Better list fields in trackers, smarter “+ New button”, stronger message to IE11 users, discover the last Tuleap release of 2020


Enhancements

Welcome to List Picker in Trackers

The list fields in trackers got a complete redesign to better handle large amount of values. All lists now include a “search field” so you can filter values with search as you type.

The main gain is for Multi Select Box fields. With default HTML multi select box, it’s easy to select values (just one click) but it’s not obvious how to remove a selected value (CTRL+Click), with List Picker, both actions are available in one click

For Select Box fields, the look’n feel is consistent with Multi Select Box and the main improvement is that the values can be filtered with search as you type

This new rendering is activated by default in all trackers and for all fields except those with a color (this part was not stable enough to make it in 12.3).

Please note that IE11 is not supported, so users will fallback on legacy list rendering.

Select and deselect values is now straightforward
Select and deselect values is now straightforward
List picker with avatars in artifact view
List picker with avatars in artifact view

Smart “+ New” button

“+ New” button shown on the top right of all pages was introduced in Tuleap 12.0 to ease creation of most frequent kind of items in a workspace. We got positive feedback on this change but some inconsistencies due to redirections to “Artifact View” were overlooked.

In Kanban, “+ New” menu will be automatically filled with the Kanban item (User story, Activity, Task, etc) and this will raise the “Full” modal for artifact creation. Of course, addition will be in place, that is to say, you won’t be redirected to the tracker for actual creation.

In Scrum, all views (Overview, Planning, Taskboard & TestPlan) allow to create contextual elements automatically. In Planning view for instance, it’s possible to create user stories, epics and releases with “+ New”, the three actions are now the same as using the dedicated buttons. In Overview, Taskboard & TestPlan, the “+ New” menu proposes to create backlog items (according to your configuration). However, in this case, it’s done with a smart redirect, that is to say, the creation is done in Artifact View but you will be redirected to the original view (for instance Taskboard) at the end of the creation process.

“epic” is automatically populated in the “+ New” menu
Create a new story in the context of a Sprint
Create a new story in the context of a Sprint

Trackers global administration

This release introduces a view of all trackers of a project at Tracker service administration level to:

  • Select which tracker is promoted in “+ New” menu. It was previously in each tracker “Details” but this is more a project administrator feature than a Tracker administration one.
  • Delete a tracker. It was previously on Trackers service page but it makes little sense to expose this feature that much.
Tracker administration page
Tracker administration page

IE11 end of support warning

Clock is ticking for Internet Explorer 11 (and Edge Legacy) support in Tuleap. Tuleap 12.3 is the last release to support this browser. Unfortunately, we didn’t observed a decrease of usage (even if the remaining usage is very low) so we intensify the awareness: the warning popup is now displayed every hour.

Every hour, Tuleap pop a message up to inform about IE11 end of support
Every hour !

Video demo

See new features in motion

Bugs and requests

There were 62 bugs fixed and requests implemented during 12.3 release cycle. Bugs and security fixes were already backported on Tuleap Enterprise builds. You will find below a selection of the most notable fixes.

Security

Taint Analysis

Since this summer, there is an underlying work to have automated Taint Analysis on Tuleap code base thanks to psalm (this tool is incredible, you would have hard time to understand how much it helps Tuleap development). The automation itself is now activated since beginning of November (ran every night) and it already helped to catch two XSS 🎉:

  • request #18406 XSS via the open list field search response
  • request #18351 XSS via the label of the fields in semantic descriptions

Content Security Policy

Because we never stop, starting this release, we deploy more useful Content Security Policy with automatic logging of violations. For the time being the strict policy is not enforced, we capture violation to tailor the rules. Once enough data will be gathered we will start enforcing more strict rules. Yet, it already allowed to identify one vulnerability:

  • request #18383 Mailing list administration is vulnerable to clickjacking
  • request #17967 Deploy a useful content security policy

End of RHEL/CentOS 6 support

RHEL & CentOS 6 support has ended, so has our support of those platforms. Tuleap packages are no longer available and, for what is worth, neither are OS packages. If it’s not already done, we urge you to upgrade as soon as possible. The more you wait, the more you will be exposed to both OS and Tuleap vulnerabilities and the more complex the migrations will be.

Main requests

  • request #18410 Open ID Connect Client+ Unique + Anonymous homepage + News => impossible to login
  • request #18381 Request to get system events from search can be very long
  • request #18317 Empty git lfs object are not detected on pull request
  • request #17998 White line on my personal page
  • request #17986 Git pull request changes tab throw an error 500 if a file is empty
  • request #16599 Uploading a new version of a file throws errors
  • request #18333 Welcoming Benjamin Bouillot in the integrator team

Receive once a month Tuleap latest updates