We're happy to announce Kiwi TCMS version 6.3! This is a medium severity security update that includes new versions of Django and Patternfly, new database migrations, lots of improvements, bug fixes and internal refactoring. This version also introduces integration with GitLab issue tracker! You can explore everything at https://demo.kiwitcms.org!
Supported upgrade paths:
5.3 (or older) -> 5.3.1 5.3.1 (or newer) -> 6.0.1 6.0.1 -> 6.1 6.1 -> 6.1.1 6.1.1 -> 6.2 (or newer)
kiwitcms/kiwi latest 8135624fdca2 960.3 MB kiwitcms/kiwi 6.2 7870085ad415 957.6 MB kiwitcms/kiwi 6.1.1 49fa42ddfe4d 955.7 MB kiwitcms/kiwi 6.1 b559123d25b0 970.2 MB kiwitcms/kiwi 6.0.1 87b24d94197d 970.1 MB kiwitcms/kiwi 5.3.1 a420465852be 976.8 MB
Changes since Kiwi TCMS 6.2.1
- Resolve medium severity XSS vulnerability which can be exploited when previewing malicious text in Simple MDE editor. See CVE-2018-19057, SNYK-JS-SIMPLEMDE-72570
- Use mozilla/bleach before rendering Markdown to the user as a second layer of protection against the previously mentioned XSS vulnerability
- Update to Django 2.1.4
- Update to Patternfly 3.58.0
- Make docker container restartable (Maik Opitz, Adam Hall)
- Add GitLab issue tracker integration. Fixes Issue #176 (Filipe Arruda, Federal Institute of Pernambuco)
- Convert Create new TestPlan page to Patternfly (Anton Sankov)
- Upon successful registration show the list of super-users in case new accounts must be activated manually. This can be the same or expanded version of the addresses in the ADMIN setting. Include super-users in email notifications sent via tcms.signals.notify_admins().
- Don't include admin/js/*.js files in templates when not necessary. Results in faster page load. Fixes Issue #209
- Enable nl2br Markdown extension which allows newline characters to be rendered as <br> tags in HTML. Visually the rendered text will look closer to what you seen in the text editor. Fixes Issue #623
- Use auto-complete for adding components to TestCase
- Bulk-update of Category for selected TestCase(s) inside of TestPlan
- Bulk-update of Components for selected TestCase(s) inside of TestPlan
- Bulk-update of automated status for selected TestCase(s) inside of TestPlan
- Bulk-remove for TestCase Component tab
These actions have always been a bit broken and didn't check the correct permission labels. You can still update items individually!
- Selection of Components when creating new TestCase. Closes Issue #565. Everywhere else Kiwi TCMS doesn't allow selection of many-to-many relationships when creating or editing objects. Tags, Bugs, Components, TestPlans can be added via dedicated tabs once the object has been saved.
- Hide KiwiUserAdmin.password field from super-user. Fixes Issue #610
- Don't show inactive Priority. Fixes Issue #637
- Don't traceback when adding new users via Admin. Fixes Issue #642
- Teach TestRun.update() API method to process the stop_date field. Fixes Issue #554 (Anton Sankov)
- Previously when reporting issues to Bugzilla, directly from a TestRun, Kiwi TCMS displayed the error Enable reporting to this Issue Tracker by configuring its base_url although that has already been configured. This is now fixed. See Stack Overflow #53434949
- Remove TestPlan.owner field, duplicates TestPlan.author
- Remove fmt_queries(). Fixes Issue #330 (Anton Sankov)
- Remove unused parameter from plan_from_request_or_none(). Refers to Issue #303 (Anton Sankov)
- Remove ComponentActions() class. Fixes Issue #20
- Convert lots of AJAX calls to JSON-RPC
- Pylint fixes (Alexander Todorov, Anton Sankov)
How to upgrade
If you are using Kiwi TCMS as a Docker container then:
cd Kiwi/ git pull docker-compose down docker pull kiwitcms/kiwi docker pull centos/mariadb docker-compose up -d docker exec -it kiwi_web /Kiwi/manage.py migrate
Don't forget to backup before upgrade!
WARNING: kiwitcms/kiwi:latest and docker-compose.yml will always point to the latest available version! If you have to upgrade in steps, e.g. between several intermediate releases, you have to modify the above workflow:
# starting from an older Kiwi TCMS version docker-compose down docker pull kiwitcms/kiwi:<next_upgrade_version> edit docker-compose.yml to use kiwitcms/kiwi:<next_upgrade_version> docker-compose up -d docker exec -it kiwi_web /Kiwi/manage.py migrate # repeat until you have reached latest