Kiwi TCMS 7.0

major release with security updates & many changes

Posted by Kiwi TCMS Team on Tue 24 September 2019 under releases

We're happy to announce Kiwi TCMS version 7.0! This is a major release which includes security updates, significant database schema and API changes, many improvements, removed functionality, bug fixes, substantial internal refactoring and several new languages. You can explore everything at!

The 7.0 version number happily coincides with the fact that we've surpassed 70000 downloads from Docker Hub.

Supported upgrade paths:

5.3   (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1            -> 6.1
6.1              -> 6.1.1
6.1.1            -> 6.2 (or newer)

Docker images:

kiwitcms/kiwi       latest  d34dc6d896bf    584 MB
kiwitcms/kiwi       6.2     7870085ad415    957 MB
kiwitcms/kiwi       6.1.1   49fa42ddfe4d    955 MB
kiwitcms/kiwi       6.1     b559123d25b0    970 MB
kiwitcms/kiwi       6.0.1   87b24d94197d    970 MB
kiwitcms/kiwi       5.3.1   a420465852be    976 MB

Changes since Kiwi TCMS 6.11


  • API method BugSystem.filter() has been removed (now unused) but it was possible to use this method to steal passwords or keys used for Issue Tracker integration. This vulnerability could be exploited by users logged into Kiwi TCMS and is classified as medium severity! We advise you to change your integration API keys and passwords immediately!


  • Update Django from 2.2.4 to 2.2.5
  • Update django-uuslug from 1.1.8 to 1.1.9
  • Update mysqlclient from 1.4.2.post1 to 1.4.4
  • Update python-bugzilla from 2.2.0 to 2.3.0
  • Update python-gitlab from 1.10.0 to 1.11.0
  • Update patternfly from 3.59.3 to 3.59.4
  • Reduce docker image size from 1.01 GB to under 600 MB
  • Add TestCase Health telemetry
  • Add support for Redmine issue tracker. Fixes Issue #41 (Jesse C. Lin)
  • Add breathing room around HTML form's submit buttons (Rady Madjev)
  • New TestRun page action: bulk-add hyperlinks to TestExecution(s)
  • Make it possible to disable HTTPS by specifying the KIWI_DONT_ENFORCE_HTTPS environment variable! Fixes Issue #1036 (Marco Descher)
  • Documentation updates, including internal style checker. Fixes Issue #1000 (Prome88)
  • When linking a TestExecution to a defect and choosing to update the Issue Tracker Kiwi TCMS will not add a comment pointing back to TR ID/summary/URL and TE ID/summary. This provides more detailed information about the reproducer instead of just linking to a TestCase without any specific execution details like we did in the past
  • Display additional defect information via Issue Tracker integration. On Patternfly pages which show defect URLs this is accessible via a small info icon. Fixes Issue #117
  • Add minimalistic defect tracker functionality. Fixes Issue #699
    • integrated with Issue Tracker integration layer as if it was an external system
    • when adding hyperlink to TestExecition (also via API method TestExecution.add_link()) this is special cased and the references between Bug and TestExecution are always updated
    • when clicking 'Report bug' from inside Test Execution the new defect is reported automatically and a new browser window opens to display the information

Database migrations

  • Tell the migration planner to apply testruns.0006_rename_test_case_run_to_test_execution after linkreference.0001_squashed. This enables subsequent migrations and new functionality to be applied without crashing.


    Django should be able to handle this automatically both for existing installations and for new ones. In any case make sure you backup your data first and make a dry-run to verify that nothing breaks!

  • Remove fields url_reg_exp, validate_reg_exp and description from BugSystem model

  • Update the following fields in LinkReference model:

    • rename test_case_run to execution
    • add indexing for created_on and url
    • add is_defect field
  • Apply LinkReference permissions to default group Tester. Fixes Issue #881


    Administrators of existing applications will need to apply these permissions by hand via the Admin section.

  • Remove testcases.Bug model, replaced with LinkReference. Closes Issue #1029 and obsoletes Issue #320.


    Linking bugs to TestExecution is now performed via URLs instead of keeping a reference to BUG-ID and trying to reconstruct the URL on the fly.


    The model named Bug which is added by subsequent migrations refers to defects reported into Kiwi TCMS minimalistic defect tracker!

  • New model bugs.Bug is now available. Permissions of type bugs | bug | Can ... will be applied to the default group named Tester only for new installations.


