Please welcome the new, awesome, shiny and lovely git repository browsing interface \o/

New Git Repository Home Page

That’s the end of a 3.5 months epic for getting a beautiful display of git repositories. All the parts of git repository browsing were updated (display of contents, diffs, list of commits, etc). The navigation was completely re-think so you might be loss or maybe we removed something that was terribly useful in your workflow, tell us about it !

There are too many changes to make an exhaustive tour of them, we selected bellow 3 of the most used screens.

The list of commits (history of the project):

List of commits

The detail of one commit with the diff of content:

One commit detail

Advanced selector to switch to a different tag or branch:

Branch tag selector

This work corresponds to following stories:

We also fixed a handful of bugs:

Git / Pull Requests

A new tab appears in the pull request view with the list of commits a PR is made of. If you plugged your repository with continuous integration you will see for each commit the status of the validation with CI badge on the right hand size.

Pull requests list of commits

Fixed bugs:

  • request #12284 Getting the list of the impacted files of a PR through the REST API can be slow
  • request #12267 Update of cross repository pull requests breaks diff


  • story #12266 use an API key rather than a login / password

Starting 10.6 the new recommended way to access REST api is to use the new API keys that can be generated in each user account settings. The key is generated server side and displayed only once, then it’s usable directly in you requests without time limit. You can revoke keys at anytime. Keep them safe, they are as precious as your passwords.

Generate an API key to access REST API

API keys replace generation of tokens and avoid to have the 4 steps:

  1. access resource A
  2. get a 401
  3. generate a token
  4. access again resource A

This is replaced by:

  1. access resource A with X-Auth-AccessKey: foobared

Documentation was updated accordingly. Token based access will still be supported but is now marked as deprecated.

  • story #12265 have a REST end point to toggle project’s status

Introduction of REST end point for project manipulation, limited to project status at the moment to switch from active to suspended, back and forth.

This comes with a new site level permission "Project management via REST" that is required for the use of the previous route.

WARNING: this new permission is now mandatory to make use of POST /projects in order to create a new project with the REST API.

Project Certification (Tuleap Enterprise)

New plugin that allow to define one user amongst project admin as accountable for project security settings.

Updated project member widget


Plugins and events:

Dependencies upgrade:

  • request #12275 Upgrade Angular version to latest in Kanban, PlanningV2 and TestManagement
  • request #12365 Update DOMPurify to 1.0.8
  • request #12328 Bump sodium_compat library to 1.7.0 for a "free" performance boost

Internal refactoring and clean-up:

On the road to PHP 7.2

  • request #12353 Bump to JpGraph to 4.2.4 for the PHP 7 support
  • request #12278 Tuleap cryptography API should work out of box on PHP 7.2 with php-sodium

Almost everything is ready for PHP 7.2 upgrade. There are only a few things missing:

  • WebDAV (requires a version bump of the lib)
  • Mediawiki (requires an internal modification of mediawiki 1.23 until we bump to 1.31+)
  • PHPWiki (fix code)

Releases stats

  • 1344 files changed, 61792 insertions(+), 23088 deletions(-)
  • They made the release (number of commits, author, company)
    • 118 Marie Ange Garnier, Enalean
    • 114 Thomas Gerbet, Enalean
    • 111 Nicolas Terray, Enalean
    • 73 Joris Masson, Enalean
    • 38 Manuel VACELET, Enalean
    • 38 Yannis ROSSETTO, Enalean
    • 27 Thomas Gorka, Enalean
    • 18 Benjamin Dauton, Enalean
    • 3 Romain Lorentz, Enalean
    • 2 Sandra Echinard, Enalean

Bug fix


  • request #12307 Cannot configure velocity => getting mustache error
  • request #12298 Block access to the tracker SOAP API by default
  • request #12290 Field values used in trigger must not be deletable
  • request #12289 Initial burnup calculation should be done on changeset value
  • request #11821 Cannot not attach file in Tracker on Centos7
  • request #12382 When artifact link are disabled and artifact has a hierarchy, actions button is fetch multiple times
  • request #12354 Cardwall render is broken when list field value is null
  • request #12351 Tracker XML import doesn’t import field associated to a cardwall
  • request #12317 Cannot delete an artifact in some large project due to Gateway error

Agile Dashboard

Create test env

Test Management (Tuleap Enterprise)

  • request #12297 Javascript error in the edit campaign modal with changing categories