You may now set locks on files stored on git-lfs, discover how to use it in official documentation.

Git LFS epic is now closed as Tuleap implements all git-lfs APIs.

Related requests:

  • request #12818 Add metrics about Git LFS usage
  • request #12720 GIT lfs should compute the overall size in real time
  • request #12581 Git LFS error responses might be returned in a format that does not respect the specification


You can upgrade safely to gerrit 2.16, we verified all APIs interaction between Tuleap and Gerrit. Please note that administrators should change authentication mechanism used on gerrit from Digest to Basic auth (and do the same on Tuleap). The Digest authentication support will be removed soon from Tuleap and is no longer available on recent gerrit releases.

New document manager – 1st preview (Tuleap Enterprise)

After a couple of months of work behind the scenes, this is the first testable release of the new Document Manager UI \o/.

$> yum install tuleap-plugin-document

Be careful, it’s far from being complete and still under heavy development so it should really be enabled only for advanced users that understand the current state of things. Site admins can decide to activate the plugin only on some projects to gather feedback. Then, each user can decide to switch back and forth between new and old interface at will.

Switch to new interfaces

So what’s possible with new interface at the moment? It’s possible to browse the documentation tree, go to links and download files but the most interesting part is the drag’n drop support from your local computer into the browser. Not only you can drag’n drop several files at once but you will see nice progress bars showing you how things are being uploaded.

Files being uploaded

As we are leveraging on tus.io for handling uploads, we can give full controls on what’s being uploaded. For instance, you can see all uploads in progress and cancel those that were made by mistake.

Files being uploaded, modale

You can also create folders and documents with a dedicated modal. Please note that embedded files doesn’t have the WYSIWYG editor yet. You can write down your own HTML by hand if you’re willing to though.

Document creation modale


With recent browsers like Firefox 63+ or Chrome 61+, logout from Tuleap will tell browser to clean as much as possible data stored locally like cache, cookies, local storage. Better for privacy and makes things harder for some classes of attacks.

  • request #12845 Help password managers to fill and save correct information

Add hints on sign-in, sign-up and various change forms so password managers can better do their jobs.


  • request #12829 Activate "serialized" hooks by default on new install

Tuleap has a very powerful plugin system but the way events and plugins are managed were not really efficient (more or less all plugins were loaded on all pages even if not used).

Serialized hooks were introduced back in Tuleap 10.7 to address that point but Tuleap code was not really ready to catch-up with this new way of doing. After almost 3 months of intense debugging on developers platforms and on Enalean infra, all new deployments can benefit of the performance improvement.

Existing platforms are not yet migrated automatically but sys admin can decide to switch with following command:

$> tuleap config-set plugin_hooks_cache_type serialized

This request is still on going but 10.10 already benefit of this work and a nice 15% performance boost can be observed on pages were the bottleneck is not on the database. This boost comes from the cache of the "frontrouter" routes.


  • request #12804 Jenkins webhook: ‘sha1’ params is empty, builds might not be accurate

WARNING: significant change in Jenkins webhook. Starting 10.10, sha1 of the commit is systematically sent to Jenkins when a push is made in Tuleap. This have 2 major advantages:

  • All commits are built
  • Build start faster as there is no polling of the repository anymore

If your jenkins job relied on polling you will need to adapt your jobs to the new way of doing (and you should question the relevancy of doing that anyway).

Tracker workflow

  • request #12775 Workflow post actions are executed even on disabled workflow

During preliminary work for new Workflow post-action prevent field modification according to state, we spotted a nasty bug that was present since Workflow inception: Post actions and pre-conditions set on transitions are applied even if the workflow is disabled.

While we fixed that behaviour for all new trackers & workflows, we decided that it was too dangerous to modify that unilaterally for all existing trackers (after all it’s never been reported as a bug in more than 8 years…). So for trackers that are affected by that bug, there is now a warning message in workflow administration to inform tracker admin about that and they can decided how they want to fix that:

  • either post actions were needed and they have to re-enable (and maybe re-configure transitions)
  • or post actions were wrongly applied and they just need to disable it entirely

Under development: Tracker workflow admin

  • story #12187 configure workflow pre & post actions at target state level

Progress has been made on new modal for post actions but unfortunately it was not possible to complete the work in time for the release. Stay tuned for 10.11.


New libs and version bump

Releases stats

  • 742 files changed, 30197 insertions(+), 26741 deletions(-)
  • They made the release (number of commits, author, company)
    • 144 Nicolas Terray, Enalean
    • 110 Thomas Gerbet, Enalean
    • 102 Marie Ange Garnier, Enalean
    • 99 Yannis ROSSETTO, Enalean
    • 72 Joris Masson, Enalean
    • 44 Jibidus, Sogilis
    • 34 Thomas Gorka, Enalean
    • 33 Manuel VACELET, Enalean
    • 13 Clarck Robinson, Enalean
    • 12 Martin Goyot, Enalean
    • 2 Benjamin Dauton, Enalean
    • 1 Sandra Echinard, Enalean
    • 1 lorentzr, Enalean
    • 1 Mohamed Hajji, STMicroelectronics

Validation scores

Tuleap 10.10 results

Bug fix


  • request #12830 A XSS can be triggered via the project name when displaying the document pending deletion in the site administration

Document manager


  • request #12874 tracker structure export does not allow "+" character for strings
  • request #12803 Tracker field permissions page not refreshed after form submission
  • request #12292 Reminder mails of non accessible trackers are still sent
  • request #12558 Timezones issue with burndown and burnup graphs


  • request #12795 Can’t download file in Git view
  • request #12760 Ensure the deployed Git post receive hook is up to date on "old" instances
  • request #12719 Missing something to rebuild the whole gitolite config

File release system


  • request #12837 Jenkins build history widget generates warnings in PHP 7
  • request #12836 Collected requests status code can be incorrect for requests handled by the "FrontRouter"
  • request #12828 Default wiki page names must be escaped before being used in a SQL query
  • request #12814 Stopping the monitoring of a forum from the "Monitored forums" widget does not work
  • request #12777 Fatal error in Mediawiki fullscreen edition
  • request #12776 Collect extended error informations when a LDAP bind fails
  • request #12727 Tuleap Realtime server should be available on RHEL/CentOS 7
  • request #12681 Delete an already deleted group leads to error 500