Enhancements
Scrum – Velocity management (Tuleap Enterprise only)
It can be interesting to study team’s velocity evolution during a retrospective. This metric should show if the team is delivering feature on stable basis or if there are changes. Changes might come from environment (people turnover) or from the type of stories they had to work on, etc.
Starting 9.19, Tuleap Enterprise offers to team the ability to see their sprint velocity recorded. It’s computed when a sprint is done based on stories that were completed at this time. You can get more details on how to configure it for yourself and how it works in [tuleap documentation]({{ site.data.contact.uri.tuleap_doc.uri }}/user-guide/agile-dashboard.html#monitor-project-progress).
- story #10632: have the velocity of an artifact
- story #10633: see velocity in agile dashboard
Scrum – Planning
Small but very convenient addition in Scrum Planning view, backlog items now show a progress bar at the bottom of the card that is computed with remaining effort and initial effort set on items.
No configuration is needed to benefit of this.
- story #11097: See a visual progress of the remaining effort
Trackers
- story #10323: search with TQL in attachments info
- request #11246: Artifacts should provide open graph protocol information
Security – Short lived site administrator sessions (Tuleap Enterprise only)
It’s a recommended practice not to share a site administrator account between several people. Most of the time this means having one site admin account per user that must have those access.
Tuleap Enterprise propose a new approach to this problem with dynamic_credentials plugin: provision site administrator sessions on the fly with an external, secure audit trail in HashiCorp Vault.
After having installed the Tuleap plugin as well has HashiCorp Vault with tuleap plugin, when you need a site administrator access, you ask vault to generate credentials that will be valid for 30mn. After this period, the authorization are removed and you are automatically logged-out.
More details in [administration guide]({{ site.data.contact.uri.tuleap_doc.uri }}/administration-guide/authentication/dynamic-credentials.html)
- story #11239: generate dynamic credentials from HashiCorp Vault into a Tuleap instance
Development
Framework and internals improvements
- story #11279: create test environment automatically
- request #11281: Plugins should be able to use a PSR-4 autoloader
- request #11250: Add support for gauges in Tuleap instrumentation API
- request #11251: Remove end to end tests of the web UI based on Selenium
- request #11219: Introduce e2e testing with cypress
- request #11275: Build site-admin pie-charts with webpack
- request #11234: Remove eslint-disable comments
- request #11224: Migrate site-admin scripts to webpack
- request #11218: Webpack for pullrequest plugin
On the road to RHEL7
WARNING: RHEL/Centos7 is not suitable for production yet.
- story #11292: Tracker full and TTM on el7
- story #10438: Trackers mini on el7
- story #11272: Full trackers: Install and use graphontrackersv5, cardwall, agiledashboard and TTM
On the road to PHP7
- story #11261: convert Git plugin to SQL prepared statements
- request #11256: Deprecate usage of the DataAccessObject
- PHP7 conversion stats
- 1777 PHPCompatibility warnings (1140 high, 637 normal)
- 14425 simpletest tests
- 144 phpunit tests
Releases stats
- 877 files changed, 52065 insertions(+), 17592 deletions(-)
- They made the release (number of commits, author, company)
- 124 Yannis ROSSETTO (Enalean)
- 87 Thomas Gerbet (Enalean)
- 73 Nicolas Terray (Enalean)
- 65 Marie Ange Garnier (Enalean)
- 47 Joris Masson (Enalean)
- 46 Manuel VACELET (Enalean)
- 31 Thomas Gorka (Enalean)
- 8 Matthieu Monnier (Enalean)
Bug fix
Security
- request #11237: Command injection via user email address and Postfix aliases
- request #11236: Abuse user mailboxes to prove ownership of the domain used by a Tuleap instance
- request #11244: Random value used to confirm an email change should be checked in constant time to avoid timing leak
Global
- request #11291: Proper caching of user’s static ugroups
- request #11274: Force no-cache for AJAX requests
- request #9007: Force compatibility mode for IE
Tracker
- request #11289: Updating an artifact link can unuse computed values
- request #11266: Add BOM information in CSV content
- request #11264: Fatal error when a tracker report filters a list bound to ugroups
- request #11257: XML project import must not create tracker folder and content as root
- request #11210: In milestone tracker report filter must not check in parent milestone
- request #11153: Introduce front controller pattern
- request #11070: Add SOAP automated tests
Subversion (legacy & plugin)
- request #11320: Tuleap Cookie prefix must be used in python scripts
- request #11273: ldap_id set to none should not block access to subversion
Legacy SVN
- request #11295: htmlentities displayed in legacy svn query
CVS
- request #11319: CVS ViewVC display some icons in content
- request #11313: CVS should not rely on register globals
SOAP
- request #11282: service tuleap (re)start must clean the new WSDL cache folder
Mediawiki
- request #11276: MW images not displayed to restricted users that are readers
Agile Dashboard
- request #11262: Milestone backlog REST route returns empty array when there should be elements
- request #10582: Kanban widget, "RT disconnected" message is missing some styling
Project administration
- request #11260: Consistent display of project access logs
- request #11240: Inline filter on git permissions per group
- request #11214: ProFTPd permissions are not listed in Permissions per group page
Stats
- request #11258: Add cli script to extract stats
- request #11241: Add cli script to generate some stats