remove the 'force password
change' flag from a large number of users at the same time.
TL-37493 Improved the responsiveness of learning plan page content
Also available in 17.8 and later releases.
TL-37525 Added support for PostgreSQL 15
TL-37527 Added support for MariaDB 10.11
TL-37587 Added new 'Display link' option in URL and File course resources
A new 'Display link' setting has been added to the URL and File course resources
and is available in these resources by default. When enabled in a URL or File
resource, clicking the resource will show a page containing a link to the URL or
file. When clicked, the URL or file will be opened in the current page. When the
course format is set to Pathway, only the Link and Embed options can be used.
TL-37623 Added more specific information to course completion log
In the completion log, added text to indicate which function was responsible for
the call to completion_completion::_save.
Also available in 17.8 and later releases.
TL-37640 Added exclude_courses hook to the Current learning block
The new hook on the Current learning block gives third-party components the
ability to exclude specific courses from appearing in the Current learning
block.
In addition the exclude courses argument on the Last course accessed block has
been updated to be passed by reference.
TL-37650 Refined the naming conventions for tenant pages to ensure consistency
with our help documentation
This improvement aims to make it easier for users to locate the information they
need and navigate through the system effortlessly.
TL-37651 Modify auto-guest login behaviour to only occur on courses with
guest access enabled
Previously it was possible to configure site-wide guest access such that a user
would be enrolled as a guest when visiting a course that didn't have guest
access enabled. This would then lead to an error and prevent them from being
directed to login.
Now in the same situation the user will only be auto logged in as a guest if the
course they are visiting has guest enrolment enabled.
TL-37655 Hide Feedback preview mode control to avoid non-submissions
User feedback pointed out that users were able to mistakenly view a Feedback
preview, thinking their feedback was being submitted. The user control for this
has been visually hidden, but the functionality still remains.
TL-37656 Added small visual improvements to Quiz module question and control display
Display of images inserted into Quiz module questions and minor spacing changes
have been made to make minor visual alignment and readability improvements.
TL-37693 Improved the edit behaviour of multi-choice questions when there are
already answers submitted
When a user tries to update the values of a 'Multi-choice' or 'Multi-choice
(rated)' question, the warning banner will be displayed and warns the user of
potential data corruption or data loss.
Also available in 17.12 and later releases.
TL-37694 Rearranged user report output so that session can be closed before
report data is fetched and displayed
Report builder now closes the user session before fetching user report data,
meaning that long-running reports no longer prevent a user from carrying out
other actions in the system.
Also available in 17.12 and later releases.
TL-37729 It is now possible to grant the 'log in as' capability to Tenant Domain Managers
TL-37752 Restricted access to the Feedback module's preview feature to roles
capable of editing the module
TL-37854 Added language string support for section and field labels in
approval workflow forms
TL-37870 Updated environment checks for PHP Just-In-Time opcache compilation
Totara currently does not support PHP with Just-In-Time compilation enabled.
This change adds a check to both the install/upgrade environments check, and the
internal environments check page.
Also available in 17.11 and later releases.
TL-37883 Added a lozenge on edit report page for tenant reports
Added a lozenge on tenant reports in edit report page to indicate that it is a
tenant report.
TL-38055 Added description field to approval workflow forms
TL-38065 Cleaned up the approval workflow class to allow for easier extendability
TL-38075 Moved feature text to below title in catalogue
TL-38093 Changed default event filter when learner views a seminar
When learners navigate to a seminar, if they have upcoming booked events then
the 'Booked' filter will automatically be applied. If they have no upcoming
booked events, or they navigate to the seminar by clicking 'All events', then
the 'Booked' filter will not be applied.
TL-38112 Warning added for the minor versions of MariaDB (10.7, 10.8, 10.9 and 10.10)
that are not supported
Also available in 17.12 and later releases.
TL-38145 Swapped user menu language list for a language preferences link
In the user menu we no longer have quick-switching of languages available.
Instead, there is now a link to the user language preferences page. As changing
languages is usually fairly infrequent, this should declutter the menu.
TL-38156 Removed dashed separator and find workspace link from workspace sidebar
TL-38206 Added hook to base event class
A new hook has been added to the base event class to allow watchers to modify
event content.
TL-38207 Added report log hook for modification of user's full name
TL-38222 Added lang string support for the content of the help icons in approval workflows
TL-38235 Added multitenancy support to the course completion report source
TL-38397 Improved error messages when notifications scheduled tasks encounter errors
Also available in 17.12 and later releases.
