All the good things are still cooking 👨‍🍳, see you next month!

Bugs and requests

During the 16.5 release cycle, 54 requests were implemented. Bugs and security fixes were already back-ported on Tuleap Enterprise builds. You will find below a detailed list of fixes. The most notable ones are in bold.

Security

  • #41849 Loss of tracker fields configuration when updating tracker report criterion – CVE-2025-27094 – 5.4 Moderate
  • #41870 Redis password is dumped into the generated troubleshooting archives – CVE-2025-27150 – 5.3 Moderate
  • #41858 XSS via the tracker names used in the semantic timeframe deletion message – CVE-2025-27099 – 4.8 Low
  • #41857 Missing CSRF protections on tracker fields administrative operations – CVE-2025-27402 – 4.6 Low
  • #41850 Deleting a report can delete criteria filters in other reports – CVE-2025-27401 – 4.3 Low

Trackers

  • #42178 tracker reminder can end in fatal error when notification is set over role
  • #41824 drop the –update from TrackerFromXmlImportCannotBeCreatedException
  • #41808 Tracker report search filter « In milestone » always reset to « Top backlog »
  • #41801 Tracker report: no longer possible to expand search date fields
  • #41807 fatal error can be thrown in tracker report
  • #41806 Errors are not shown when creating an artifact in the Links field of the modal

Backlog

  • #41811 Fatal error when we update tracker planning
  • #41851 Initial effort value should not be rounded to integer
  • #41814 Opening card in backlog might lead to a fatal error

Tuleap Functions

  • #41826 Set argv[0] when calling the Tuleap Functions
  • #41831 Panic when a Tuleap Function allocate more initial memory than allowed
  • #41828 Tuleap Function exiting with a 0 status code should not be considered in error

Mediawiki

  • #39753 Mediawiki migration fails

Gitlab connector

  • #41812 Gitlab synchronisation issue fail when at least arepository is disabled on gitlab

Baseline

  • #41473 Cannot display Baseline UI when using pt_BR or ko_KR locale

Project admin

  • #41866 Arrow on services opened in new tab is not displayed

System & site administration

  • #41447 Import Docman configuration variables in DB
  • #41446 Import ArchiveDeletedItems configuration variables in DB
  • #41448 Import Statistics configuration variables in DB
  • #41450 Import Webdav configuration variables in DB
  • #41861 Broken tuleap-meilisearch-server package
  • #41809 Send PHP FPM logs to the system logs instead of a specific file

Receive once a month the latest Tuleap updates

Register for our newsletter