    Administrators of existing applications will need to apply these permissions by hand via the Admin section.


  • TestExecution.add_link() method now returns serialized LinkReference object.
  • TestExecution.remove_link() method now accepts one parameter of type dict used to filter the objects which to remove
  • TestExecution.get_links() method now accepts one parameter of type dict instead of int
  • TestExecution.add_link() method signature changed from (int, str, str) to (dict), where the single parameter holds field values for the LinkReference model
  • Remove TestExecution.add_bug() method, use TestExecution.add_link()
  • Remove TestExecution.remove_bug() method, use TestExecution.remove_link()
  • Remove TestCase.add_bug() method
  • Remove TestCase.remove_bug() method
  • Remove Bug.remove() method, use TestExecution.remove_link()
  • Remove Bug.create() method, use TestExecution.add_link()
  • Add method Bug.details() which together with the underlying IssueTracker.details() is the foundation of how Kiwi TCMS fetches extra details from the issue tracking system. The default implementation uses OpenGraph protocol to collect the data that will be shown. You may override .details() for each issue tracker (or add your own IT) to extend this functionality. Information is cached for 1 hour by default. References Issue #117
  • Add methods Bug.add_tag() and Bug.remove_tag()
  • Existing method with name Bug.filter() has changed behavior. It is now used to query objects from Kiwi TCMS minimalistic defect tracker

Removed functionality

  • Remove IssueTrackerType.all_issues_link() method. This was used in TestRun Report page to show a single link that will open all bugs in the Issue Tracker. Most trackers don't support this and the UI portion has been rewritten
  • Remove LinkOnly issue tracker - obsolete because all defects are now added to TestExecutions via their URLs
  • Remove bulk-add/bulk-remove of bugs in TestRun page, replaced by bulk-add for hyperlinks


  • Respect the CACHES setting, see Django docs for more info. Initially this setting is used to cache defect details received via Issue Tracker integration. See Issue #117

Bug fixes

  • Don't auto-download FontAwesome for SimpleMDE. Resolves icons disappearing on pages which have the markdown editor. Fixes Issue #905
  • Reorder HTML elements so Delete button is still visible in TestCase review comment section. Fixes Issue #1013 (Rady Madjev)
  • Remove section that displays bugs in TestExecution container. Bugs are now denoted by a small icon next to their hyperlink. Closes Issue #475
  • Cache Issue Tracker connections per base_url. Fixes Issue #290


  • Lots of refactoring from function based views to class based views (Rady Madjev)
  • Use JavaScript and the API to remove case execution instead of dedicated backend function (Rady Madjev)
  • Update pylint directives around missing permissions (Svetlomir Balevski)
  • Fix typo in identifier. Fixes CID 344186
  • Use TestExecution.add_link() and TestExecution.remove_link() in UI instead of dedicated backend function.
  • Remove unused LinkReference views, forms and tests modules


For more information check-out all supported languages. To request new language click here!

junit.xml-plugin v0.4

A few days ago we have also released kiwitcms-junit.xml-plugin v0.4 with the following changes:

  • Update junitparser from 1.3.2 to 1.3.4
  • Also support XML files with <testsuites> root tag (Katalon Studio). Fixes Issue #9

tap-plugin v0.4

We have also released kiwitcms-tap-plugin v0.4 with the following changes:

  • Include traceback from TAP file as TestExecution comment. Fixes Issue #7 (Christophe CHAUVET)

How to upgrade

Backup first! If you are using Kiwi TCMS as a Docker container then:

cd path/containing/docker-compose/
docker-compose down
docker pull kiwitcms/kiwi
docker pull centos/mariadb
docker-compose up -d
docker exec -it kiwi_web /Kiwi/ migrate

WHERE: docker-compose.yml has been updated from your private git repository! The file provided in our GitHub repository is an example. Not for production use!

WARNING: kiwitcms/kiwi:latest and docker-compose.yml will always point to the latest available version! If you have to upgrade in steps, e.g. between several intermediate releases, you have to modify the above workflow:

# starting from an older Kiwi TCMS version
docker-compose down
docker pull kiwitcms/kiwi:<next_upgrade_version>
edit docker-compose.yml to use kiwitcms/kiwi:<next_upgrade_version>
docker-compose up -d
docker exec -it kiwi_web /Kiwi/ migrate
# repeat until you have reached latest

Happy testing!