We're happy to announce Kiwi TCMS version 14.3!
IMPORTANT:
This is a minor version release which includes security related updates, several improvements, bug fixes and new translations.
Recommended upgrade path:
14.2 -> 14.3
You can explore everything at https://public.tenant.kiwitcms.org!
---
Public container image (x86_64):
pub.kiwitcms.eu/kiwitcms/kiwi latest 0de20b89c781 691MB
IMPORTANT: version tagged and multi-arch container images are available only to subscribers!
Changes since Kiwi TCMS 14.2
Security
- Update Django from 5.1.8 to 5.1.11, addressing medium severity vulnerabilities, CVE-2025-32873 and CVE-2025-48432, which do not appear to affect Kiwi TCMS
Improvements
- Remove the django-uuslug dependency
- Update django-colorfield from 0.13.0 to 0.14.0
- Update django-grappelli from 4.0.1 to 4.0.2
- Update django-guardian from 2.4.0 to 3.0.3
- Update django-simple-history from 3.8.0 to 3.10.1
- Update django-tree-queries from 0.19.0 to 0.20.0
- Update markdown from 3.8 to 3.8.2
- Update psycopg[binary] from 3.2.6 to 3.2.9
- Update pygments from 2.19.1 to 2.19.2
- Update python-gitlab from 5.6.0 to 6.1.0
- Update uwsgi from 2.0.29 to 2.0.30
- Update node_modules/pdfmake from 0.2.18 to 0.2.20
- Display nested Test Plan(s) in select drop-down on New Test Run page
- Implement Bugzilla.details() method to fetch more information about reported bugs via the existing Bugzilla integration interface
- Refactor URL /accounts/<username>/profile/ into /accounts/<pk>/profile/ to prevent usernames being exposed in logs or anonymous analytics
- Refactor URL /plan/<pk>/<slug> into /plan/<pk>/ to prevent test plan summary being exposed in logs or anonymous analytics. Fixes Issue #3994
Bug fixes
- Make sure IssueTrackerType.details() method provides id and status fields to prevent crashes when IssueTracker integration falls back to this method
- For Bug.details() API method always cast internal result to dict to avoid the situation where modernrpc/handlers/xmlhandler.py::dumps_result() doesn't know how to serialize that! Fixes Sentry KIWI-TCMS-VV
- Don't send email notifications to inactive users
Refactoring and testing
- Update node_modules/eslint-plugin-import from 2.31.0 to 2.32.0
- Update node_modules/webpack from 5.99.6 to 5.99.9
- Use the public interface tcms_api.TCMS().exec in tests
- Add test for unauthenticated Bugzilla.details() which falls back to OpenGraph
Translations
- Updated Chinese Simplified translation
- Updated Chinese Traditional translation
- Updated Persian translation
Kiwi TCMS Enterprise v14.3-mt
- Based on Kiwi TCMS v14.3
- Update certbot-* from 4.0.0 to 4.1.1
- Update dj-database-url from 2.3.0 to 3.0.1
- Update django-prometheus from 2.3.1 to 2.4.1
- Update sentry-sdk from 2.26.1 to 2.32.0
- Update social-auth-app-django from 5.4.3 to 5.5.1
Private container images
hub.kiwitcms.eu/kiwitcms/version 14.3 (x86_64) 096aa72ea8b7 03 Jul 2025 691MB hub.kiwitcms.eu/kiwitcms/version 14.3 (aarch64) 90de3cb881d6 03 Jul 2025 703MB hub.kiwitcms.eu/kiwitcms/enterprise 14.3-mt (aarch64) 182297e972ce 03 Jul 2025 1.08GB hub.kiwitcms.eu/kiwitcms/enterprise 14.3-mt (x86_64) 3697c45224c0 03 Jul 2025 1.06GB
IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!
How to upgrade
Backup first! Then follow the Upgrading instructions from our documentation.
Happy testing!
---
If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!
- Give ⭐ on GitHub;
- Join our newsletter and follow all project news;
- Become a contributor and an awesome open source hacker;
- Become a subscriber and help us sustain development