Complete move of artifacts

The work was started in the previous release and is now completed with the two last remaining fields covered: file attachments and artifact links.

So given two trackers with the same shape, trackers’ administrators can move artifacts, keeping all their values, history and, artifact ids. It’s a common scenario for people using Tuleap for HelpDesk, reporting a bug in the appropriate tracker/project tend to be tedious. With the ability to move artifacts, you can now easily setup a central “report everything here” tracker and then the triage team will move the issue in the appropriate location.

More details are available in the documentation.

Pull Requests permissions

When a team is using a fork based workflow for Pull Requests (PR), every so often, PR authors get stuck because they need to update the title or the description but it is forbidden. The permission system was designed to allow user with write permissions on the target repository to modify the PRs. However, PR can be used as a gating system, precisely to avoid granting write permissions to contributors. Hence we lifted the constraint and PR authors can now update their titles and descriptions.

Import issues from Jira to one single Tuleap tracker

Jira and Tuleap are different beasts, especially when it comes to data model. While Jira is ultimately one single “database” of things (issues) with various types (“bug”, “task”, …) that have different views, Tuleap consider that each issue type has it’s own “database” (ie. a tracker).

When running an import from Jira to Tuleap, we made the choice of breaking down issue types in different Tuleap trackers (one for Bugs, one for Tasks, etc). A choice that works well in term of data and that lead to an interesting finding: some Jira people are very used to “multi issue types” workflow. In this situation, having one tracker per issue type makes things more complex.

So we introduced the ability to choose, at import time, whether the issues types should be merged in a single big tracker or allocated in one tracker per issue type. This can be useful, for instance, for people heavily relying on multi issue types boards.

Of course, there is no one size that fits all, so it’s really a matter of taste and we encourage you to try it out. Documentation is here.

Bugs and requests

There were 29 bugs fixed and requests implemented during the 14.12 release cycle. Bugs and security fixes were already back-ported on Tuleap Enterprise builds. You will find below a detailed list of fixes. The most notable ones are in bold.


  • #33608 Preview of a linked artifact with a type does not respect permissions – CVE-2023-38508 – High
  • #33656 XSS on the success message of a kanban deletion – CVE-2023-39521 – Medium


  • #33641 Fields not moved error message can be wrongly displayed
  • #33671 Tracker report “In Milestone” criterion still used when tracker is no more a backlog tracker
  • #33316 Cardwall based tracker renderer widget is empty when report filters on date fields in normal mode
  • #33660 Untranslated text in English version
  • #33642 Add in project history when a tracker is deleted


  • #33644 Search string ending with a space highlight everything in the kanban
  • #33315 Two equivalent warnings are displayed when using a filtered kanban


  • #33975 Children are not displayed under their task in roadmap
  • #33317 Have a consistent order for roadmap tasks

Git / Pull Requests

  • #33666 Stay in the current repository when opening a PR

Full text search with Meilisearch

  • #33659 Meilisearch: 1.2.0 -> 1.3.1

Documentation management

  • #33323 Folder can no longer update its own properties


  • #33314 Headers missing on preflight requests on tus server endpoint
  • #33313 PHP Warning in GET projects


  • #33645 Make possible to use an authenticating SMTP relay host
  • #33643 Allow to setup the dynamic credentials plugin with tuleap config-set

Receive once a month the latest Tuleap updates