TL-38409 Renamed centralised notifications scheduled tasks to make them
easier to understand
Also available in 17.12 and later releases.
TL-38445 Page layouts no longer display the breadcrumbs bar when the theme
"nonavbar" is set to true
TL-38734 Prevented notification processing warnings if the event context they
relate to no longer exists
Also available in 17.13 and later releases.
TL-38767 Prevent users from running more than one report simultaneously
Recently we introduced a change which allows a user to continue using the site
while a report loads in another tab/window. This inadvertently allowed a user to
run more than one report at once. With this change, only one user report or
report export (user or embedded) can be run at once. Viewing embedded reports
are excluded, so that pages which render embedded reports will continue to work
as normal.
Also available in 17.13 and later releases.
TL-38897 Improved warning message in the performance tab of reports when
caching is not available
Also available in 17.13 and later releases.
Accessibility improvements:
TL-28041 Updated focus styles to meet future accessibility requirements
Focus rings are now 2px thick and solid instead of dashed. Now that
:focus-visible is supported by all of our supported browsers, we have also made
use of it where possible, in order to only show the focus ring when navigating
by keyboard.
TL-37400 Notification content in the list of received notifications is now
accessible via keyboard
Bug fixes:
TL-23403 Fixed modals closing when you click and drag from the inside to the outside
TL-36934 Fixed the full text search for MySQL binary mode to prevent wildcard
character errors
Also available in 17.13 and later releases.
TL-37199 Fixed course completion historic grades corrupted by course changes
When changing course grades, historic course completions are affected and the
'Grade at time of completion' column in reports does not reflect the right
information as the grade is taken from the current information stored in the
grade tables for the course and not the information at the time the historic
record was created.
To fix that, we have included two more fields in the course_completion_history
database table to fill accordingly when this happens. The new report builder
column 'Grade at time of completion' will now display the value calculated using
the course grade minimum and maximum that were set at the time the grade was
achieved.
On upgrade, all records of prior learning will be updated to include the current
course min and max grade. If the course max or min grade has changed since the
completion records were added then they may appear to have a different 'Grade at
time of completion' compared to what they originally had. This can be corrected
manually by using the completion editor and setting the course grade min and max
that were present at the time the grade was achieved.
When resetting and therefore archiving all completion records any record with
values in the rplgrade database column was not properly transformed to decimal
values usually stored in the course_completion_history table. This has also been
addressed with this patch.
Changes introduced with this fix:
* Added new fields grademax and grademin to the course_completion_history DB
table.
* Added new fields "Maximum Grade" and "Minimum Grade" to be filled when
creating or editing historic course completions in the completion editor.
* The "Grade at completion" report builder column has been renamed to "Grade
based on current course" in the course completion reports.
* A new "Grade at time of completion" report builder column has been added to
the course completion reports and its value is calculated based on min/max grade
at the time of completion for historic records and current completion records
deemed as completed by the user. This column replaces the renamed default column
"Grade at completion" for reports based on the "Course Completion Including
History" or "Record of Learning: Previous Course Completions" report sources.
TL-37205 Fixed the UTF-8 encoding of embedded calendar blocks in emails for
foreign characters
Also available in 17.13 and later releases.
TL-37292 Removed confusing help text from the Virtual Meeting Provider Connect button
Also available in 17.13 and later releases.
TL-37324 Fixed featured link heading levels and sizes
TL-37602 Created correct supersede submission after rejecting approval workflow application
Also available in 17.13 and later releases.
TL-37645 Fixed incorrect path in eslintignore file
TL-37683 Fixed visibility map query causing database crash on MariaDB 10.8
Only on MariaDB 10.8 the visibility map query causes the database to crash. This
has been addressed now.
Also available in 17.13 and later releases.
TL-37757 Removed broken help links from the course activity selector
TL-37808 Fixed the alignment of popups in reports grid
TL-37812 Event custom field URLs are no longer double-escaped in notifications
TL-37841 Prevent infinite redirect when receiving Oauth2 errors and admin setting
'loginpageredirect' is enabled
In some situations, instead of displaying an OAuth2 authentication error users
could end up in an infinite loop of redirects if the site has enabled the admin
setting 'loginpageredirect' and set it to use the OAuth2 provider.
TL-37984 Updated event log description for tenant reports
TL-38021 Fixed find learning popup escaping bounds of item grid
TL-38098 Added a legacy Moodle constant back into Totara, so the
Big Blue Button plugin can still operate
Also available in 17.13 and later releases.
