Kiwi TCMS 12.1

security updates, improvements, bug fixes and new translations

Posted by Kiwi TCMS Team on Wed 29 March 2023 under releases

We're happy to announce Kiwi TCMS version 12.1!

IMPORTANT: this is a minor release which contains security related updates, general improvements, bug fixes and new translations!

You can explore everything at!

Supported upgrade paths:

5.3   (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1            -> 6.1
6.1              -> 6.1.1
6.1.1            -> 6.2 (or newer)


Upstream container images (x86_64):

kiwitcms/kiwi   latest  590c0cd6f25f    521MB

IMPORTANT: version tagged and multi-arch container images are available only to subscribers!

Changes since Kiwi TCMS 12.0


  • Add the Content-Security-Policy header to block inline JavaScript. Fixes CVE-2023-27489
  • Add the X-Frame-Options header to deny loading Kiwi TCMS into an iframe
  • Add the X-Content-Type-Options header


  • Update django-grappelli from 3.0.4 to 3.0.5
  • Update django-simple-history from 3.2.0 to 3.3.0
  • Update jira from 3.4.1 to 3.5.0
  • Update markdown from 3.4.1 to 3.4.3
  • Update pygithub from 1.57 to 1.58.1
  • Update tzdata from 2022.7 to 2023.3
  • Do not allow last super-user to be deleted (Ivajlo Karabojkov)
  • Improve loading time on test runs pages which have large number of executions with components, parameters and/or tags (@somenewacc)
  • Expose all RPC methods in the documentation
  • Update documentation to describe transitions for TestRun statuses. Closes Issue #3124


  • Allow uWSGI configuration override via the file /Kiwi/etc/uwsgi.override


  • New API method TestRun.add_attachment (David M. Johnson)
  • New API method Environment.filter() method. Refs Issue #3034 (@somenewacc)
  • New API method Environment.create(). Closes Issue #3034 (@somenewacc)

Bug fixes

  • Fix /admin/testcases/template/ page not being able to render the text editor


  • Refactor bugtracker integration
  • Remove unnecessary onChanged function for DurationWidget
  • Refactoring to avoid inline <script> tags


Kiwi TCMS Enterprise v12.1-mt

  • Based on Kiwi TCMS v12.1

  • Update dj-database-url from 1.2.0 to 1.3.0

  • Update kiwitcms-github-app from 1.4.1 to 1.5.1

  • Update kiwitcms-trackers-integration from 0.3.0 to 0.4.0

  • Add test for missing migrations

    Private images:            12.1 (aarch64)          571870729367    29 Mar 2023     528MB            12.1 (x86_64)           590c0cd6f25f    29 Mar 2023     520MB         12.1-mt (aarch64)       0a1e2f092351    29 Mar 2023     734MB         12.1-mt (x86_64)        9f44aaab7646    29 Mar 2023     725MB

IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!

How to upgrade

Backup first! Then execute the commands:

cd path/containing/docker-compose/
docker-compose down
docker-compose pull
docker-compose up -d
docker exec -it kiwi_web /Kiwi/ upgrade

Refer to our documentation for more details!

Happy testing!


If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!