New in Artidoc: Structure your Artidocs with headers for better organization. Now supported by the new ‘Freetext’ section—designed for seamless in-Doc editing without turning into Artifacts. Plus, Discover the new “Zen Mode” to remove distractions on small screens, providing a full-screen experience for better focus while reading and writing.

Structure your Artidocs with Headers

This is a major step for Artidoc: you can now structure your documents with headers (titles). Instead of a lengthy explanation, we made a short video to showcase the creation of a requirement management document for a drone camera system:

How does that work under the hood ?

The most important thing to understand is that the structure is now supported by a new type of section called “Freetext”. Until now, sections were actually saved as artifacts. As you might expect, Freetext sections are not artifacts—they exist only within Artidoc and have no external representation.

Another key point to keep in mind is that Freetext sections are not yet versioned.

Freetext sections can be used for two main purposes:

  • Adding text in your document that doesn’t have to be a “requirement” (technically an artifact) such as introduction paragraphs, legal terms, descriptions of expected content (think templates), etc.
  • Organize documents with titles.

Designing this new header system was surprisingly complex, and while we’re confident in the trade-offs we made, we’d love to hear your feedback on how it fits your documents and constraints. Feel free to reach out to us!

Artidoc zen mode

When working on a small screen, such as a laptop, every inch counts. The new full-screen mode for Artidoc removes all unnecessary navigation elements from Tuleap (sidebar, top bar, and project header) so you can focus entirely on reading or writing your documents.

Go to fullscreen with 3 dots menu or type [f]
Go to fullscreen with 3-dot menu or type [f]
Artidoc in fullscreen
Artidoc in fullscreen

Named queries in Cross-Tracker Search

After taking a short break to improve email notifications, we’re resuming our work on Cross-Tracker Search. You’ll soon see artifact links in search results. After that, we’ll focus on the board view. But first, we want to make the Cross-Tracker Search widget more accessible, as it will become central to many tracker-related features.

This release introduce a set of changes that simplify the usage of Cross-Tracker Search:

  • Named queries
  • Multiples queries per widgets
  • Query suggestions

The first enhancement—named queries—makes it easier to understand complex searches. TQL is powerful, but reading an entire query to understand its results can be cumbersome. With named queries, you can now assign a short string and a full description to your TQL query, explaining its purpose in plain language. Regular users won’t even know about TQL.

Next, multiple queries per widget: Often, more than one query is relevant to a project. Previously, you needed one widget per query, which might be inefficient. Now, you have both options—you can design a dashboard with multiple widgets or use a single widget containing multiple queries.

Finally, at query creation, it’s a lot easier to modify an existing query rather than starting from scratch. The three more common queries requested were added to kick-start your dashboards.

Bugs and requests

During the 16.6 release cycle, 56 requests were implemented. Bugs and security fixes were already back-ported on Tuleap Enterprise builds. You will find below a detailed list of fixes. The most notable ones are in bold.

Security

  • #42251 Improper permission handling in the REST endpoints and release notes display of the FRS plugin – CVE-2025-30209 – Severity Moderate
  • #42243 XSS via the content of RSS feeds in the RSS widgets – CVE Pending – Moderate
  • #42231 Missing CSRF protection on tracker hierarchy administration – CVE Pending – Moderate
  • #42208 Missing CSRF protections on artifact submission & edition from the tracker view – CVE-2025-29766 – Moderate
  • #42237 Read permission not enforced on parent tracker in the REST API – CVE-2025-30155 – Moderate

Trackers

  • #42224 Add flat representations in GET /artifacts/:id/linked_artifacts
  • #42255 Moving an artifact loses the value of field bind to users
  • #42229 Cannot see hierarchy admin form at all when one of my trackers has a long name
  • #42234 Changes on cardwall tasks not saved
  • #42570 Changes on cardwall renderer for tracker are not saved
  • #42235 Cannot add a shared field
  • #42220 Adding a column in sorted table triggers an SQL error
  • #42199 GraphOnTracker raise errors when user create graphs

Test Management

  • #42190 Logs TTM configuration update in project history

Misc

  • #42240 RSS widgets do not always show the most recent content
  • #42196 Migrate to Argon2id to store password
  • #42187 Force activate MediaWiki Standalone when the MediaWiki plugin is used

Receive once a month the latest Tuleap updates