Kiwi TCMS 7.3

critical security update

Posted by Kiwi TCMS Team on Thu 16 January 2020 under releases

We're happy to announce Kiwi TCMS version 7.3!

IMPORTANT: this is a critical security update for CVE-2019-19844: Potential account hijack via password reset form!

Also migrates to Django 3.0 and includes several other improvement and bug-fixes!

You can explore everything at!

Supported upgrade paths:

5.3   (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1            -> 6.1
6.1              -> 6.1.1
6.1.1            -> 6.2 (or newer)

Docker images:

kiwitcms/kiwi       latest  4026ee62e488    556 MB
kiwitcms/kiwi       6.2     7870085ad415    957 MB
kiwitcms/kiwi       6.1.1   49fa42ddfe4d    955 MB
kiwitcms/kiwi       6.1     b559123d25b0    970 MB
kiwitcms/kiwi       6.0.1   87b24d94197d    970 MB
kiwitcms/kiwi       5.3.1   a420465852be    976 MB

Changes since Kiwi TCMS 7.2


  • Update Django from 2.2.8 to 3.0.2


  • Update python-gitlab from 1.13.0 to 1.15.0
  • Update pygithub from 1.44.1 to 1.45
  • Update django-grappelli from 2.13.2 to 2.13.3
  • Bump django-uuslug from 1.1.9 to 1.2.0
  • Bump django-attachments from 1.4.1 to 1.5
  • Bump django-vinaigrette from 1.2.0 to 2.0.1
  • Update marked to version 0.8.0
  • Update prismjs to version 1.19.0
  • Generalize existing kiwitcms.telemetry.plugins handling code by renaming the entry point to kiwitcms.plugins
  • Refactor views to class based (Svetlozar Stoyanov)
  • Teach Kiwi TCMS to automatically report bugs to GitHub when the user selects such action. Fall back to opening a new browser window for manually entering the bug if something goes wrong


  • When migrating from the older Bug model to LinkReference skip bugs which are attached directly to test cases instead of test executions. See SO #59321756
  • Remove AutoField.max_length because it is ignored by Django 3


  • TestCase.update() method now allows to update the author field. Fixes Issue #630

Bug fixes

  • Modify template pass object as test_plan. Fixes Issue #1307 (Ed Oswald S. Go)
  • Enable version selection in test plan search page. Fixes Issue #1276
  • Apply percentage rounding for completed test executions. Fixes Issue #1230
  • Fix a logical bug in conditional expression when deciding whether or not reporting bugs to selected issue tracker is disabled


  • Add code of conduct. Fixes Issue #1185 (Rosen Sasov)
  • Add test for KIWI_DONT_ENFORSE_HTTPS. Closes Issue #1274
  • Replace ugettext_lazy with gettext_lazy for Django 3
  • Remove BaseCaseSearchForm.bug_id field
  • Refactor testcase edit view to class-based
  • Happy New Year pylint

GitHub integration

The hosted version of Kiwi TCMS ships with additional GitHub integration. See GitHub App announcement and github-app for more information!

Upcoming conferences

The next two events we are going to participate are:

If you are around come and say "Happy testing"!

How to upgrade

Backup first! If you are using Kiwi TCMS as a Docker container then:

cd path/containing/docker-compose/
docker-compose down
docker pull kiwitcms/kiwi
docker pull centos/mariadb
docker-compose up -d
docker exec -it kiwi_web /Kiwi/ migrate

WHERE: docker-compose.yml has been updated from your private git repository! The file provided in our GitHub repository is an example. Not for production use!

WARNING: kiwitcms/kiwi:latest and docker-compose.yml will always point to the latest available version! If you have to upgrade in steps, e.g. between several intermediate releases, you have to modify the above workflow:

# starting from an older Kiwi TCMS version
docker-compose down
docker pull kiwitcms/kiwi:<next_upgrade_version>
edit docker-compose.yml to use kiwitcms/kiwi:<next_upgrade_version>
docker-compose up -d
docker exec -it kiwi_web /Kiwi/ migrate
# repeat until you have reached latest

Happy testing!