Security

• Update Django from 5.0.8 to 5.0.9, addressing multiple potential security vulnerabilities, which do not seem to affect Kiwi TCMS directly however this is not 100% guaranteed

Improvements

• Update markdown from 3.6 to 3.7
• Update psycopg from 3.2.1 to 3.2.3
• Update pygithub from 2.3.0 to 2.4.0
• Update python-bugzilla from 3.2.0 to 3.3.0
• Update python-gitlab from 4.9.0 to 4.13.0
• Update tzdata from 2024.1 to 2024.2
• Update uwsgi from 2.0.26 to 2.0.27
• Update node_modules/pdfmake from 0.2.10 to 0.2.14
• Specify large_client_header_buffers for NGINX proxy configuration example to match the configuration of Kiwi TCMS
• Set uWSGI configuration max-requests to 1024

Settings

• Explicitly set DATA_UPLOAD_MAX_NUMBER_FIELDS to 1024, default is 1000

Bug fixes

• Increase uWSGI configuration buffer-size to 20k to allows the creation of a TestRun with 1000 test cases! Fixes Issue #3387, Issue #3800

Refactoring and testing

• Update black from 24.8.0 to 24.10.0
• Update pylint-django from 2.5.5 to 2.6.1
• Update selenium from 4.23.1 to 4.25.0
• Update sphinx from 8.0.2 to 8.1.1
• Update node_modules/webpack from 5.93.0 to 5.95.0
• Update node_modules/eslint from 8.57.0 to 8.57.1
• Update node_modules/eslint-plugin-import from 2.29.1 to 2.31.0
• Assert that password reset email contains username reminder
• Update translation source strings

Security

• Update Django from 4.2.13 to 5.0.8, addressing multiple potential security vulnerabilities, which do not seem to affect Kiwi TCMS directly however this is not 100% guaranteed

Improvements

• Update psycopg from 3.1.19 to 3.2.1
• Update python-gitlab from 4.6.0 to 4.9.0
• Add a Test Plan + button on New Test Run page. Related to Issue #3680
• Always show the Build + button on New Test Run page. Related to Issue #3680
• Add a Product + button on New Test Run page. Closes Issue #3680
• Add auto-complete for Parent ID field on Edit TestPlan page. Closes Issue #3189

API

• Add TestRun.remove() API method. Fixes Issue #3691

Bug fixes

• Do not call TestExecution.remove_link() on TestRun page with undefined argument (@Melzmann). Fixes Issue #3728 where URLs attached to a test execution suddenly go missing after some time
• On New Test Run page when Product is updated trigger TestPlan on-change to fix a bug where the Build drop-down is not cleared and may be showing values which are invalid for the current selection
• Adjust angle bracket icon direction when viewing nested testplans. Fixes Issue #3163
• Strip newline characters from email subjects to avoid crashes. Fixes Sentry KIWI-TCMS-P7

Refactoring and testing

• Update black from 24.4.2 to 24.8.0
• Update selenium from 4.21.0 to 4.23.1
• Update sphinx from 7.4.7 to 8.0.2
• Update node_modules/webpack from 5.92.0 to 5.93.0
• Update node_modules/eslint-plugin-promise from 6.2.0 to 6.6.0
• Modify test case to include newline characters in TestCase summary

Other

• EthicalAds is a GDPR-compliant ad network for devs which doesn't use cookies, and displays only dev-focused ads. Will be displayed on free-beer releases and the demo version hosted at public.tenant.kiwitcms.org

Translations

• Updated Korean translation
• Updated Portuguese, Brazilian translation

Improvements

• Update Django from 4.2.12 to 4.2.13
• Update django-simple-history from 3.5.0 to 3.7.0
• Update python-gitlab from 4.5.0 to 4.6.0
• Update uwsgi from 2.0.25.1 to 2.0.26
• Update node_modules/html5sortable from 0.13.3 to 0.14.0
• Remove cron job for anonymous analytics
• Remove anonymous analytics from /admin/ pages
• Replace inline HTML attributes with CSS classes
• Make it possible for Kiwi TCMS plugins to provide markdown extensions

Refactoring

• Remove django-debug-toolbar as a development dependency
• Update node_modules/eslint-plugin-promise from 6.1.1 to 6.2.0
• Update node_modules/webpack from 5.91.0 to 5.92.0

Translations

• Updated Chinese Traditional translation
• Updated Korean translation

Improvements

• Update Django from 4.2.11 to 4.2.12
• Update psycopg from 3.1.18 to 3.1.19
• Update PyGithub from 1.58.2 to 2.3.0
• Update pygments from 2.17.2 to 2.18.0
• Update python-gitlab from 4.4.0 to 4.5.0
• Replace more inline style= HTML attributes with CSS classes

