Brand-new plugin, SAFe related new enhancements and more. It’s time for Tuleap 13.2!

Introducing Tuleap DocGen™: the new plugin in Tuleap Trackers for easier compliance audit

When you need to prove your products are compliant with a regulation, it can be tedious to gather all the pieces of evidence. Even if you recorded everything right (thanks to Tuleap Trackers 😉). Auditors don’t always have access to your system to follow the audit trail; sometimes, it’s even required to have a full export of all the data for off-site analysis (👋 EU Medical Device Regulation).

But rest assured, this should no longer be an issue thanks to our brand new Tuleap DocGen™ plugin.

Export all your datas in a few clicks

In Tracker Reports, click on “Generate document”. After a few seconds, you will download a “.docx” document that contains all the content of the selected artifacts.

Example of Tuleap artifacts exported in docx format
Example of Tuleap artifacts exported in .docx format

The document is structured with:

  • a title page with some generic information about the export,
  • followed by a table of contents,
  • the details about the query that was made on the tracker,
  • and then the artifacts themselves.

Of course, the output is quite different from what you can see on the web page. Because OOXML (the .docx format name) is quite limited, but all the data (tracker fields) are there. However, we made a major effort on text fields. Text formatting will be as close as possible to what was done in the web UI, including embedded images.

Create a full traceability matrix in Tuleap

The main use case for document generation is compliance. There is also a strong need for proof of validation. The gold standard here is the traceability matrix to show that a requirement was covered by tests as well as the status of those tests.

The work on this area just started (watch this space!) but you can already generate one traceability matrix with an export of the Test Executions.

Export of traceability matrix from test executions to requirement
Export of traceability matrix from test executions to requirements

Use emojis 🦄 to distinguish projects

In the context of SAFe®, or any multi-projects organization, being able to quickly identify from which project a resource comes from is key. Last year we introduced the “Project Background” so you get a visual clue of the project you are currently looking at. But there was a need for more. With SAFe®/Program Management, teams are now dealing with cross-project resources.

For instance, a User Story in a given project can have a parent Feature that is actually managed in a different project. Of course, in this case, we prepend the name of the project. But most people are “visual” so we wanted to add something to catch your eyes: an emoji.

Each project can now select an emoji that will be used in key places (project switch, sidebar, etc).

Select an emoji for a project
Select an emoji for a project

Card design unified

As part of the long-running effort of UI homogenization, in this release, the attention was focused on cards display. Tuleap renders artifacts as cards in many places (Taskboard, Kanban, Planning, etc). But they were all slightly different each time (slightly better, actually). The focus in this release was planning cards. Others will come later.

Snapshot Community repository is gone

This was a very long-term goal that we finally managed to address. Get all Tuleap dependencies under control without depending on a “magic” repository. Until Tuleap 13.2, there were a few Tuleap dependencies (cvs, mailman, …) that were managed standalone packages. That was a PITA to manage for us (everything was manual every time we wanted to release), as for system administrators (the repository was crafted with a special yum config to exclude Tuleap packages) and for the CI maintenance (when we released the Tuleap packages we had some clever tricks to remove only part of the repository).

The good news is that we are now able to release everything from sources, within the main CI pipeline. For Tuleap developers, it means less burden for maintenance. For system administrators, it reduces the space for errors in config and enhanced security because we are now able to sign all packages properly as well as repositories metadata. With the current trends of software supply chain attacks, we have added one more level of protection for you.

So we no longer have to populate the snapshot repository (the infamous, wrongly named “stable” repository) and Tuleap Community Edition installations should switch to “dev” channel. Tuleap Enterprise Edition installations can remove the dependencies on Tuleap Community Edition repositories. As usual, everything is covered in the deployment guide.

Bugs and Requests

There were 35 bugs fixed and requests implemented during the 13.2 release cycle. Bugs and security fixes were already back-ported on Tuleap Enterprise builds. You will find below a selection of the most notable fixes.


CVE-2021-42574 aka Trojan Source Attacks got some traction since the beginning of November. While there is nothing new here, it was a good opportunity to add some layer of warning in Tuleap Pull Requests. Tuleap will now warn developers about the presence of Unicode characters that might be the sign of an attempt to hide malicious code.

Tuleap Pull Request that might hide malicious code
Tuleap Pull Request that might hide malicious code

This warning will also be displayed when browsing code in Tuleap (by commit diff).

Other bugs and requests


  • request #23470 Press enter should save instead of closing the modal when saving a tracker report
  • request #23430 Hidden follow-up comment when we follow an anchor


  • request #23475 Cannot authenticate over SSH with Git LFS 3.0.0+
  • request #23450 Generating the bundle of a Git repository during an XML export should be done with Git 2.18


  • request #23444 Unable to upload a photo to Mediawiki

Site administration

  • request #23479 Openid and ldap user login generator must be the same
  • request #23492 SQL errors in disk usage statistics
  • request #23477 Ldap search for autocomplete doesn’t work
  • request #23456 Make sure /var/tmp/tuleap_cache/php directory is present on boot
  • request #23454 Give more time to the containers to start before considering them unhealthy
  • request #23452 Doing REST or Webdav operations with Basic Auth should not create a “long session”

Receive once a month the latest Tuleap updates