Release n°2 of the month for even more news: brand new Pull Request overview, configurable Roadmap widget, Roadmap flexible tooltips… and more. See what’s up in Tuleap 14.9 hereunder. ⤵️

Brand new pull request overview

Pull request overview got a deserved refresh. Actually more than a refresh, it’s a complete overhaul.

Old overview of pull request
Old overview of pull request
New overview of Pull Request
New overview of pull request

The two images should speak for themselves. The most noticeable change for regular users is in the way « Description » is handled.

Previously it was a dedicated section on the left hand side. Now, it’s presented as a comment. People that are GitHub or GitLab users should not be surprised as it’s now a common pattern in those tools.

Under the hood, there are two main changes that matters. First of all, it’s one less AngularJS app to maintain. And in addition to that, we had the need for a GUI component to manage labels. That will also power the future creation of new Artifact Links and much more.

Configurable Roadmap widget

Roadmap is a convenient way to display informations over the time. It’s very visual and gives a good overview of when things will be done. Managers love them.

Team members tend to care less about the Big Plan. They are focused on deliveries and day to day tasks. They prefer task/story oriented representation like Kanban.

It’s actually quite powerful to have both representations (Roadmap and Kanban) on the same dashboard. Management and Team members have less risk to diverge as they are looking on the same data, on the same place, using their representation of choice.

A global dashboard that present roadmap and kanban view of the project.
A global dashboard that present roadmap and kanban view of the project.

But when project grow, it’s no longer possible to have everything on the same dashboard. There is just too much information. We want to filter the information.

Let’s imagine you have central repository of Epics shared by the whole organisation and a criteria to affect Epics to different teams. It’s possible to get filtered view of almost everything affected to a given team thanks to the powerful Tuleap Tracker Reports.

The problem in the previous sentence is almost. It was not possible to apply those filters to Roadmap widget. This been solved in Tuleap 14.9.

It’s now possible to configure dashboards with Roadmap that displays information associated to a specific Tracker Report. In the screenshot below you will see the same data as in the previous example but tailored to each team.

Team rabbit specific dashboard
Team rabbit specific dashboard
Team turtle specific dashboard
Team turtle specific dashboard

Roadmap flexible Tooltips

You thought you were done with Roadmap for this release ? Hold on a second !

In the previous Tuleap release, we have rolled out a new implementation of Artifact Tooltips that display curated informations from semantics. This behavior (currated informations) was experimented on Roadmap first and proved to be useful.

And you know what is also very useful in Tooltips but that was not present on Roadmap yet? The customizable fields! With customizable fields, tracker administrator can add relevant, tracker specific, informations to be displayed when an artifact is hovered.

Tooltip on Roadmap with custom fields
Tooltip on Roadmap with custom fields

We now have a consistent rendering of Artifact Tooltips across the platform with best of both worlds.

Jira 9 support

Jira Server 9 came with removal of a REST end point we were relying on for migrations. We have made the necessary modification to support the new end points so we now have migration means that proved to work from Jira Server and Data Center from v 7.5 to 9.8. It works with Jira Cloud as well.

Removal of ProFTPD plugin

We continue the clean-up of the features that are no longer used. In this release, the protfpd plugin is removed.

Bugs and requests

There were 49 bugs fixed and requests implemented during the 14.9 release cycle. Bugs and security fixes were already back-ported on Tuleap Enterprise builds. You will find below a detailed list of fixes. The most notable ones are in bold.


  • #31920 6.4.1 -> 6.4.2 (Tuleap Realtime) – CVE-2023-31125 – Medium
  • #31961 4.2.2 -> 4.2.3 – Medium
  • #31929 XSS via the triggered job URL of a Jenkins job – CVE-2023-32072 – Medium
  • #31596 git: 2.40.0 -> 2.40.1 – CVE-2023-25652, CVE-2023-25815 and CVE-2023-29007 – Low
  • #31592 Wasmtime: 7.0.0 -> 8.0.1 – Low
  • #31910 Bump xlsx 0.18.5 -> 0.19.3 – Low
  • #31926 xlsx dependency should not be pulled from an uncontrolled server


  • #31953 Marking an artifact as recently visited can be slow
  • #31957 `/api/git/{id}/branches` is slow
  • #31941 Aggregate query is always run (tracker reports)
  • #31598 (Multi)SelectBox field bound to large list of users (5k+) performance issue
  • #31930 Collect slow pages


  • #31938 Artifact comment duplicated to Parent (modal)
  • #31913 Create a new parent option is no more taken into account
  • #31912 Shared field lists all trackers even deleted ones
  • #31911 Fix typo in french translation in status semantic
  • #31908 Long field name are displayed outside of button in administration

Document Generation

  • #31937 Docx tests export does not use the expected test version


  • #31915 Git does not respect HTTP proxy settings
  • #31923 Broken link when more than 10 Jenkins jobs are triggered by one Jenkins hook


  • #31936 Uploading a webp image in MW triggers an error
  • #31935 Pane title to migrate MW instance to MW Standalone is not internationalized

Import from Jira

  • #31918 jira imported user fields must be bound to project members


  • #31595 API Explorer can display the wrong type in Example Value

Site administration

  • #31954 HTTP responses with a status code different than 407 should not be marked as SSRF filtered
  • #31940 Siteadmin warning about SSRF is missing a word in French
  • #31943 Enhance non unique LDAP uids warning message
  • #31922 Deployment of Gitolite hooks might timeout
  • #31593 Fatal error when trying to auth with a non existing OIDC provider

Receive once a month the latest Tuleap updates