Bug fixes

• Truncate TestCase.text length for Jira 1-click bug reports to avoid 400, 414 and/or 500 errors! Text will be truncated to 30k chars for automated POST requests and 6k chars for fallback GET requests to fit inside Jira limitations

Refactoring and testing

• Remove double slash in Jira fallback URL
• Stop using the Github(login_or_token) argument b/c it is deprecated
• Update selenium from 4.20.0 to 4.21.0

Translations

• Updated Chinese Simplified translation
• Updated Chinese Traditional translation

Improvements

• Update Django from 4.2.10 to 4.2.11
• Update django-grappelli from 3.0.8 to 4.0.1
• Update django-modern-rpc from 1.0.2 to 1.0.3
• Update django-tree-queries from 0.16.1 to 0.19.0
• Update jira from 3.6.0 to 3.8.0
• Update markdown from 3.5.2 to 3.6
• Update python-redmine from 2.4.0 to 2.5.0
• Update uwsgi from 2.0.24 to 2.0.25.1
• Update node_modules/pdfmake from 0.2.9 to 0.2.10
• Update node_modules/es5-ext from 0.10.62 to 0.10.63
• Update documentation with better installation instructions when using Docker
• Remove multiple inline style= HTML attributes

Settings

• Don't send outgoing emails to addresses which fail validation, including custom validation configured via the EMAIL_VALIDATORS setting. For example if there are blacklisted addresses Kiwi TCMS will not send messages to them anymore

Refactoring and testing

• Update black from 23.12.1 to 24.4.2
• Update selenium from 4.9.1 to 4.20.0
• Update node_modules/eslint from 8.56.0 to 8.57.0
• Update nodemodules/webpack from 5.90.3 to 5.91.0
• Remove unused has_permissions_to_modify()
• Do not execute Docker image tests as root
• Add tests for file upload via browser UI

Translations

• Updated Albanian translation
• Updated Korean translation
• Updated Portuguese, Brazilian translation
• Updated Turkish translation

Bug fixes

• Downgrade node_modules/datatables.net-buttons from 3.0.0 to 2.4.3. Fixes Issue #3552

Refactoring

• Use max() built-in function instead of an if block

Improvements

• Update django from 4.2.9 to 4.2.10
• Update django-simple-history from 3.4.0 to 3.5.0
• Update mysqlclient from 2.2.1 to 2.2.4
• Update psycopg from 3.1.17 to 3.1.18
• Update tzdata from 2023.4 to 2024.1
• Update uwsgi from 2.0.23 to 2.0.24
• Update node_modules/datatables.net-buttons from 2.4.2 to 3.0.0
• Add robots.txt file to tell various robots to stop probing Kiwi TCMS
• Resolve the path /favicon.ico because some browsers still search for it
• Send Referer: header for container HEALTHCHECK command in order to make NGINX logs more readable
• Allow users to reset their email by asking them to confirm their new address. Fixes Issue #3211
• Add support for custom email validators on the registration page
• Move X-Frame-Options header definition into settings
• Move X-Content-Type-Options header definition into settings
• Enable anonymous analytics, see here

Settings

• New settings ANONYMOUS_ANALYTICS and PLAUSIBLE_DOMAIN control anonymous analytics
• New setting EMAIL_VALIDATORS for custom email validation during registration
• Add the following settings in order to document them - CSRF_COOKIE_AGE, CSRF_COOKIE_HTTPONLY, SESSION_COOKIE_HTTPONLY, CSRF_COOKIE_SECURE and SESSION_COOKIE_SECURE. Most likely you don't need to change their values
• Respect X_FRAME_OPTIONS setting, defaults to DENY
• Respect SECURE_CONTENT_TYPE_NOSNIFF setting, defaults to nosniff
• Configure SECURE_SSL_REDIRECT setting to True

API

• New method TestExecution.remove() which should be used in favor of TestRun.remove_case()

Bug fixes

• Fix a bug where non-distinct values made it into generated property matrix
• On TestRun page allow removal of individual parameterized TestExecution(s). Closes Pull #3282

Refactoring and testing

• Update codecov/codecov-action from 3 to 4
• Update node_modules/webpack from 5.89.0 to 5.90.3
• Update runner image for CircleCI
• Fix failure in test_utf8_uploads on CircleCI
• Several improvements around performance benchmark tests
• Refactor RegistrationForm.clean_email() using field validator function
• Add tests for test matrix generation functionality

Security

• Preventatively patch calls to the built-in xmlrpc.client module using the defusedxml package

