Scrum – Velocity management (Tuleap Enterprise only)

It can be interesting to study team’s velocity evolution during a retrospective. This metric should show if the team is delivering feature on stable basis or if there are changes. Changes might come from environment (people turnover) or from the type of stories they had to work on, etc.

Starting 9.19, Tuleap Enterprise offers to team the ability to see their sprint velocity recorded. It’s computed when a sprint is done based on stories that were completed at this time. You can get more details on how to configure it for yourself and how it works in [tuleap documentation]({{ site.data.contact.uri.tuleap_doc.uri }}/user-guide/agile-dashboard.html#monitor-project-progress).

Velocity bar chart

Scrum – Planning

Small but very convenient addition in Scrum Planning view, backlog items now show a progress bar at the bottom of the card that is computed with remaining effort and initial effort set on items.

No configuration is needed to benefit of this.

Progress bar on backlog items

  • story #11097: See a visual progress of the remaining effort


Security – Short lived site administrator sessions (Tuleap Enterprise only)

It’s a recommended practice not to share a site administrator account between several people. Most of the time this means having one site admin account per user that must have those access.

Tuleap Enterprise propose a new approach to this problem with dynamic_credentials plugin: provision site administrator sessions on the fly with an external, secure audit trail in HashiCorp Vault.

After having installed the Tuleap plugin as well has HashiCorp Vault with tuleap plugin, when you need a site administrator access, you ask vault to generate credentials that will be valid for 30mn. After this period, the authorization are removed and you are automatically logged-out.

More details in [administration guide]({{ site.data.contact.uri.tuleap_doc.uri }}/administration-guide/authentication/dynamic-credentials.html)

  • story #11239: generate dynamic credentials from HashiCorp Vault into a Tuleap instance


Framework and internals improvements

On the road to RHEL7

WARNING: RHEL/Centos7 is not suitable for production yet.

On the road to PHP7

  • story #11261: convert Git plugin to SQL prepared statements
  • request #11256: Deprecate usage of the DataAccessObject
  • PHP7 conversion stats
    • 1777 PHPCompatibility warnings (1140 high, 637 normal)
    • 14425 simpletest tests
    • 144 phpunit tests

Releases stats

  • 877 files changed, 52065 insertions(+), 17592 deletions(-)
  • They made the release (number of commits, author, company)
    • 124 Yannis ROSSETTO (Enalean)
    • 87 Thomas Gerbet (Enalean)
    • 73 Nicolas Terray (Enalean)
    • 65 Marie Ange Garnier (Enalean)
    • 47 Joris Masson (Enalean)
    • 46 Manuel VACELET (Enalean)
    • 31 Thomas Gorka (Enalean)
    • 8 Matthieu Monnier (Enalean)

Bug fix


  • request #11237: Command injection via user email address and Postfix aliases
  • request #11236: Abuse user mailboxes to prove ownership of the domain used by a Tuleap instance
  • request #11244: Random value used to confirm an email change should be checked in constant time to avoid timing leak



Subversion (legacy & plugin)

  • request #11320: Tuleap Cookie prefix must be used in python scripts
  • request #11273: ldap_id set to none should not block access to subversion

Legacy SVN



  • request #11282: service tuleap (re)start must clean the new WSDL cache folder


  • request #11276: MW images not displayed to restricted users that are readers

Agile Dashboard

  • request #11262: Milestone backlog REST route returns empty array when there should be elements
  • request #10582: Kanban widget, "RT disconnected" message is missing some styling

Project administration