Kiwi TCMS 6.4

security updates, improvements and bug fixes

Posted by Kiwi TCMS Team on Mon 07 January 2019 under releases

We're happy to announce Kiwi TCMS version 6.4! This is a security, improvement and bug-fix update that includes new versions of Django, Patternfly and other dependencies. You can explore everything at!

Supported upgrade paths:

5.3   (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1            -> 6.1
6.1              -> 6.1.1
6.1.1            -> 6.2 (or newer)

Docker images:

kiwitcms/kiwi       latest  39fcb88182bb    963.4 MB
kiwitcms/kiwi       6.2     7870085ad415    957.6 MB
kiwitcms/kiwi       6.1.1   49fa42ddfe4d    955.7 MB
kiwitcms/kiwi       6.1     b559123d25b0    970.2 MB
kiwitcms/kiwi       6.0.1   87b24d94197d    970.1 MB
kiwitcms/kiwi       5.3.1   a420465852be    976.8 MB

Changes since Kiwi TCMS 6.3


  • Update Django from 2.1.4 to 2.1.5, which deals with CVE-2019-3498: Content spoofing possibility in the default 404 page
  • Update Patternfly to version 3.59.0, which deals with XSS issue in bootstrap. See CVE-2018-14041
  • By default session cookies will expire after 24 hours. This can be controlled via the SESSION_COOKIE_AGE setting. Fixes Issue #556


  • Update mysqlclient from 1.3.13 to 1.3.14
  • Update python-gitlab from 1.6.0 to 1.7.0
  • Update django-simple-history from 2.5.1 to 2.6.0
  • Update pygithub from 1.43.3 to 1.43.4
  • New API method TestCase.remove(). Initially requested as SO #53844380
  • Drop down select widges in Patternfly pages are now styled with bootstrap-select giving them more consistent look and feel with the rest of the page (Anton Sankov)
  • Create new TestPlan page now includes toggles to control notifications and whether or not the test plan is active. This was previously available only in edit page (Anton Sankov)
  • By default TestPlan notification toggles are turned on. Previously they were off (Anton Sankov)
  • Create and Edit TestPlan pages now look the same (Anton Sankov)
  • Kiwi TCMS is now accepting donations via Open Collective

Removed functionality

  • Remove TestPlan page -> Run menu -> Add cases to run action. This is the same as TestRun page -> Cases menu -> Add action
  • Legacy reports will be removed after 1st March 2019. Provide your feedback in Issue #657
  • The /run/ URL path has been merged with /runs/ due to configuration refactoring. This may break your bookmarks or permalinks!

Bug fixes

  • Don't traceback if markdown text is None. Originally reported as SO #53662887
  • Show loading spinner when searching. Fixes Issue #653
  • Quick fix: when viewing TestPlan cases make TC summary link to the test case. Previously the summary column was a link to nowhere.


  • Pylint fixes
  • New and updated internal linters
  • Refactor to class based view (Anton Sankov)
  • Refactor TestCase -> Bugs tab -> Remove to JSON-RPC. References Issue #18
  • Refactor removeCaseRunBug() to JSON-RPC, References Issue #18
  • Remove unused render_form() methods
  • Remove unnecessary string-to-int conversion (Ivaylo Ivanov)
  • Remove obsolete label fields. References Issue #652 (Anton Sankov)
  • Remove JavaScript that duplicates requestOperationUponFilteredCases()
  • Remove QuerySetIterationProxy class - not used anymore

How to upgrade

If you are using Kiwi TCMS as a Docker container then:

cd Kiwi/
git pull
docker-compose down
docker pull kiwitcms/kiwi
docker pull centos/mariadb
docker-compose up -d
docker exec -it kiwi_web /Kiwi/ migrate

Don't forget to backup before upgrade!

WARNING: kiwitcms/kiwi:latest and docker-compose.yml will always point to the latest available version! If you have to upgrade in steps, e.g. between several intermediate releases, you have to modify the above workflow:

# starting from an older Kiwi TCMS version
docker-compose down
docker pull kiwitcms/kiwi:<next_upgrade_version>
edit docker-compose.yml to use kiwitcms/kiwi:<next_upgrade_version>
docker-compose up -d
docker exec -it kiwi_web /Kiwi/ migrate
# repeat until you have reached latest

Happy testing!