Improvements

• Update container runtime from Python 3.9 to Python 3.11
• Update Django from 4.2.7 to 4.2.9
• Update django-colorfield from 0.10.1 to 0.11.0
• Update django-modern-rpc from 0.12.1 to 1.0.2
• Update django-tree-queries from 0.15.0 to 0.16.1
• Update django-simple-captcha from 0.5.20 to 0.6.0
• Update jira from 3.5.2 to 3.6.0
• Update markdown from 3.5.1 to 3.5.2
• Update mysqlclient from 2.2.0 to 2.2.1
• Update psycopg from 2.9.9 to 3.1.17
• Update python-gitlab from 4.1.1 to 4.4.0
• Update tzdata from 2023.3 to 2023.4
• Update node_modules/pdfmake from 0.2.8 to 0.2.9
• Show an icon when some child TPs not shown on Search Test Plans page to let the user know that parent-child hierarchies shown on the page may be incomplete because the data has been filtered out by their search criteria. Closes Issue #3313
• Hide the Expand/Collapse button Search Test Plans page for TP with 0 children in the result set

Settings

WARNING:

The location of the Python runtime inside the container has changed. This affects settings override files as well as any downstream customizations to the Kiwi TCMS container image! For example you may have to adjust Docker volumes like so:

         volumes:
-            - ./local_settings.py:/venv/lib64/python3.9/site-packages/tcms/settings/local_settings.py
+            - ./local_settings.py:/venv/lib64/python3.11/site-packages/tcms/settings/local_settings.py

• Explicitly define the DATA_UPLOAD_MAX_MEMORY_SIZE setting. It controls file uploads via RPC, not webUI, because the payload is base64 encoded and is part of the request body. Closes Issue #3262

API

WARNING:

This version of Kiwi TCMS introduces backward incompatible changes to API methods

• Method TestRun.filter() no longer returns the field plan__product
• Method TestRun.filter() no longer returns the field plan__product_version
• Method TestRun.filter() no longer returns the field plan__product_version__value
• Method TestRun.filter() now returns the new field build__version
• Method TestRun.filter() now returns the new field build__version__product
• Method TestRun.filter() now returns the new field build__version__value

Bug fixes

• Fix TestPlan cloning with different product (@somenewacc)
• Fix row reload when adding new comment in TestRun page (@somenewacc)
• Fix tag display for parametrized executions on TestRun page (@somenewacc)
• Fix bug in search/display of Version on Search TestRun page. The root cause was that the correct relationship here should have been TR -> Build -> Version which is independent of the relationship TP -> Product -> Version. Fixes Issue #3258
• Fix bug in search/display of Product on Search TestRun page. The root cause was that the correct relationship here should have been TR -> Build -> Version -> Product which is independent of the relationship TP -> Product
• Fix Telemetry pages to query Product/Version from execution's data. All of these underlying queries on these pages operate on TestExecution and Product/Version information should be matched against what is stored in TestExecution->Build because it is more accurate over time, while TE->TR->TP->Product/Version is more likely to change as test plan documents evolve
• Adjust Product & Version display on TestRun page using the relationship TR->Build as the starting point
• For IssueTracker integration use Product/Version from execution.build Note that execution.build is initialized with run.build and then may change its value if we're recording results against multiple builds inside the same TestRun. For example mark some executions as PASS, others as FAIL; then update TR to a newer Build; retest and mark the FAIL results as PASS. Using the value of execution.build is more accurate
• Treat the file /Kiwi/etc/uwsgi.override as an ini file and load it if it exists. This means that any override files must include the [uwsgi] section as well

Refactoring and testing

• Adjust Kiwi TCMS for newer version of django-modern-rpc (Antoine Lorence)
• Remove commented out code (@deepsource-autofix[bot])
• Add integration test for uploading files with maximum allowed size
• Update isort from 5.12.0 to 5.13.2
• Update node_modules/eslint from 8.54.0 to 8.56.0
• Update node_modules/eslint-plugin-import from 2.29.0 to 2.29.1
• Update node_modules/eslint-plugin-n from 16.3.1 to 16.6.2
• Update actions/setup-python from 4 to 5
• Update github/codeql-action from 2 to 3
• Update actions/upload-artifact from 3 to 4

Translations

• Updated Chinese Simplified translation
• Updated Japanese translation

Security

• Update django from 4.2.4 to 4.2.7. Fixes CVE-2023-46695, CVE-2023-43665 and CVE-2023-41164
• Update django-simple-captcha from 0.5.18 to 0.5.20
• We believe that none of these issue affect Kiwi TCMS directly however we recommend that you upgrade your installation as soon as possible

