This release sits in between two other way bigger releases, so this one will be short. Given that most installations won’t be updated because of this special time of the year 🎅 that shouldn’t be a big deal! Let’s see what we have to share.

Jira import is able to import Jira Server

When we released the first versions of the Jira Issue Type importer and later on the Jira Project importer, we built everything on top of Jira REST APIs. We soon discovered that Jira Server (the On Premise version), APIs were not compatible. Worse, depending on the version, the behavior of the route may vary significantly. It took a bit of time to set up the right testing infrastructure and to find testers, but we managed to make the Jira Integration compatible with both Jira Cloud and Jira Server.

Bugs and Requests

There were 48 bugs fixed and requests implemented during the 13.3 release cycle. Bugs and security fixes were already back-ported on Tuleap Enterprise builds. You will find below a selection of the most notable fixes.


  • SQL injection via the user settings of the CVS commits browser (CVE-2021-43806, CVSS Score 8.8, High)
  • Indirect LDAP injection via the ldap_id attribute of a user when checking if it exists (CVE-2021-43782, CVSS Score 6.7, Medium)
  • Indirect LDAP injection via the ldap_id attribute of a user (CVE-2021-41276, CVSS Score 6.7, Medium)





Project administration

Site administration

Receive once a month the latest Tuleap updates