We're happy to announce Kiwi TCMS and tcms-api version 4.2!
This is a security, bug-fix and enhancement update which upgrades to the latest
Django version under Python 3.6.
We've pushed new
kiwitcms/kiwi:latest docker image to Docker Hub and updated the
demo instance at https://demo.kiwitcms.org!
This version also includes GDPR related changes which affect our project. Read below for the details.
Changes since Kiwi TCMS 4.1.4
IMPORTANT: this release introduces new database migrations
- Enable testing with Badit. Fixes Issue #237
- Enable testing with Coverity Scan
- Enable testing with pyup.io
- Enable testing with Snyk
- Use SHA256 instead of MD5 and SHA1
- Use the
secretsmodule for activation keys
- Remove unnecessary AJAX view that had remote code execution vulnerability
- Don't use hard-coded temporary directories
- Upgrade to Patternfly 3.36.0 which fixes the following vulnerabilities:
BUGZILLA_AUTH_CACHE_DIRis a new setting that may be specified to control where Bugzilla auth cookies are saved! It is not specified by default and Kiwi TCMS uses a temporary directory each time we try to login into Bugzilla!
- Upgrade to Python 3.6. Fixes Issue #91
- Upgrade to Django 2.0.6
- Fix around 100 pylint issues (Anton Sankov)
- Update email confirmation template for newly registered users and make the text translatable
Last logincolumn in User admin page
- Add tests for
- Remove unused CSS selectors
- Remove unnecessary
- Remove unused deferred field
product_version. Fixes Sentry KIWI-TCMS-1C
- Rename left-over
get_full_url(). Fixes Sentry KIWI-TCMS-1B
- Fix empty TestPlan url and Product fields in TestRun email notification. Fixes Issue #353 (Matt Porter, Konsulko Group)
- Updated translations for Chinese Simplified
- Updated translations for Chinese Traditional
- New language and translations for Slovenian
git clonecommand to documentation. Fixes Issue #344 (Anton Sankov)
Models and database migrations
- Increase checksum fields size to hold the new checksum values
activation_keyfield size to 64 chars
- Allow users to delete their accounts. Link is present on
My profilepage. This will also delete any related objects using cascade delete
- Try not to be so obvious when it comes to displaying email addresses across the web interface. Instead show username and link to profile
In addition the following changes were deployed to our infrastructure:
- On our website the
Subscribe to our newsletteris now a link, instead of embedded form because embedded forms can't display GDPR compliance fields. If you wish to receive email from Kiwi TCMS you need to select the
- Double opt-in is now enabled when subscribing to our newsletter
- All newsletter addresses that have been unsubscribed have been deleted
- Upon registration for http://demo.kiwitcms.org you are no longer subscribed to the newsletter. Now we send a welcome email with a link to the newsletter so you can subscribe if you want
- http://demo.kiwitcms.org now runs a cron job which deletes inactive accounts and all of their related data. The cron job runs weekly
We're trying to be respectful to your private data and not expose that to any 3rd parties or use it for means other than making Kiwi TCMS better open source software. If you spot areas for improvement please report an issue so we can take a look at it!
tcms-api changes since 4.0.0
- Remove coloring. Fixes Issue #185
- Fix using the API client against
https://URLs (Adam Łoszyn, Samsung)
How to upgrade
If you are using Kiwi TCMS as a Docker container then
cd Kiwi/ git pull docker-compose down docker pull kiwitcms/kiwi docker pull centos/mariadb docker-compose up -d docker exec -it kiwi_web /Kiwi/manage.py migrate
Help us make Kiwi TCMS better
According to our 2018 roadmap the Kiwi TCMS team is investing a great deal of our time to make the code base more maintainable! For the past few releases we've been balancing code refactoring with bug-fixing and minor enhancements and we have lots of ideas down the line.
We want to hear your voice! Tell us how you use Kiwi TCMS inside your organization. We want to know what works for you and what doesn't so we can make it better. Feel free to comment below, file GitHub issues or send us an email.