Improvements

• Update bleach from 6.0.0 to 6.1.0
• Update django-colorfield from 0.9.0 to 0.10.1
• Update django-grappelli from 3.0.6 to 3.0.8
• Update django-simple-history from 3.3.0 to 3.4.0
• Update markdown from 3.4.4 to 3.5.1
• Update psycopg2 from 2.9.7 to 2.9.9
• Update pygments from 2.16.1 to 2.17.2
• Update python-gitlab from 3.15.0 to 4.1.1
• Update uwsgi from 2.0.22 to 2.0.23
• Update node_modules/crypto-js from 4.1.1 to 4.2.0
• Update node_modules/datatables.net-buttons from 2.4.1 to 2.4.2
• Update node_modules/pdfmake from 0.2.7 to 0.2.8
• Update bug-tracker integration documentation with specifics about matches for product name
• When searching for JIRA projects try also matching by project key
• Fall-back to credentials from database if settings.EXTERNAL_ISSUE_RPC_CREDENTIALS override returns None

Database

• New migrations after upgrading django-color-field. Increases field max_length from 18 to 25

Bug fixes

• Fix error in filtering by TestRun ID on TestCase Search page (@somenewacc)
• Fix TestRun page to not automatically update its stop_date when marking statuses for test executions if there are more neutral executions left on the page outside of the currently filtered selection (@somenewacc)
• Fix bug with JIRA integration not being able to find project via name

Refactoring and testing

• Refactor calls to delete expandedExecutionIds to satisfy https://rules.sonarsource.com/typescript/RSPEC-2870/ (@somenewacc)
• Refactor calls to delete expandedTestCaseIds to satisfy https://rules.sonarsource.com/typescript/RSPEC-2870/
• Use tuple as the cache-key for IssueTrackerType.rpc_cache internally
• Add test for collectstatic because of an upstream issue with django-grappelli
• Improve tests for JIRA integration
• Test against Bugzilla on Fedora 39
• Update actions/checkout from 3 to 4
• Update node_modules/eslint from 8.48.0 to 8.54.0
• Update node_modules/eslint-plugin-import from 2.28.1 to 2.29.0
• Update node_modules/eslint-plugin-n from 16.0.2 to 16.3.1
• Update node_modules/webpack from 5.88.2 to 5.89.0
• Update pylint-django from 2.5.3 to 2.5.5 and all of our custom linter rules

Improvements

• Update allpairspy from 2.5.0 to 2.5.1
• Update django from 4.2.3 to 4.2.4
• Update mysqlclient from 2.1.1 to 2.2.0
• Update uwsgi from 2.0.21 to 2.0.22
• Update pygments from 2.15.1 to 2.16.1
• Update psycopg2 from 2.9.6 to 2.9.7
• Update node_modules/datatables.net-buttons from 2.3.6 to 2.4.1
• Update node_modules/markdown from 3.4.3 to 3.4.4
• Update node_modules/word-wrap from 1.2.3 to 1.2.4
• Update documentation for JIRA integration
• Clarify the django-ses add-on mentioned in documentation
• Add a button to delete URLs from test executions. Fixes Issue #2936
• Show traceback info during IssueTracker health-check to make it easier to debug problems

API

• Define IssueTracker.rpc_credentials property to make it easier to override credentials for IssueTracker integrations

Settings

• Allow overriding IssueTrackerType.rpc_credentials via the EXTERNAL_ISSUE_RPC_CREDENTIALS setting

Bug fixes

• Hide all expanded child rows in TestPlan Search page. Fixes Issue #3245 (@somenewacc)
• Fix wrong query parameter on DASHBOARD page (@somenewacc)
• Fix template variable for form fields in search pages (@somenewacc)
• Prevent multiplication of callbacks for data tables (@somenewacc)
• Don't fail IssueTracker health-check if we didn't use OpenGraph
• Reorder items under SEARCH menu for consistency with items under the TESTING menu. Fixes Issue #3315

Refactoring and testing

• Update node_modules/eslint from 8.44.0 to 8.48.0
• Update node_modules/eslint-plugin-import from 2.27.5 to 2.28.1
• Update node_modules/eslint-plugin-n from 16.0.1 to 16.0.2
• Update node_modules/webpack from 5.88.1 to 5.88.2
• Fix exception when no history objects found in TestExecutionFactory
• Move append items to list definition
• Provide /usr/lib64/pkgconfig/mariadb.pc inside buildroot
• Remove unused translation string in ar_SA locale

Translations

• Updated Russian translation

Security

• Update django from 4.2.2 to 4.2.3. Fixes CVE-2023-36053 - ReDoS vulnerability
• Patch misconfigured HTTP headers allowing stored XSS execution. Fixes CVE-2023-36809
• Sanitize test plan name in tree_view_html() function to reduce the opportunity for exploiting stored XSS vulnerabilities
• Extend the list of file upload validators to reduce the opportunity for exploiting stored XSS vulnerabilities

