Project administration

  • story #12554 have private projects without restricted members
  • story #13237 Prevent restricted to be added to private projects

It’s been a long time without a new permission in Tuleap. No more!

We are pleased (and a bit scared) to announce a new visibility option at project level: Private Without Restricted users.

A Restricted User is a special flag set on users to indicate they are not "us". Most of the time it’s used to distinguish Sub-contractor from regular employees. It’s useful to create high level rules like "Everybody but Sub-contractors can see this".

2 years ago we introduced "Public including Restricted" project access level for projects that were holding mostly Public information. Now it’s private projects that can be a inch more paranoid by preventing any administrator to add a Restricted. Of course, it also take into account users’ profiles updates. When a Regular users become Restricted, they no longer have access to those resources.

For long time users, there is a change to take into account in labels. Until now we had 3 levels of visibility for projects (from the most open to the most closed):

  • public incl. restricted
  • public
  • private

As it felt awkward to add "private w/o restricted" to this list, we decided to change that to:

  • public incl. restricted
  • public
  • private incl. restricted (previously private)
  • private (new level introduced)

That means that project that were labeled "Private" are now labeled "Private incl. restricted" but nothing else change. What users will mostly see as change is the icon next to their project’s name:

Icons for project visibility

Project creation screen has been updated to allow to choose this configuration at the beginning of the process:

Project creation screen with new option for Restricted

Fixed bugs & requests:

  • request #13343 Project admin > Permissions per group > See all news broken

Documents – Under development (Tuleap Enterprise)

Document plugin maturation continues with display of approval table and lock information in tree view. Embedded documents are now rendered in the new interface as well

Display of an embedded document in Document plugin

Display of approval table and locks in Tree view

Fixed bugs & requests:

  • request #13310 Docman link update is broken on legacy UI
  • request #13261 SOAP endpoint updateDocmanFile incorrectly redirect to the login page when updating the permissions
  • request #13133 A REST API user can not download a document manager file
  • request #13349 Switching from the current docman UI to the new document UI generates a PHP notice
  • request #13348 User preference for the new Document UI is not correctly saved in the DB
  • request #13352 Expand/collapse of a folder in the new document UI works partially




Releases stats

  • 1051 files changed, 26490 insertions(+), 9388 deletions(-)
  • They made the release (number of commits, author, company)
    • 117 Thomas Gerbet (Enalean)
    • 84 Joris Masson (Enalean)
    • 79 Marie Ange Garnier (Enalean)
    • 41 Thomas Gorka (Enalean)
    • 29 Nicolas Terray (Enalean)
    • 22 Manuel VACELET (Enalean)
    • 17 Clarck Robinson (Enalean)
    • 9 Yannis ROSSETTO (Enalean)
    • 5 lorentzr (Enalean)
    • 4 Martin Goyot (Enalean)
    • 2 Benjamin Dauton (Enalean)

Validation scores

Validation results 11.1

Bug fix


  • request #13241 Arbitrary file write when uploading a file chunk through the SOAP endpoint addFileChunk
  • request #13244 Reflected XSS via the pattern search parameter of the admin delegation widget
  • request #13196 Try to not expose DB credentials in case of a connection issue


  • request #13321 Download of large attachment/file should be resumable


  • request #13308 Gantt progress field should be more resilient to lack of field value
  • request #13270 The assigned to me flag in notification subject does not work when the user is also part of a ugroup in a global notification
  • request #13249 Fix date format in table renderer
  • request #13223 Extend the tracker color palette with the new tlp colors
  • request #13174 Burndown field must not be part of CSV export
  • request #11513 Warning when we try to remove a graph

Agile Dashboard


Installation & update


Test Management (Tuleap Enterprise)

  • request #13339 The green non-condensed mode is used when the user has selected the green condensed mode
  • request #13313 Unable to disable TTM in default site template
  • request #13309 Fatal error in TTM administration when no configuration set
  • request #13202 TestManagement REST API should check user access more thoroughly


  • request #13256 The bind to the LDAP directory should not be kept after having authenticated a user

Site administration

  • request #13220 Pending deleted doc has an incorrect margin
  • request #13186 "next/previous" offset links in admin delegation wigdet lack dashboard ID parameter

OpenID Connect Client

Tuleap Vault Plugin

  • request #13214 Ensure the Tuleap Vault plugin build and is tested against Vault 1.1.0
  • request #13212 Build the Tuleap Vault plugin with Go 1.12