On the menu this month: Jira Import made easy and Tuleap Trackers brand new features.
Enhancements
Import from Jira Software to Tuleap
As crazy as it sounds, there are still people that don’t know about Tuleap… But rest assured, as you can guess, as soon as they hear about us, they automatically want to ditch the tools they are using. That’s why we figured, why not help them make the switch easily?
Tuleap already had CSV import, REST API and XML import format to do that; but, as we know how lazy you can get (no judgment here, we’re the same), and considering there are often lots of people coming from one source, it’s more sensible to share this effort and offer one common import tool. Therefore, with Tuleap 11.17, the effort was made on Jira Software.
This new feature is now available in Tuleap Tracker creation, as long as the asynchronous message processing feature is activated on your platform. It’s actually no different from a regular Tracker creation, except you will be asked for your Jira Software account name and an API key. Moreover, we recommend it to be done by an admin, otherwise, you will only import what you are allowed to see.
After selecting the Jira project and the type of issues you want to import, a background job will query the Jira instance to retrieve the content and re-create the equivalent Tuleap Tracker structure.
We tried to be as comprehensive as possible in what we import but if there is some key information we missed, feel free to request for improvement.
Trackers: set a color… or none!
In Trackers, it was already possible to set a color on any value of a select box type of field. However, until 11.17 the system « None » value that represents « no value set » was not configurable. And because it can be really useful, when you want to be in control of how graphs are rendered, for instance, we made it possible. You can now either decide to pick a color or choose a « None » value (see below).
Say it with emojis 🎆 🦄
As we say, a picture paints a thousand words… So, we’re happy to announce all Tuleap 11.17 instances now support emojis out of the box in all places (trackers, etc) 🥳
Nevertheless, as it requires a specific configuration of the database charset management, this is not something we can retrofit automatically on existing installations. So, all the administrators that are willing to perform a full dump/restore of their database can have a look at the procedure described in the corresponding commit.
Bugs and requests
Security
As part of our proactive security handling, we started to work on taint analysis thanks to Psalm library. The goal is to be able to identify automatically places where data goes directly from an un-trusted source (end-user input) to a supposedly safe place (database, etc) without modifications. Psalm’s ability to assist us in taint analysis is quite new (released mid-june), but even if the work is only at the very beginning, it has already a large impact on the codebase, as we have to make it « understandable » by the tool. For instance, we had to change the way site-wide settings were used all over the codebase. More information about it coming up in the next releases.
- request #15070 SQL injection via the selector of previous SVN access file versions
- request #15028 The update of the CI job targeted by a widget is vulnerable to blind SQL injections
- request #15131 SQL injection in the planning edition panel
- request #15065 Changing password should revoke all OAuth2 tokens
- request #15060 Ban usage of non crypto secure/user-space RNG
- request #15041 Addition/Edition/Removal of a reference pattern is vulnerable to CSRF
- request #15038 Reflected XSS on the edition page of a reference pattern
- request #15037 Reflected XSS on the page displaying the permissions of users for legacy services
Trackers & Agile Dashboard
- request #15045 Drag and Drop and default values not working for open lists
- request #15134 Selectbox value validity are not check when the option change automatically
- request #15130 List values are hidden when transition rules are enabled on this value
- request #15114 Size of multiselectbox doesn’t adapt for long content
- request #15106 Legacy browsers complain about leaving the page when submitting a follow up
- request #15083 Typo in the cards semantics description when no field is chosen
- request #14992 Planning view: drag and drop error
- request #15137 Project Milestones is not displayed under Edge
- request #15126 Crash when creating or updating a Project Milestones widget without a project
- request #15132 Crash when accessing the panel of a non-existent/deleted planning
- request #15086 Stop « Add child » button from moving the row
Test management
- request #15022 Campaign is broken if execution status is set to none
- request #16123 Wrong translation in Testmanagement
Git, Pull Requests & Gerrit
- request #15112 Cannot review files with « special » characters in their paths from the web UI
- request #15042 Cannot add a new Git mirror
- request #15019 Syntax highlight Dockerfile file in Git repositories
- request #15075 Use specific version of git in command
- request #15082 FastForward not detected when checking mergeability
- request #15081 Pull request notifications are never sent when a Redis instance is available but there are no async workers
- request #15077 Pull Request processing fails on huge Git merge
- request #15010 SSH keys must be sent to Gerrit without any kind of escaping
- request #14998 Markdown tables are no more rendered in the git browser
- request #14991 Users might be able to push an LFS object to a repository migrated to Gerrit
- request #15069 Git LFS batch response endpoint should not return an error 500 for a permission denied
Infrastructure & platform administration
- request #15116 Remove the Tuleap tours
- request #15098 Remove reference to sales in Tuleap templates
- request #15115 tuleap-svn-updater service crashes when receiving a message
- request #15074 Artifact deletions are never processed when a Redis instance is available but there are no async workers
- request #15071 Async workers crash every minute when waiting on a message
- request #15078 Icon of a project service cannot be changed
- request #15062 Re-activating a deleted project should not be possible
- request #15055 Discourage administrators to edit nginx configuration files managed by Tuleap
- request #15027 Group autocomplete for ldap does not work when sys_ldap_grp_cn is different than sys_ldap_cn
- request #14963 tuleap-git-plugin does not install on RHEL7
- request #15099 Mediawiki Math extension does not work on CentOS/RHEL7
- request #15127 Remove the migration panel to the Tuleap SSH key management in the siteadministration
Misc
- request #15123 Document clipboard change should not be propagated cross-projects
- request #15047 « SVN core » repositories cannot extract references or trigger Jenkins builds
- request #15046 Missing dependency to run post-commit hook of the « SVN core » repositories