Improvements

• Update django-colorfield from 0.8.0 to 0.9.0
• Update django-extensions from 3.2.1 to 3.2.3
• Update django-simple-captcha from 0.5.17 to 0.5.18
• Update django-tree-queries from 0.14.0 to 0.15.0
• Update jira from 3.5.1 to 3.5.2
• Update python-gitlab from 3.14.0 to 3.15.0
• Small update to HEALTHCHECK command in container
• Replace mysql with native mariadb commands for backup/restore

Refactoring and testing

• Update node_modules/eslint from 8.42.0 to 8.44.0
• Update node_modules/eslint-plugin-n from 16.0.0 to 16.0.1
• Update node_modules/webpack from 5.85.0 to 5.88.1
• Update node_modules/webpack-cli from 5.1.3 to 5.1.4
• Pin Selenium to 4.9.1 b/c of failures with 4.10.0
• Add configuration for testing with reverse proxy
• Assert that Nginx proxy doesn't strip response headers
• Assert on the number of Content-Type headers for attachments
• Update how we seed GitLab API token used for testing

Translations

• Updated Russian translation

Security

• Improved checks when uploading potentially dangerous files. Fixes CVE-2023-33977

Improvements

• Update django from 4.2.1 to 4.2.2
• Update jira from 3.5.0 to 3.5.1
• Add HEALTHCHECK command for Docker container
• Add searching by TestRun summary in Telemetry pages. Fixes Issue #3190
• Make it more clear when email notifications trigger. Closes Issue #3212
• Improve messaging for Issue Tracker Configuration health check. References Issue #3141, closes Issue #3191, closes Issue #34

Refactoring

• Update node_modules/eslint from 8.40.0 to 8.42.0
• Update node_modules/eslint-plugin-n from 15.7.0 to 16.0.0
• Update node_modules/eslint-config-standard from 17.0.0 to 17.1.0
• Update node_modules/webpack from 5.83.1 to 5.85.0
• Update node_modules/webpack-cli from 5.1.1 to 5.1.3
• Update GitLab test data initialization b/c the database inside the container image has changed

Translations

• Updated Russian translation
• Updated Slovenian translation

Security

• Update Django from 4.1.8 to 4.2.1 which contains a fix for CVE-2023-31047. We believe this does not affect Kiwi TCMS
• Implement better scanning for embedded <script> tags in uploaded files
• Force Content-Type: text/plain when serving uploaded files. See GHSA-x7c2-7wvg-jpx7
• Explicitly configure top-level permissions for CI jobs as read-all
• Pass untrusted input via intermediate ENV variables in CI jobs

Improvements

• Update nginx from 1.20 to 1.22
• Update django-grappelli from 3.0.5 to 3.0.6
• Update pygithub from 1.58.1 to 1.58.2
• Add Helm chart examples (Michael Abramovich)

Refactoring and testing

• Update node_modules/webpack-cli from 5.0.1 to 5.1.1
• Update node_modules/webpack from 5.80.0 to 5.83.1
• Update node_modules/eslint from 8.38.0 to 8.40.0
• Update tests/bugzilla/fedora from 37 to 38
• Enable the checkov static linter

Translations

• Updated Russian translation

Security

• For security reasons updating email address is no longer allowed. Fixes CVE-2023-30544
• Block uploads of potentially harmful files. Fixes CVE-2023-30613

Improvements

• Update Django from 4.1.7 to 4.1.8
• Update django-attachments from 1.9.1 to 1.11
• Update psycopg2 from 2.9.5 to 2.9.6
• Update pygments from 2.14.0 to 2.15.1
• Update python-gitlab from 3.13.0 to 3.14.0
• Add INFO message for User/Group pages in Admin panel which indicates whether the user is viewing records from the main tenant or from an individual tenant to avoid confusion
• Add new Execution Dashboard telemetry report. Closes Issue #2918
• Add column visibility button on search pages. Fixes Issue #3149
• Add CSV, Excel, PDF and Print buttons on search pages. Fixes Issue #3150
• Allow manually resetting TestRun.stop_date when editing page. Refs Issue #3124
• Display child test plans on Search Test Plans page. Fixes Issue #2917
• Display nested test plans in drop down select widget on Search Test Cases page. Fixes Issue #3134
• Display nested test plans in drop down select widget on Telemetry pages
• Display pagination controls for search results both at the top and bottom
• On Search Test Runs page display start/stop timestamp columns. Closes Issue #2306
• On Search Test Cases page display results from child test plans. Fixes Issue #3135

API

• TestExecution.update() method will no longer update self.stop_date and self.run.stop_date fields when status has been changed! The appropriate behavior here should be specified by the client calling this API method. Refs Issue #3112
• TestPlan.filter() method now returns the children_count field. Refs Issue #3134, Issue #2917
• TestExecution.filter() method now returns status__icon & status__color fields

