New year is just around the corner, can you feel the magic in the air? ✨ For the last release note of 2023, our R&D team has dropped some nice gifts for you, under the Christmas tree 🎄. Discover them all, hereunder.
Update Pull Request comments
Sometimes developers make typos in their code review comments as well. Sometimes a comment is written in a hurry and would benefit from a rewording to make it more helpful. Sometimes one forgot to add an emoji in a code related thing 😨🫨. There is a case for edition of pull request comments.
When a comment is modified, an email is sent to author & reviewers.
Calendar events in artifacts
Artifacts can carry information about time span (duration in days or in hours). This can be useful to define a period of time (like a release or an iteration). It can also be used to describe an intended event like a scheduled maintenance. In the latter case, this is the kind of information that can be convenient in your calendar.
That’s precisely the kind of scenario that are now supported in all trackers that have a Title and Timeframe semantic (more or less). Then email notifications associated to the mail carry the calendar event that can be added in your calendar directly from your email agent.
The option is disabled by default right now and can be enabled on a per-tracker basis in Notification panel.
Sidebar can be collapsed again
It came a bit as a surprise to us but there are a couples of usage of the collapsed sidebar. It’s mainly a combination of « a lot of things to display » and « rather small screen » (think laptop). As it’s not really carbon effective to send new laptops with bigger screens to impacted people, we decided to bring back the collapsed sidebar.
As you can see something changed in between: the services are no longer displayed. The main motivation to remove the possibility to collapse the sidebar was that new stuff being added (Kanban, Trackers and soon Milestones) would not have distinctive icons. Without icons, impossible to know on what you are going to click, that’s not very user friendly. Granted that promoted elements are important for the navigation we decided that collapsed sidebar would be without services, hence when users want to navigate they expand and see everything.
MediaWiki 1.39
MediaWiki Standalone got an update to the latest LTS version of MediaWiki. Most of the improvement are not visible directly to the end users (see the official release note). It’s important however because it allows to remove usage of no longer supported version of PHP.
The upgrade is done automatically for all projects that already uses MediaWiki Standalone at Tuleap upgrade time.
Tuleap hardening, debut of Passkeys (Tuleap Enterprise)
Passkeys are the new hot technology in the authentication area that promise to eventually get rid of passwords (and all threats related to them). We are not yet there in Tuleap (mainly because it’s a bit tougher than expected to do it securely) but we can start playing. Beside authentication, another use case for the Passkeys is to harden verification on sensitive actions.
Before doing so, one will need to register its keys in user preferences:
Then, when doing a sensitive action, you will be prompted to use the Passkey. For instance, when adding a new SSH key:
The following actions are covered with Passkey verification:
- Adding a new SSH key
- Adding a new Access Key
Bugs and requests
There were 26 bugs fixed and requests implemented during the 15.3 release cycle. Bugs and security fixes were already back-ported on Tuleap Enterprise builds. You will find below a detailed list of fixes. The most notable ones are in bold.
Security
- #35143 XSS on the edition page of a release – CVE-2023-48715 – Severity: Medium (CVSSv3.1 score: 5.4)
- #35160 Smokescreen update – GO-2023-1988 and GO-2023-2102
Tracker
- #35142 Create artifact from a link field modal is broken
Git / Pull Requests
ONLYOFFICE
- #35057 Links in ONLYOFFICE document do not work
MediaWiki Standalone
- #35154 Project export error with mediawiki standalone
Full text search
- #35141 Meilisearch: 1.3.2 -> 1.5.0
System
- #35106 Reply by mail feature should not be blocked when an email relayhost is used
- #35156 Drop old unix_pw column in the user table
- #35136 Some forgeupgrades cannot be run on MySQL 8.0
- #35113 Gather harware information when collecting data with `tuleap collect-system-data`