TL-38233 Deprecated \core_component::get_component_classes_in_namespace()
This method has a big performance impact and should not be used anymore.
\core_component::get_namespace_classes() can be used instead.
All existing usages have been replaced with calls to
\core_component::get_namespace_classes() and tests added to make sure both
return the same result.
TL-38570 Fixed User profile hover style
TL-38626 Updated LTI OAuth provider URL
The previous server reference for the LTI OAuth provider was not working when a
reverse proxy was set. This change updates the URL to reference $FULLME, rather
than the $_SERVER vars
TL-38653 Ensured content marketplace course activity visible if
completed_initial_sync_learning_asset was failed to set
LinkedIn Learning's initial sync task should set the
completed_initial_sync_learning_asset flag to true. If the initial process is
interrupted LinkedIn Learning courses can be used but they are not available in
the list when adding activities to an existing course. After the patch, you can
add available courses as activities even if the initial sync task has not
finished successfully.
Also available in 17.13 and later releases.
TL-38670 Restored missing headings in the external API documentation
Also available in 17.13 and later releases.
TL-38704 Removed the ability to select a system user using the user_reference_record
class as a tenant API user
As part of this change, the behaviour of user_record_reference::get_record()
(released in Totara 17) will no longer check the acting user's ability to see
the target user. Please use user_record_reference::load_for_viewer() in custom
GraphQL resolvers instead.
Also available in 17.13 and later releases.
TL-38788 Improved display of the review options section when editing a quiz's settings
TL-38829 Added language strings for machine learning, JSON editor and
multi-factor authentication on the plugins page
Also available in 17.13 and later releases.
TL-38938 Session language is reset when the user changes their language preference
In some situations a language preference may be persisted to session. When a
user changes their preferred language, previously Totara would not reset the
session language, so the new language would not kick in until the user logged
out and logged back in. With this fix, changing the preferred language option
should immediately work for a user.
TL-38955 Added title to reports pages when accessed by users who do not have
access to it via the admin tree
TL-39064 Prevented user list queries being triggered on initial load on the
performance activity participant select page
Previously, each user selector on the participant selection page for performance
activities triggered a GraphQL query on page load to fetch the initial set of
users. The more activities are listed on the page the longer it took for all
initial queries to finish. During this time the user could not search in any of
the user selectors. This patch ensures that GraphQL queries are only triggered
when interacting with a user selector.
Also available in 17.13 and later releases.
TL-39104 Fixed the environment check for Totara 18 and MariaDB reporting
incorrect incompatible versions
Also available in 17.13 and later releases.
Database upgrades:
TL-36237 Introduced index for suspended column on user table
Also available in 17.3 and later releases.
TL-36808 Allow memoization for Postgres 14.2 and above.
PostgreSQL 14 introduced memoization as a feature that can improve performance.
However with PostgreSQL versions 14.0 or 14.1 it would cause several Totara
queries to return incorrect results. Because of this a requirement was added for
PostgreSQL 14 that the enable_memoize flag be set to off.
This has been fixed from PostgreSQL 14.2. With this patch in place the
enable_memoize=off setting is only required if you're using PostgreSQL 14.0 or
14.1.
Also available in 17.7 and later releases.
Technical changes:
TL-35168 Added new after_require_login and after_config hooks
There is a new hook at the end of the require_login() function
'after_require_login' that can be used to customise the function.
There is also a new 'after_config' hook at the end of setup.php allowing
customisations to be run as soon as possible after the config has been loaded.
Also available in 17.3 and later releases.
TL-35277 Remove unnecessary core component check in api builds
Previously there was a check that the core component was included in the list of
components on the front end. However the backend ensures the core component is
always included, so it was unnecessary.
Also available in 17.1 and later releases.
TL-35315 Added custom field type property to core_user.custom_fields object
Also available in 17.3 and later releases.
TL-36039 Support for IE-specific JS and CSS builds and polyfills have been removed
With partner consultation, we made the decision [to drop support for IE 11 in
Totara 17](https://totara.community/mod/forum/discuss.php?d=26053). While Totara
17 does not support IE 11, the supporting build tooling and JavaScript polyfills
were still present. In line with our announced plan, these were removed in
Totara 18.
See the [end-user system
requirements](https://totara.help/docs/end-user-system-requirements)
documentation for all supported browser versions.
TL-36210 Redis cache store can now compress data before storage
The Redis cache store now has a compression setting that allows a site to
configure a Redis cache store to compress data before it is sent for storage.
The options available are no compression, gzip compression, and zstandard
compression (providing zstandard is available).