Bug fixes

• Fix test case filter widget on Test Plan page. Fixes Issue #3137
• Disable selection of inactive test plans on New Test Run page. Fixes Issue #3152
• Add styled page for attachment upload errors. Fixes Issue #1156
• Fix include syntax for uwsgi.override in uwsgi.conf

Refactoring

• Add additional query parameters for updateTestPlanSelectFromProduct()
• Add preProcessData callback to updateTestPlanSelectFromProduct()
• Remove unused telemetry.css file
• Remove unused parameter from updateTestPlanSelectFromProduct()
• Replace hand-crafted pagination controls with the ones built into DataTables
• Replace useless form_errors_to_list() function
• Skip RobotFramework tests on aarch64 b/c of Selenium error, tested on x86_64
• Update node_modules/webpack from 5.76.3 to 5.80.0
• Update node_modules/eslint from 8.37.0 to 8.38.0

Translations

• Updated Russian translation
• Updated Slovenian translation

Security

• Add the Content-Security-Policy header to block inline JavaScript. Fixes CVE-2023-27489
• Add the X-Frame-Options header to deny loading Kiwi TCMS into an iframe
• Add the X-Content-Type-Options header

Improvements

• Update django-grappelli from 3.0.4 to 3.0.5
• Update django-simple-history from 3.2.0 to 3.3.0
• Update jira from 3.4.1 to 3.5.0
• Update markdown from 3.4.1 to 3.4.3
• Update pygithub from 1.57 to 1.58.1
• Update tzdata from 2022.7 to 2023.3
• Do not allow last super-user to be deleted (Ivajlo Karabojkov)
• Improve loading time on test runs pages which have large number of executions with components, parameters and/or tags (@somenewacc)
• Expose all RPC methods in the documentation
• Update documentation to describe transitions for TestRun statuses. Closes Issue #3124

Settings

• Allow uWSGI configuration override via the file /Kiwi/etc/uwsgi.override

API

• New API method TestRun.add_attachment (David M. Johnson)
• New API method Environment.filter() method. Refs Issue #3034 (@somenewacc)
• New API method Environment.create(). Closes Issue #3034 (@somenewacc)

Bug fixes

• Fix /admin/testcases/template/ page not being able to render the text editor

Refactoring

• Refactor bugtracker integration
• Remove unnecessary onChanged function for DurationWidget
• Refactoring to avoid inline <script> tags

Translations

• Enable translation integration on Admin pages
• Updated Bulgarian translation
• Updated French translation
• Updated Slovenian translation

Security

• Update Django from 4.1.5 to 4.1.7 which includes fixes for CVE-2023-23969 and CVE-2023-24580
• Rate limit everything under /accounts/. Fixes CVE-2023-25156
• Require a captcha challenge on password reset form. Fixes CVE-2023-25171

Improvements

• Update bleach from 5.0.1 to 6.0.0

• Update django-tree-queries from 0.13.0 to 0.14.0

• Update python-gitlab from 3.12.0 to 3.13.0

• Update python-redmine from 2.3.0 to 2.4.0

• Update node_modules/json5 from 1.0.1 to 1.0.2

• Switch from Apache to Nginx + uWSGI

  • uWSGI will spawn worker processes for each available CPU core
  • reduce container image by around 50 MB

  Warning:

  No longer support KIWI_DONT_ENFORCE_HTTPS environment variable

Bug fixes

• Load SimpleMDE for Admin pages. Fixes Issue #3057
• Don't show all builds on Search Test Runs page before Product and Version fields are initialized when loading the page directly

Refactoring and testing

• Remove deprecated setDaemon() method (Ivajlo Karabojkov)
• Execute docker tests against localhost instead of container IP
• Test performance baseline on certain pages with wrk
• Conditionally execute top-level UI functions
• Raise RuntimeError instead of Exception to satisfy newer pylint checks

Translations

• Updated Chinese Simplified translation
• Updated German translation
• Updated Polish translation

Security

• Update bootstrap, bootstrap-select, eonasdan-bootstrap-datetimepicker, jquery and moment-timezone Node.js packages

• Enable password validators to avoid users choosing weak passwords:

  • password can’t be too similar to other personal information
  • password must contain at least 10 characters
  • password can’t be a commonly used password
  • password can’t be entirely numeric

  Warning:

  Existing users are advised to reset their passwords! For more information see GHSA-496x-2jqf-hp7g

Improvements

• Update django from 4.1.3 to 4.1.5
• Update django-colorfield from 0.7.2 to 0.8.0
• Update django-grappelli from 3.0.3 to 3.0.4
• Update django-simple-history from 3.0.0 to 3.2.0
• Update django-tree-queries from 0.11.0 to 0.13.0
• Update pygments from 2.13.0 to 2.14.0
• Update python-gitlab from 3.11.0 to 3.12.0
• Update tzdata from 2022.6 to 2022.7
• Make navigation menu more compact by moving it into the header
• Don't install development dependencies for Node.js packages when building the container image

Database

• Add migrations to reflect indexing changes in django-simple-history 3.1.0. On large databases these will take a while to complete!

