Tuleap 11.1 May 2019

Enhancements

Project administration

• story #12554 have private projects without restricted members
• story #13237 Prevent restricted to be added to private projects

It’s been a long time without a new permission in Tuleap. No more!

We are pleased (and a bit scared) to announce a new visibility option at project level: Private Without Restricted users.

A Restricted User is a special flag set on users to indicate they are not "us". Most of the time it’s used to distinguish Sub-contractor from regular employees. It’s useful to create high level rules like "Everybody but Sub-contractors can see this".

2 years ago we introduced "Public including Restricted" project access level for projects that were holding mostly Public information. Now it’s private projects that can be a inch more paranoid by preventing any administrator to add a Restricted. Of course, it also take into account users’ profiles updates. When a Regular users become Restricted, they no longer have access to those resources.

For long time users, there is a change to take into account in labels. Until now we had 3 levels of visibility for projects (from the most open to the most closed):

• public incl. restricted
• public
• private

As it felt awkward to add "private w/o restricted" to this list, we decided to change that to:

• public incl. restricted
• public
• private incl. restricted (previously private)
• private (new level introduced)

That means that project that were labeled "Private" are now labeled "Private incl. restricted" but nothing else change. What users will mostly see as change is the icon next to their project’s name:

Project creation screen has been updated to allow to choose this configuration at the beginning of the process:

Fixed bugs & requests:

• request #13343 Project admin > Permissions per group > See all news broken

Documents – Under development (Tuleap Enterprise)

• story #11841 See approval table status and lock information in the tree view
• story #13217 Display embedded content

Document plugin maturation continues with display of approval table and lock information in tree view. Embedded documents are now rendered in the new interface as well

Fixed bugs & requests:

• request #13310 Docman link update is broken on legacy UI
• request #13261 SOAP endpoint updateDocmanFile incorrectly redirect to the login page when updating the permissions
• request #13133 A REST API user can not download a document manager file
• request #13349 Switching from the current docman UI to the new document UI generates a PHP notice
• request #13348 User preference for the new Document UI is not correctly saved in the DB
• request #13352 Expand/collapse of a folder in the new document UI works partially

Development

Backend

• request #13292 Integrate vimeo/psalm to the test pipeline
• request #13291 Have a dev environnement running PHP 7.3
• request #13236 Remove deprecated \Http_Client class
• request #13227 Convert git plugin to gettext

Frontend

• request #13278 Remove direct usage of the v-html directive in Vue apps
• request #13229 Cypress should record video for failed tests
• request #13228 Upgrade dev dependencies April 2019 edition

Releases stats

• 1051 files changed, 26490 insertions(+), 9388 deletions(-)
• They made the release (number of commits, author, company)
  • 117 Thomas Gerbet (Enalean)
  • 84 Joris Masson (Enalean)
  • 79 Marie Ange Garnier (Enalean)
  • 41 Thomas Gorka (Enalean)
  • 29 Nicolas Terray (Enalean)
  • 22 Manuel VACELET (Enalean)
  • 17 Clarck Robinson (Enalean)
  • 9 Yannis ROSSETTO (Enalean)
  • 5 lorentzr (Enalean)
  • 4 Martin Goyot (Enalean)
  • 2 Benjamin Dauton (Enalean)

Validation scores

Bug fix

Security

• request #13241 Arbitrary file write when uploading a file chunk through the SOAP endpoint addFileChunk
• request #13244 Reflected XSS via the pattern search parameter of the admin delegation widget
• request #13196 Try to not expose DB credentials in case of a connection issue

Global

• request #13321 Download of large attachment/file should be resumable

Tracker

• request #13308 Gantt progress field should be more resilient to lack of field value
• request #13270 The assigned to me flag in notification subject does not work when the user is also part of a ugroup in a global notification
• request #13249 Fix date format in table renderer
• request #13223 Extend the tracker color palette with the new tlp colors
• request #13174 Burndown field must not be part of CSV export
• request #11513 Warning when we try to remove a graph

Agile Dashboard

• request #13290 Update of artifact from agile dashboard generates a wrong redirect
• request #13263 Duplicate a project with a kanban widget throws error
• request #13257 Add year on cumulative flowchart ticks

Git

• request #13306 gerrit 2.14+ delete-project plugin

Installation & update

• request #13341 Missing daily and plugin jobs on CentOS/RHEL7

UX/UI

• request #13265 Warning has 2 icons in site administration > change user password
• request #13203 Warning displayed when disconnected from the realtime has 2 icons
• request #13242 Add extended gavel icons

Test Management (Tuleap Enterprise)

• request #13339 The green non-condensed mode is used when the user has selected the green condensed mode
• request #13313 Unable to disable TTM in default site template
• request #13309 Fatal error in TTM administration when no configuration set
• request #13202 TestManagement REST API should check user access more thoroughly

LDAP

• request #13256 The bind to the LDAP directory should not be kept after having authenticated a user

Site administration

• request #13220 Pending deleted doc has an incorrect margin
• request #13186 "next/previous" offset links in admin delegation wigdet lack dashboard ID parameter

OpenID Connect Client

• request #13215 Fix mismatch substitution strings in OIDC

Tuleap Vault Plugin

• request #13214 Ensure the Tuleap Vault plugin build and is tested against Vault 1.1.0
• request #13212 Build the Tuleap Vault plugin with Go 1.12