Enhancements
Agile Dashboard / Scrum goes Burning Parrot
- story #11096: Style Overview tab
- story #11095: Style Planning with BurningParrot
- story #10759: create a parent in planning view
Big step forward in the Tuleap UX with the upgrade of "Overview" and "Planning" views to Burning Parrot.
On Overview, both graphs are now rendered with D3js so they get the same look and feel.
In addition to a fresher look, homogeneous with dashboards and project administration, we made a lot of small usability changes to make your life easier: direct access to parent from cards, more consistent cards between expanded / condensed views, milestone info "scrolls" when content is huge.
It’s also possible to create backlog parents (eg. epics for user stories) directly from the backlog planning view
Project administration
- story #10064: Display permissions per group
- story #10913: Services management use Burning Parrot
Tuleap has a very large number of permissions and they goes very fine grained. Until now it was a bit tedious to see exact permissions that were set to each groups. With 9.18, you now get a single screen with all permissions granted across your project.
Trackers
- story #10325: search in artifact comments from classic view
The feature was already there for TQL users since a couple of months. It’s now accessible in classic search as well.
Cross tracker search (Tuleap Enterprise only)
- story #10702: define a query with status semantic
- story #10704: define a query with date fields
3 new pseudo-fields are now accessible in Cross tracker search TQL: @status
, @last_update_date
and @submitted_on
.
It means that you can for instance gather all the open tickets in all your support trackers of your platform that got
an update last week with a query like @status = OPEN() AND @last_update_date >= NOW() - 1w
Development
PHP 5.6 is there, it’s now time to think to PHP 7. While the switch to PHP 5.6 was mostly an architecture change due to the introduction of nginx & fpm PHP7 will require mostly work on internal to get rid of a bunch of legacy and deprecation.
We already have a Continous Integration job that help us to identify
were are the incompatibilities. But there are 2 big underlying changes we need to start with. First, change our database
access layer (ext_mysql
being removed from PHP7). This will be done via and upgrade to PDO and EasyDB.
Then, work around our unit test framework (SimpleTest) limitation with PHP7. Our current version is not compatible and the
latest versions of the framework that are compatible broke Mock
usage. While we are working to get rid of this
dependency all new unit tests must be written with phpunit
- request #11066: Introduce usage of prepared statements to query the SQL database
- request #11159: Introduce phpunit to run tests
Releases stats
- 1089 files changed, 59329 insertions(+), 21802 deletions(-)
- They made the release (number of commits, author, company)
- 145 Nicolas Terray (Enalean)
- 127 Marie Ange Garnier (Enalean)
- 125 Thomas Gerbet (Enalean)
- 106 Joris Masson (Enalean)
- 102 Yannis ROSSETTO (Enalean)
- 49 Manuel VACELET (Enalean)
- 25 Thomas Gorka (Enalean)
- 8 Matthieu Monnier (Enalean)
- 4 Benjamin Dauton (Enalean)
- 1 Thomas Cottier (Enalean)
Validation scores
Bug fix
Security
- request #11192: Filters set in tracker reports are vulnerable to SQL injections
- request #11217: Account takeover due to a missing CSRF protection on email address change functionnality
- request #11061: XSS through wiki attachment
- request #11136: Open redirect vulnerability on /my/redirect.php
- request #11171: Downloading a file of the FRS from the webdav web browser plugin can lead to XSS
- request #10521: Improper handling of group related permissions in tracker report
- request #10979: Implement Same-Site cookie and cookie prefixes protections
Installation & system administration
- request #10782: Disable usage of unix users and groups (not enabled by default)
- request #11067: Captcha configuration is not accessible with nginx
- request #11115: Include tuleap username in request headers
- request #11116: Remove codendi path for rhel7 support
- request #11131: nginx should try to redirect the user to the Tuleap virtualhost if needed
- request #11168: nginx timeout for reading a response from PHP-FPM should be aligned with the code expectations
Site admin
- request #11048: Missing user status values in user details page
- request #11174: Duplicated dynamic ugroups for legacy default template 100
- request #11193: Resending activation emails does not work when users also need to be approved by a site administrator
Email management (cross service)
- request #11084: Email deduplication doesn’t take empty emails into account
- request #11112: Characters outside the ASCII range are not well interpreted in mail notifications by some clients
- request #11127: SVN plugin notifications should not be sent as the user doing the action
- request #11155: Notifications should not be sent as the user doing the action
Site home page
- request #11099: Welcome message on homepage should use the name of the instance
- request #11119: Style links on homepage
Performances
- request #11177: Slow SQL queries due to a missing primary key on the ugroup_user table
Tracker
- request #11089: Selectbox Static Values Empty Name Defect
- request #11103: Move "Done" semantic close to "Status"
- request #11114: Artifact CSV import does not properly deal with typed artifact link entries
- request #11118: Required selectbox field not open in edit mode when value is no more valid
- request #11121: Tracker’s "Manage Semantic" fields editing broken
- request #11132: Open List field causes a javascript error in artifact modal
- request #11158: Computed field value might not be visible in the tracker artifact view
Kanban
- request #10797: Kanban page title should be the name of the Kanban
- request #11063: kanban should be part of xml import
Planning
- request #11069: Date picker is always in french
SVN plugin
- request #11129: Fatal error when modifying svn global admin permissions
- request #11200: Adapt SVN timeouts to deal with large commits
Git
- request #11130: Broken regexes in Git fine grained permissions can block any Git administrative operations
Pull requests
- request #11107: Hiding closed pull requests does nothing
Continuous integration
- request #11175: Remove iframe in continuous integration
Dashboards
- request #11059: Rename default user Dashboard to "My Dashboard"
- request #11076: Project dashboards should be part of xml import
REST
- request #10833: Issue with the "authenticated_users" user group.
- request #11110: API explorer is not anymore listed in /help/api.php
SOAP
- request #11070: Add SOAP automated tests
Document manager
- request #11113: Only writers can lock documents
- request #11138: Project administrator can be locked from document manager global administration service
- request #11183: Dates might not be displayed in the document manager when browsing it in French
Webdav
- request #11154: Files added to the FRS from the webdav interface are always empty
Phpwiki
- request #11166: Project administrators don’t always have global access for PHPWiki
Mediawiki
- request #11167: Allow to debug mediawiki per configuration
Project admin
- request #11169: Ugroups administration is not accessible when TV3 tracker admin group is present