Bug fixes

• Trigger on-change handler for Test Case Search pop-up. Fixes Issue #2679
• Fix the + Build button on Bug and TestRun pages which didn't properly select Product & Version
• Editing TestRun page now properly saves all datetime fields instead of reverting them to None
• Initialize planned_start and planned_stop fields when cloning a TestRun

Refactoring and testing

• Start using webpack for JavaScript assets. Closes Issue #1262
• Refactor duplicated setup in Telemetry pages. Closes Issue #1118
• Add CodeQL workflow for GitHub code scanning
• Make it possible to override attachments card title
• Remove useless tooltip from Telemetry pages
• Define page ID for each page that has a .ready() function
• Replace deprecated jQuery syntax for .ready()
• Remove duplicate populateProductVersion() function
• Resolve all of the remaining eslint issues
• Use more precise assert methods in tests

Translations

• Updated Russian translation
• Updated Slovenian translation
• Updated Spanish translation

Security

• Update Django from 4.0.7 to 4.1.3 which contains multiple bug fixes and security improvements. See https://docs.djangoproject.com/en/4.1/releases/4.1.3/
• Sanitize HTML input when generating history diff to prevent XSS attacks

Improvements

• Update django-extensions from 3.2.0 to 3.2.1

• Update jira from 3.4.0 to 3.4.1

• Update psycopg2 from 2.9.3 to 2.9.5

• Update pygithub from 1.55 to 1.57

• Update python-gitlab from 3.9.0 to 3.11.0

• Update tzdata from 2022.2 to 2022.6

• Container is now built on top of Red Hat Enteroprise Linux 9 and Python 3.9

  Warning:

  There is high risk of breaking downstream containers. Pay attention to bind-mounted settings files. Inspect downstream Dockerfile & docker-compose.yml files !!!

• Unify some translation strings

• Document add-on issue tracker integrations

• Rename Properties to Parameters because "test case parameters" is more widely used

Bug fixes

• JIRA.get_issue_type_from_jira() now accepts a second argument. Fixes Issue #2929 (@cmbahadir)
• Fix typo in documentation (Christian Clauss)
• Trim white-space after splitting parameter values. For example the inputs 'OS=Linux' and 'OS = Windows ' will result in Key: 'OS', Values: ['Linux', 'Windows']

Refactoring and testing

• Update Fedora from 32 to 36 in /tests/bugzilla
• Remove Travis CI config b/c we don't use it anymore
• Add Coverity Scan as a GitHub action
• Don't scan devel dependencies with Coverity Scan
• Redirect to where we came from in case posting a comment results in invalid form
• Configure Dependabot to update Docker containers and try tightening security around docker containers used during testing
• Use npm audit fix to automatically update some Node.js dependecies
• Execute npm audit signatures when installing Node.js packages
• Start using find_namespace_packages() to resolve 'Package would be ignored' warnings from setuptools
• Add missing field in setup() to avoid a warning

Translations

• Updated Chinese Simplified translation
• Updated Chinese Traditional translation
• Updated French translation
• Updated German translation
• Updated Slovak translation
• Updated Slovenian translation

Improvements

• Update jira from 3.3.1 to 3.4.0
• Update pygments from 2.12.0 to 2.13.0
• Update python-gitlab from 3.7.0 to 3.9.0
• Update tzdata from 2022.1 to 2022.2
• Add Product drop down field in Build admin page. Closes Issue #2818
• Add 'prune' argument required for Django 4.1 compatibility
• Improve documentation around DEFAULT_GROUPS
• Update docs about language preferences and add a Change language menu item. Closes Issue #2901, Issue #2902, Issue #2903
• Performance improvement for Status matrix telemetry
• Performance improvement for Execution trends telemetry
• Display a spinner widget while telemetry data is still loading. Closes Issue #1801

Bug fixes

• Fix error Jquery deferred: No length property of null object (@cmbahadir)

Refactoring and testing

• Add test for AnonymousViewBackend & auth. permissions
• Exclude auth.view_ permissions from AnonymousViewBackend
• Specify 30 seconds timeout for internal requests via the requests library

Translations

• Updated Chinese Simplified translation
• Updated French translation
• Updated Polish translation
• Updated Russian translation
• Updated Slovenian translation