Also available in 17.3 and later releases.
TL-36274 The Redis5 session handler now supports connecting via TLS
Also available in 17.6 and later releases.
TL-36403 Added 'mobile_coursecompat' property to the catalog_item GraphQL type, so it could be used in the mobile_findlearning_view_catalog GraphQL query
Also available in 17.7 and later releases.
TL-36430 Added a new hook 'auth_enable' to allow watchers to interrupt the enabling of a specific auth plugin
Added a new core hook which can be used by third-party plugins to prevent
specific authentication plugins from being enabled, and optionally provide a
reason which will be displayed to the user if they try to enable one.
Also available in 17.4 and later releases.
TL-36652 Added new /api/pluginfile.php endpoint for downloading files via external API
TL-36727 Added a method to the flavour helper class to detect if the table belongs to
the specified flavour
TL-36840 Added require_plugin_enabled middleware that checks if the specified plugin
is enabled
TL-36845 Allowed flex_icons to be instantiated without checking they are valid
Previously, when a flex_icon was instantiated, it was checked to make sure it
existed. To do this, the theme had to be initialised. To avoid this, it is now
possible to specify that the check should be skipped.
Also available in 17.6 and later releases.
TL-36878 Added hooks for setting page layout, modifying header, modifying footer
Added 3 new hooks to modify page output:
* The 'set_page_layout' hook allows modifications to the page layout
* The 'modify_header' hook allows modifications to the HTML header
* The 'modify_footer' hook allows modifications to the HTML footer
TL-36882 Updated page_requirements_manager to support more detailed tracking of
requirements
The page_requirements_manager now tracks page-specific requirements separately
from system-level requirements, in order to better support modernisation of the
UI. If you have extended page_requirements_manager, you may need to update your
code.
TL-36889 Added new hook triggered when 'setup_blocks()' is called
This hook will allow a single place for additional course formats to set the
page layout, this should only ever be called once in the page setup.
TL-36905 Added visible field to course activities and modules GraphQL types
TL-36921 Added a new hook 'activity_enable' to allow watchers to interrupt the
enabling of a specific activity module
Added a new core hook which can be used by third-party plugins to prevent
specific activity modules from being enabled, and optionally provide a reason
which will be displayed to the user if they try to enable one.
Note that this will not disable the plugin if it is enabled, but it will prevent
it from being enabled if currently disabled.
TL-36922 Added a new hook 'format_enable' to allow watchers to interrupt the
enabling of a specific course format plugin
Added a new core hook which can be used by third-party plugins to prevent
specific course format plugins from being enabled, and optionally provide a
reason which will be displayed to the user if they try to enable one.
Note that this will not disable the plugin if it is enabled, but it will prevent
it from being enabled if currently disabled.
TL-37278 Added a hook to allow course formats to control which activities can be added
This hook is currently used by the new pathway format to limit the options when
adding activities to a course, the limitations are:
* Wiki
* Book
* Folder
* Data
* Label
TL-37452 Legacy action menus are initialised at the time they are added to the DOM
TL-37613 Modernised the back-end code for programs
* TL-35960 - Cleaned up old deprecated code in the program code
* TL-35966 - Moved old program classes into new auto-loaded namespaces. The
classes in the following program files classes are no longer being used and have
been deprecated, please refer to the programs upgrade.txt for a more detailed
list of class names and suggested alternatives:
- program.class.php
- program_content.class.php
- program_courseset.class.php
- program_user_assignment.class.php
- program_assignments.class.php
- program_exception.class.php
- program_exceptions.class.php
- program_message.class.php,
- program_messages.class.php
* TL-36875, TL-36838 - Further modernisation improvements to the newly
namespaced classes, including:
- Additional docblocks
- Additional parameter type hinting
- Additional return type hinting
* TL-35984, TL-36019, TL-36020 - Added entity and repository classes for core
program tables, covering:
- Programs (ttr_prog)
- Group assignments (ttr_prog_assignment)
- User assignments (ttr_prog_user_assignment)
- Future user assignments (prog_future_user_assignment)
- Exceptions (ttr_prog_exception)
- Extension requests (ttr_prog_extension)
- Completions (ttr_prog_completion)
- Course sets (ttr_prog_courseset)
- Course set courses (prog_courseset_course)
- Recurrence settings (prog_recurrence)
TL-37664 Added reset_theme_and_output hook
TL-38113 Upgraded PHPUnit to 9.6.11 and Paratest to 6.8.1 and added tool to
generate coverage map
The CLI tool "test/phpunit/generate-coverage.map.php" has been added. It enables
developers to update the phpunit.xml file, adding the files/directories which
should be included/excluded for code coverage generation. The tool comes with a
--help option.
