Tuleap 9.18 • Tuleap

Enhancements

Agile Dashboard / Scrum goes Burning Parrot

Demo of new planning view

story #11096: Style Overview tab
story #11095: Style Planning with BurningParrot
story #10759: create a parent in planning view

Big step forward in the Tuleap UX with the upgrade of "Overview" and "Planning" views to Burning Parrot.

On Overview, both graphs are now rendered with D3js so they get the same look and feel.

Milestone overview with burning parrot

In addition to a fresher look, homogeneous with dashboards and project administration, we made a lot of small usability changes to make your life easier: direct access to parent from cards, more consistent cards between expanded / condensed views, milestone info "scrolls" when content is huge.

Milestone planning with burning parrot

It’s also possible to create backlog parents (eg. epics for user stories) directly from the backlog planning view

Add a parent in planning view

Project administration

story #10064: Display permissions per group
story #10913: Services management use Burning Parrot

Tuleap has a very large number of permissions and they goes very fine grained. Until now it was a bit tedious to see exact permissions that were set to each groups. With 9.18, you now get a single screen with all permissions granted across your project.

Display permissions per group in project admin

Trackers

story #10325: search in artifact comments from classic view

The feature was already there for TQL users since a couple of months. It’s now accessible in classic search as well.

Cross tracker search (Tuleap Enterprise only)

story #10702: define a query with status semantic
story #10704: define a query with date fields

3 new pseudo-fields are now accessible in Cross tracker search TQL: @status, @last_update_date and @submitted_on.

It means that you can for instance gather all the open tickets in all your support trackers of your platform that got an update last week with a query like @status = OPEN() AND @last_update_date >= NOW() - 1w

Development

PHP 5.6 is there, it’s now time to think to PHP 7. While the switch to PHP 5.6 was mostly an architecture change due to the introduction of nginx & fpm PHP7 will require mostly work on internal to get rid of a bunch of legacy and deprecation.

We already have a Continous Integration job that help us to identify were are the incompatibilities. But there are 2 big underlying changes we need to start with. First, change our database access layer (ext_mysql being removed from PHP7). This will be done via and upgrade to PDO and EasyDB. Then, work around our unit test framework (SimpleTest) limitation with PHP7. Our current version is not compatible and the latest versions of the framework that are compatible broke Mock usage. While we are working to get rid of this dependency all new unit tests must be written with phpunit

request #11066: Introduce usage of prepared statements to query the SQL database
request #11159: Introduce phpunit to run tests

Releases stats

1089 files changed, 59329 insertions(+), 21802 deletions(-)
They made the release (number of commits, author, company)
- 145 Nicolas Terray (Enalean)
- 127 Marie Ange Garnier (Enalean)
- 125 Thomas Gerbet (Enalean)
- 106 Joris Masson (Enalean)
- 102 Yannis ROSSETTO (Enalean)
- 49 Manuel VACELET (Enalean)
- 25 Thomas Gorka (Enalean)
- 8 Matthieu Monnier (Enalean)
- 4 Benjamin Dauton (Enalean)
- 1 Thomas Cottier (Enalean)

Validation scores

9.18 validation scores

Bug fix

Security

request #11192: Filters set in tracker reports are vulnerable to SQL injections
request #11217: Account takeover due to a missing CSRF protection on email address change functionnality
request #11061: XSS through wiki attachment
request #11136: Open redirect vulnerability on /my/redirect.php
request #11171: Downloading a file of the FRS from the webdav web browser plugin can lead to XSS
request #10521: Improper handling of group related permissions in tracker report
request #10979: Implement Same-Site cookie and cookie prefixes protections

Installation & system administration

request #10782: Disable usage of unix users and groups (not enabled by default)
request #11067: Captcha configuration is not accessible with nginx
request #11115: Include tuleap username in request headers
request #11116: Remove codendi path for rhel7 support
request #11131: nginx should try to redirect the user to the Tuleap virtualhost if needed
request #11168: nginx timeout for reading a response from PHP-FPM should be aligned with the code expectations

Site admin

request #11048: Missing user status values in user details page
request #11174: Duplicated dynamic ugroups for legacy default template 100
request #11193: Resending activation emails does not work when users also need to be approved by a site administrator

Email management (cross service)

request #11084: Email deduplication doesn’t take empty emails into account
request #11112: Characters outside the ASCII range are not well interpreted in mail notifications by some clients
request #11127: SVN plugin notifications should not be sent as the user doing the action
request #11155: Notifications should not be sent as the user doing the action

Site home page

request #11099: Welcome message on homepage should use the name of the instance
request #11119: Style links on homepage

Performances

request #11177: Slow SQL queries due to a missing primary key on the ugroup_user table

Tracker

request #11089: Selectbox Static Values Empty Name Defect
request #11103: Move "Done" semantic close to "Status"
request #11114: Artifact CSV import does not properly deal with typed artifact link entries
request #11118: Required selectbox field not open in edit mode when value is no more valid
request #11121: Tracker’s "Manage Semantic" fields editing broken
request #11132: Open List field causes a javascript error in artifact modal
request #11158: Computed field value might not be visible in the tracker artifact view

Kanban

request #10797: Kanban page title should be the name of the Kanban
request #11063: kanban should be part of xml import

Planning

request #11069: Date picker is always in french

SVN plugin

request #11129: Fatal error when modifying svn global admin permissions
request #11200: Adapt SVN timeouts to deal with large commits

Git

request #11130: Broken regexes in Git fine grained permissions can block any Git administrative operations

Pull requests

request #11107: Hiding closed pull requests does nothing

Continuous integration

request #11175: Remove iframe in continuous integration

Dashboards

request #11059: Rename default user Dashboard to "My Dashboard"
request #11076: Project dashboards should be part of xml import

REST

request #10833: Issue with the "authenticated_users" user group.
request #11110: API explorer is not anymore listed in /help/api.php

SOAP

request #11070: Add SOAP automated tests

Document manager

request #11113: Only writers can lock documents
request #11138: Project administrator can be locked from document manager global administration service
request #11183: Dates might not be displayed in the document manager when browsing it in French

Webdav

request #11154: Files added to the FRS from the webdav interface are always empty

Phpwiki

request #11166: Project administrators don’t always have global access for PHPWiki

Mediawiki

request #11167: Allow to debug mediawiki per configuration

Project admin

request #11169: Ugroups administration is not accessible when TV3 tracker admin group is present