Security

• Update django from 4.0.3 to 4.0.7, see https://docs.djangoproject.com/en/4.0/releases/4.0.7/, https://docs.djangoproject.com/en/4.0/releases/4.0.6/, https://docs.djangoproject.com/en/4.0/releases/4.0.5/ and https://docs.djangoproject.com/en/4.0/releases/4.0.4/ We don't think Kiwi TCMS has been affected by the security vulnerabilities fixed in Django.
• Use TLSv1.2 and 1.3 by default and disable older protocols

Improvements

• Update bleach from 5.0.0 to 5.0.1
• Update django-colorfield from 0.6.3 to 0.7.2
• Update django-extensions from 3.1.5 to 3.2.0
• Update django-tree-queries from 0.9.0 to 0.11.0
• Update jira from 3.2.0 to 3.3.1
• Update markdown from 3.3.6 to 3.4.1
• Update mysqlclient from 2.1.0 to 2.1.1
• Update python-gitlab from 3.3.0 to 3.7.0
• Update node_modules/marked from 4.0.14 to 4.0.18
• Relax docutils requirement. Use latest version
• Add template block which will allow logo customizations (Ivajlo Karabojkov)
• Don't show PLUGINS menu when no plugins are installed. References Issue #2729
• Add information about Kiwi TCMS user to 1-click bug reports. Closes Issue #2591
• Use a better icon to signify a manual test inside the user interface
• Change UserAdmin to be permission based instead of being role-based. Fixes Issue #2496
• Allow post-processing of automatically created issues. Closes Issue #2383
• Allow more customization over issue type discovery for Jira. Closes Issue #2833
• Allow more customization over project discovery for Jira
• Allow more customization over Redmine tracker. Closes Issue #2382
• Allow DB settings to be read from Docker Secret files. Fixes Issue #2606
• Add filter on TestRun page to show test executions assigned to the current user. Closes Issue #333
• Add URL for creating new TestRun from a TestPlan. The format is /runs/from-plan/<plan-id>/. Closes Issue #274
• Add bug.Severity attribute which is fully customizeable. Closes Issue #2703
• Update documentation around TCMS_ environment variables used by automation plugins
• Update documentation to denote that pytest plugin is now generally available
• Document necessary permissions for adding new users. References Issue #2496

Database

• New migration for bug.Severity model

Settings

• Remove deprecated setting USE_L10N. See https://docs.djangoproject.com/en/4.0/ref/settings/#use-l10n
• New setting EXTERNAL_ISSUE_POST_PROCESSORS
• New setting JIRA_ISSUE_TYPE
• New setting REDMINE_TRACKER_NAME
• New setting EXTERNAL_ISSUE_POST_PROCESSORS

API

• If default_tester field is not specified for TestRun.create() method then use the currently logged-in user.
• Return value for method TestExecution.filter() now contains fields expected_duration and actual_duration. Closes Issue #1924
• Return value for method Bug.filter() now contains fields severity__name, severity__icon and severity__color

Bug fixes

• Adjust field name when rendering test execution on TestRun page. Fixes Issue #2794
• Render rich text editor preview via backend API:
  • Makes display on HTML pages and editor preview the same. Fixes Issue #2659
  • Fixes a bug with markdown rendered in JavaScript. Fixes Issue #2711
• Stop propagation of HTML unescape which causes display issues with code snippets that contain XML values. Fixes Issue #2800
• Show bug text only when creating new records, not when editing
• Properly display & validate related form fields when editing bugs
• Don't send duplicate emails when editing bugs. Fixes Issue #2782

Refactoring and testing

• Convert two assignment statements to augmented source code. Closes Issue #2610 (Markus Elfring)

• Rename method IssueTrackerType.report_issue_from_testexecution():

  • Rename to _report_issue() which returns tuple of (object, str)
  • In case new issue was not created automatically and the method falls back to manual creation the return value will be (None, str)
  • report_issue_from_testexecution() will call _report_issue() internally and handle the change in return type

  Note

  • This change is backwards compatible!
  • For customized issue tracker integration you will have to apply the same changes to your customized code if you wish new functionality, like post-processing of automatically created issues to work.

• Add tests for backup & restore commands. Closes Issue #2695

• Update versions of several CI tools

• Updates around new version of pylint

• Use codecov-action to upload coverage results

• Remove setuptools and other workarounds in tests

• Don't special case dependencies which already provide wheel packages

• Workaround an issue with setuptools_git_archive introduced by jira==3.2.0

• Workaround the fact that django-ranged-response doesn't provide wheels

• Report test results via kiwitcms-django-plugin. Closes Issue #1757

Translations

• Updated Chinese Traditional translation
• Updated Slovak translation