TL-38126 PHPUnit test file and class names now conform to a new standard
PHPUnit test files must now conform to the following standard:
* Test file names must end with "_test.php"
* Test class names must be "_" (which always ends in _test)
* Test files can only contain a single test class
* Namespaces are not allowed in test files
* advanced_testcase and basic_testcase can no longer be used
Future improvements will see namespacing allowed providing it follows a
standardised pattern, and will see autoloading improved so that in the future we
can look to migrate to PHPUnit 10.
Only standard core plugins _must_ conform to these standards, but other plugins
_should_ conform.
Also available in 17.11 and later releases.
TL-38154 Added PHPUnit commands in test/phpunit/phpunit.php to run code coverage
more easily
TL-38200 Database module static caching is reset during unit tests
Also available in 17.11 and later releases.
TL-38634 Updated the unserialize array function to support some extra characters
This updates the unserialize_array() function moodlelib, allowing support for
characters like semi-colons.
Also available in 17.12 and later releases.
Tui front end framework:
TL-34425 The filters icon was removed from FilterBar
TL-34732 Added new AdvancedSelect component for the SelectTable component to
provide a consistent UI for customisable bulk selections
TL-35991 Created new core component InputGroup to handle multiple use cases for
password input field
Also available in 17.3 and later releases.
TL-36239 Fixed audience adder being cut off in Safari 13.1
Also available in 17.3 and later releases.
TL-36251 Fixed issue where buttons in dropdowns would not get separators applied
Also available in 17.3 and later releases.
TL-36379 Added a course adder Tui component
This is designed to be used by Tui components to find courses and return them
back to the calling component.
TL-36495 Fixed display issue in the tree component where siblings sometimes
looked like child nodes
Also available in 17.5 and later releases.
TL-36697 FilterBar component now uses the button component for the reset button
Previously the reset button was a ButtonIcon component.
TL-36713 A `copyText` clipboard helper is now available in `tui/dom/clipboard`
TL-36714 Improved sizing of InputGroup
InputGroupInput is now sized correctly when the type prop is not supplied, and
InputGroup now supports the char-length prop.
Also available in 17.5 and later releases.
TL-36804 Fixed double scroll bar on adder core component.
Also available in 17.9 and later releases.
TL-36805 Added ability to add indicator icons to tabs
TL-36843 Fixed InputSetCol sometimes being sized inconsistently
TL-36965 Updated the Tag component to include various new properties
* bold: A boolean which sets the font weight of the main text to bold
* label: A string for providing a label text in addition to the main text
* large: A boolean that increases the text size, padding, and border radius of
the tag
* noBorder: A boolean that removes the border from the tag
These changes were made to accommodate the features in TL-36966.
TL-37404 Added hidden state to ProgressTrackerNavCircleWorkflow.vue
TL-37434 Aligned collapsible chevron to the top of collapsible components
TL-37470 Confirmation modals can no longer be dismissed while the action is executing
TL-37609 Refactored Tui Grid gutter handling to allow custom 2-d values
Before this change, Grid component gutters accepted a single gutter size,
although based on a CSS variable, the single usage limited all Grids to have the
same gutter sizing regardless of their placement on the page, e.g. Page layout
or deeply nested. This change refactors both vertical and horizontal gutters so
that different values can be used for each axis, per-Grid. The Tui Samples page
demonstrates the changes available via new props.
TL-38210 Added a large variant to inputs
TL-38438 Added lint warning for $str / getString usages that cannot be
automatically replaced
TL-38470 Added a new "drawer" style modal
Recommendations engine:
TL-37444 Upgraded the requests library to version 2.26.0
Also available in 17.8 and later releases.
Library updates:
TL-35875 Upgraded the library Video.js to version 7.21.1
Fixes CVE-2022-39353
Also available in 17.4 and later releases.
TL-37326 Updated the nyholm/psr7 library to version 1.6.1
Fixes CVE-2023-29197
Also available in 17.7 and later releases.
TL-37450 Updated the tcpdf library to version 6.6.2
With this change the ability to generate a QR code via the pdf library is now
possible, by calling pdf::qr.
TL-37451 Added the Constant Time Encoding library
The Constant Time Encoding library has been included and the base32
encode/decode functions are now available.
Contributions:
* James Tombs at Think Learning - TL-36597
* Michael Trio at Kineo USA - TL-34242
