As promised, this month we are back with way more advancements: easier user registration and invitation processes, developments on Enterprise Linux 9 compatibility, possibility to restrict OnlyOffice servers… and more to discover in the Tuleap 14.5 release note below.
User registration and invitation
The register page has had its interface cleaned up. Additionally, the email confirmation page now leaves no doubt as to what the next step is for the user. To top it off, a modal window now greets new users with a bang 🎉
The invitation process has also been simplified. A token is now linked to each invitation. This allows two things: first, when the person being invited follows the link in the invitation email, he/she is automatically redirected to a form where his/her email is pre-filled. Second, this person has no longer to confirm his/her email once the registration form is completed: if the platform is configured such that new users are automatically validated, then he/she will be directly redirected to their dashboard.
More work around the « first steps » in Tuleap will be delivered in upcoming releases, such as the ability to invite someone into a project.
Tech Preview: Enterprise Linux 9 compatibility
We’ve been a bit laggy with the support of recent version of Enterprise Linux ecosystem (RHEL & alike). Part because the landscape was unclear with the end of the CentOS “official” rebuild of RHEL and part because RHEL & CentOS 7 are still supported until 2024. In the meantime we have heavily invested on our own build system and the bump of version was surprisingly easy.
First of all, the elephant in the middle of the room: “Where is RHEL 8 support ?”. It will not be supported. First because RHEL 9 is out there since long enough, it shouldn’t be an issue for any IT department. Moreover, it allows to disambiguate the whole “CentOS 8” thing that keeps coming up. CentOS 8 is no longer supported, since more than a year but we keep having questions “do you support CentOS >= 7” (although sometimes people may not completely grasp what CentOS Stream actually is). By switching to RHEL 9 directly, it means that only RockyLinux and AlmaLinux are officially supported for people who doesn’t want to pay for RHEL License.
Second, the deprecations. CVS and Mailman (mailing list) support are removed.
Apart from that, everything should work seamlessly. That said, it’s a brand new OS support so we play it conservative and it’s only for test purposes as of now.
Restrict ONLYOFFICE servers
If you need tight control on the projects allowed to use a given ONLYOFFICE server (for instance for licensing reasons) it’s now possible. Site administrators can declare multiple ONLYOFFICE servers and assign projects accordingly.
Subversion access token
Usage of token instead of login/password where introduced with Subversion in 2015. More recently (2018) we introduced a more generic version of Tokens as Access Keys with the ability to manage scopes (REST, Git, etc) better cryptography and expiration dates. In order to be consistent, SVN is now a scope for Access Keys. It’s no longer possible to generate new Tokens, existing one are still fully functional. It’s a good idea to replace Tokens by AccessKey as it’s an opportunity to rotate secrets.
Jira import
Jira import tool is now able to import agile project without Scrum board (Kanban with Epics).
Bugs and requests
There were 47 bugs fixed and requests implemented during the 14.5 release cycle. Bugs and security fixes were already back-ported on Tuleap Enterprise builds. You will find below a detailed list of fixes. The most notable ones are in bold.
Security
- #29988 Anonymous users keep their permissions after MediaWiki Standalone permissions change
- #30338 ViewVC: pull-in patches for CVE-2023-22456 and CVE-2023-22464
Tracker
- #30390 Field dependency validation must block when target value is empty
- #30412 Project created from DB templates doesn’t keep cardwall renderer configuration
- #30371 Artifact modal should expose errors raised by backend
- #30392 Selected parent in modal artifact link field lead to an unknown URL
- #30019 Artifact modal must wait for artifact links to be loaded
- #30354 Copied artifact must be set in explicit backlog if source artifact is part of planning
- #30352 TQL query is in error if a field name contains “-“
Program
- #30394 Cannot configure a Program if project is not created from the expected template
Pull Requests
- #30403 Replacing 0.000 by 0 produce an empty diff
MediaWiki Standalone
- #30366 MediaWiki: 1.35.8 -> 1.35.9
- #30020 Mathoid: a87501ee0ee943e7aef63fefaa966aa1b40a907d -> a1e488dfbbac83e307f8555dfdd0e2e2b8f93f2b
- #30357 Images overflow page layer
- #30367 Add link to administration in dropdown
- #30407 Replace PdfBook extension with mPdf extension
- #30356 ImageMap rendering is broken in MediaWiki Standalone