Kiwi TCMS 6.4

security updates, improvements and bug fixes

Posted by Kiwi TCMS Team on Mon 07 January 2019

We're happy to announce Kiwi TCMS version 6.4! This is a security, improvement and bug-fix update that includes new versions of Django, Patternfly and other dependencies. You can explore everything at https://demo.kiwitcms.org!

Supported upgrade paths:

5.3   (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1            -> 6.1
6.1              -> 6.1.1
6.1.1            -> 6.2 (or newer)

Docker images:

kiwitcms/kiwi       latest  39fcb88182bb    963.4 MB
kiwitcms/kiwi       6.2     7870085ad415    957.6 MB
kiwitcms/kiwi       6.1.1   49fa42ddfe4d    955.7 MB
kiwitcms/kiwi       6.1     b559123d25b0    970.2 MB
kiwitcms/kiwi       6.0.1   87b24d94197d    970.1 MB
kiwitcms/kiwi       5.3.1   a420465852be    976.8 MB

Changes since Kiwi TCMS 6.3

Security

  • Update Django from 2.1.4 to 2.1.5, which deals with CVE-2019-3498: Content spoofing possibility in the default 404 page
  • Update Patternfly to version 3.59.0, which deals with XSS issue in bootstrap. See CVE-2018-14041
  • By default session cookies will expire after 24 hours. This can be controlled via the SESSION_COOKIE_AGE setting. Fixes Issue #556

Improvements

  • Update mysqlclient from 1.3.13 to 1.3.14
  • Update python-gitlab from 1.6.0 to 1.7.0
  • Update django-simple-history from 2.5.1 to 2.6.0
  • Update pygithub from 1.43.3 to 1.43.4
  • New API method TestCase.remove(). Initially requested as SO #53844380
  • Drop down select widges in Patternfly pages are now styled with bootstrap-select giving them more consistent look and feel with the rest of the page (Anton Sankov)
  • Create new TestPlan page now includes toggles to control notifications and whether or not the test plan is active. This was previously available only in edit page (Anton Sankov)
  • By default TestPlan notification toggles are turned on. Previously they were off (Anton Sankov)
  • Create and Edit TestPlan pages now look the same (Anton Sankov)
  • Kiwi TCMS is now accepting donations via Open Collective

Removed functionality

  • Remove TestPlan page -> Run menu -> Add cases to run action. This is the same as TestRun page -> Cases menu -> Add action
  • Legacy reports will be removed after 1st March 2019. Provide your feedback in Issue #657
  • The /run/ URL path has been merged with /runs/ due to configuration refactoring. This may break your bookmarks or permalinks!

Bug fixes

  • Don't traceback if markdown text is None. Originally reported as SO #53662887
  • Show loading spinner when searching. Fixes Issue #653
  • Quick fix: when viewing TestPlan cases make TC summary link to the test case. Previously the summary column was a link to nowhere.

Refactoring

  • Pylint fixes
  • New and updated internal linters
  • Refactor testplans.views.new to class based view (Anton Sankov)
  • Refactor TestCase -> Bugs tab -> Remove to JSON-RPC. References Issue #18
  • Refactor removeCaseRunBug() to JSON-RPC, References Issue #18
  • Remove unused render_form() methods
  • Remove unnecessary string-to-int conversion (Ivaylo Ivanov)
  • Remove obsolete label fields. References Issue #652 (Anton Sankov)
  • Remove JavaScript that duplicates requestOperationUponFilteredCases()
  • Remove QuerySetIterationProxy class - not used anymore

How to upgrade

If you are using Kiwi TCMS as a Docker container then:

cd Kiwi/
git pull
docker-compose down
docker pull kiwitcms/kiwi
docker pull centos/mariadb
docker-compose up -d
docker exec -it kiwi_web /Kiwi/manage.py migrate

Don't forget to backup before upgrade!

WARNING: kiwitcms/kiwi:latest and docker-compose.yml will always point to the latest available version! If you have to upgrade in steps, e.g. between several intermediate releases, you have to modify the above workflow:

# starting from an older Kiwi TCMS version
docker-compose down
docker pull kiwitcms/kiwi:<next_upgrade_version>
edit docker-compose.yml to use kiwitcms/kiwi:<next_upgrade_version>
docker-compose up -d
docker exec -it kiwi_web /Kiwi/manage.py migrate
# repeat until you have reached latest

Happy testing!

Subscribe to our newsletter