See what the R&D team has in store for you this month: seamless artifact linking in modal, Enterprise Linux 9 installation, automate scanning for known vulnerabilities in Tuleap dependencies… and more to discover about Tuleap 14.7 in the release note here below.


Seamless artifact linking in modal

Linking artifact together is one of the most powerful feature of Tuleap. It’s also one of the most complex to comprehend. At least, until now 🙂

Select the type of the link when linking artifacts together
Select the type of the link when linking artifacts together

It’s now possible to seamlessly change the type of the links and, more importantly: you no longer have to know in which sense a link has to be done.

The wording has also changed to formulate link types from the point of view of the current artifact. This makes an heavy use of the forward and reverse labels link-type labels.

All link types are available and users no longer have to care about forward and reverse links
All link types are available and users no longer have to care about forward and reverse links

We are not finished with artifact links yet, the next step will be the creation of new artifact right here, in the modal. So stay tuned!

Enterprise Linux 9

Tuleap can now be installed on Enterprise Linux 9. That covers Red Hat Enterprise Linux 9 as well as the rebuild like RockyLinux or AlmaLinux. Please note that CentOS is only supported in it’s v7 flavor, CentOS Stream (the new CentOS) is not supported.

From the Tuleap users point of view, there is not much change to expect with the underlying OS change. The only visible impact is that CVS and Mailing List services are not available for installation on Enterprise Linux 9 (and they will be removed from Enterprise Linux 7 version as well).

The migration path from Enterprise Linux 7 users is not done yet, so it only covers new installations at this time. The migration will be ready later this year (RHEL7 & co are still supported until 2024).

Automate scanning for known vulnerabilities in Tuleap dependencies

Nowadays all software heavily depend on a bunch of third party dependencies (npm, composer, cargo, etc). Those dependencies have their own vulnerabilities that might have an impact on the delivered software. Keeping an eye on all dependencies in all languages requires a tremendous amount of work. Fortunately, Google unveiled last December a tool to assist teams in their work: OSV Scanner. We run this tool on a daily basis, on Tuleap code base, to overwatch on our behalf. This will allow to improve the overall security of the tool regarding third party dependencies.

Goodbye Subversion Core

Subversion Core was supposed to be removed one year ago. It’s now gone for good. For the project that still had the service, it has been force-removed and can no longer be accessed. For those who wait for the deadline to do their homework, there’s still the possibility to import the SVN core repository in SVN plugin, in the plugin administration and with CLI for system administrators.

Bugs and requests

There were 67 bugs fixed and requests implemented during the 14.7 release cycle. Bugs and security fixes were already back-ported on Tuleap Enterprise builds. You will find below a detailed list of fixes. The most notable ones are in bold.

Tracker

  • #31164 First toggle of invert comment in is invalid
  • #30398 Follow-up comments in modal sort is incorrect
  • #31155 Cannot set permissions back to « have access to all artifacts » to registered_users
  • #31125 Burnup is not well calculated when there are multiple backlog trackers
  • #31110 Artifact view shows invalid working day
  • #31114 Open lists values are not well imported at artifact XML import
  • #31158 Do not let browser heuristics decide which REST calls should be cached

Cross tracker search

  • #31134 Increment nb trackers limit in cross tracker widget

Program management

  • #31161 Synchronizing a new team duplicates iterations in existing teams

Git

  • #31101 Drop gitolite2 wrapper and gitshell installer
  • #31185 Drop unusable GrokMirror feature

Subversion

  • #31106 System check must verify and redeploy missing SVN hooks

Import from Jira

  • #31120 Jira Labels field must be imported as an open list
  • #31136 Jira board by ID does not retrieve board project
  • #31132 ignore already exported artifacts
  • #31112 Tuleap must be able to import huge XML files

Dashboards

  • #31135 Every users should be able to minimize a widget

Platform administration

  • #31137 Ease configuration of available theme variants

Receive once a month the latest Tuleap updates