Kiwi TCMS 14.3

security updates, improvements and new translations

Posted by Kiwi TCMS Team on Thu 03 July 2025 under releases

We're happy to announce Kiwi TCMS version 14.3!

IMPORTANT:

This is a minor version release which includes security related updates, several improvements, bug fixes and new translations.

Recommended upgrade path:

14.2 -> 14.3

You can explore everything at https://public.tenant.kiwitcms.org!

---

Public container image (x86_64):

pub.kiwitcms.eu/kiwitcms/kiwi   latest  0de20b89c781    691MB

IMPORTANT: version tagged and multi-arch container images are available only to subscribers!

Changes since Kiwi TCMS 14.2

Security

  • Update Django from 5.1.8 to 5.1.11, addressing medium severity vulnerabilities, CVE-2025-32873 and CVE-2025-48432, which do not appear to affect Kiwi TCMS

Improvements

  • Remove the django-uuslug dependency
  • Update django-colorfield from 0.13.0 to 0.14.0
  • Update django-grappelli from 4.0.1 to 4.0.2
  • Update django-guardian from 2.4.0 to 3.0.3
  • Update django-simple-history from 3.8.0 to 3.10.1
  • Update django-tree-queries from 0.19.0 to 0.20.0
  • Update markdown from 3.8 to 3.8.2
  • Update psycopg[binary] from 3.2.6 to 3.2.9
  • Update pygments from 2.19.1 to 2.19.2
  • Update python-gitlab from 5.6.0 to 6.1.0
  • Update uwsgi from 2.0.29 to 2.0.30
  • Update node_modules/pdfmake from 0.2.18 to 0.2.20
  • Display nested Test Plan(s) in select drop-down on New Test Run page
  • Implement Bugzilla.details() method to fetch more information about reported bugs via the existing Bugzilla integration interface
  • Refactor URL /accounts/<username>/profile/ into /accounts/<pk>/profile/ to prevent usernames being exposed in logs or anonymous analytics
  • Refactor URL /plan/<pk>/<slug> into /plan/<pk>/ to prevent test plan summary being exposed in logs or anonymous analytics. Fixes Issue #3994

Bug fixes

  • Make sure IssueTrackerType.details() method provides id and status fields to prevent crashes when IssueTracker integration falls back to this method
  • For Bug.details() API method always cast internal result to dict to avoid the situation where modernrpc/handlers/xmlhandler.py::dumps_result() doesn't know how to serialize that! Fixes Sentry KIWI-TCMS-VV
  • Don't send email notifications to inactive users

Refactoring and testing

  • Update node_modules/eslint-plugin-import from 2.31.0 to 2.32.0
  • Update node_modules/webpack from 5.99.6 to 5.99.9
  • Use the public interface tcms_api.TCMS().exec in tests
  • Add test for unauthenticated Bugzilla.details() which falls back to OpenGraph

Kiwi TCMS Enterprise v14.3-mt

  • Based on Kiwi TCMS v14.3
  • Update certbot-* from 4.0.0 to 4.1.1
  • Update dj-database-url from 2.3.0 to 3.0.1
  • Update django-prometheus from 2.3.1 to 2.4.1
  • Update sentry-sdk from 2.26.1 to 2.32.0
  • Update social-auth-app-django from 5.4.3 to 5.5.1

Private container images

hub.kiwitcms.eu/kiwitcms/version            14.3 (x86_64)           096aa72ea8b7    03 Jul 2025     691MB
hub.kiwitcms.eu/kiwitcms/version            14.3 (aarch64)          90de3cb881d6    03 Jul 2025     703MB
hub.kiwitcms.eu/kiwitcms/enterprise         14.3-mt (aarch64)       182297e972ce    03 Jul 2025     1.08GB
hub.kiwitcms.eu/kiwitcms/enterprise         14.3-mt (x86_64)        3697c45224c0    03 Jul 2025     1.06GB

IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!

How to upgrade

Backup first! Then follow the Upgrading instructions from our documentation.

Happy testing!

---

If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!