Improvements

• Update django-colorfield from 0.2.2 to 0.3.0
• Update django-simple-history from 2.8.0 to 2.9.0
• Update prismjs from 1.19.0 to 1.20.0
• Update psycopg2 from 2.8.4 to 2.8.5
• Update pygithub from 1.47 to 1.50
• Update python-gitlab from 2.1.2 to 2.2.0
• It is now possible to reopen closed bugs - Fixes Issue #1152 (@cmbahadir)
• Visual improvements for Status matrix telemetry:
  • columns now link to test runs
  • tool-tips show test run summary
• Show TOTAL in tool-tip for Execution trends telemetry
• Self-signed SSL certificate is now built more frequently and is valid for 10 years
• Improved documentation around self-signed certificates
• Improved documentation around e-mail backend configuration. Closes Issue #1070 (@Schwarzkrieger)

API

• Methods TestPlan.create, TestPlan.update and TestRun.update now use Django's ModelForm to properly validate input data against the model
• Method TestCase.update now also accepts username and email values for fields author, default_tester and reviewer

Refactoring

• Migrate bandit test job to GitHub workflows, Closes Issue #1550 (@lcmtwn)
• Migrate doc8 test job to GitHub workflows. Closes Issue #1551 (@Prome88)
• Add 2 more tests (Mariyan Garvanski)
• Convert TP edit page to class based view
• Convert forms to ModelForm

Translations

• Updated Chinese Simplified translation
• Updated German translation
• Updated French translation
• Updated Portuguese, Brazilian translation
• Updated Russian translation
• Updated Slovenian translation
• Updated Vietnamese translation

Improvements

• Update bleach from 3.1.1 to 3.1.4
• Update django from 3.0.4 to 3.0.5
• Update django-colorfield from 0.2.1 to 0.2.2
• Update pygithub from 1.46 to 1.47
• Update python-gitlab from 2.0.1 to 2.1.2
• Update marked(js) to version 0.8.2
• Change default MariaDB charset and collation to utf8mb4. Will only affect new installations. Closes Issue #327
• Document TCMS_PLAN_ID ENV variable supported by automation framework plugins
• Test case Search page now allows searching for records containing the specified text. Closes #1209 @Schwarzkrieger
• Provide ../site-packages/tcms_settings_dir/ when installing Kiwi TCMS which is an empty pkgutil-style namespace where other packages can drop their configuration
• Hide empty values in Execution trends chart tooltips

API

• Remove Auth.login_krbv() method
• Method TestRun.update() will now accept %Y-%m-%d %H:%M:%S timestamp format. The previous format %Y-%m-%d is also supported
• Method TestExecution.create() now defaults to first neutral status instead of searching for the hard-coded IDLE. That means newly created test executions which do not specify status will be created with the first neutral status found in the database

Refactoring

• Fix pylint errors. Closes Issue #1510 (@cmbahadir)
• Add tests for TestRunAdmin.delete_view() (Mariyan Garvanski)
• Revert "[l10n] Add Serializer class which returns untranslated models"

Translations

• Updated Bulgarian translation
• Updated Portuguese, Brazilian translation

Security

• JSON-RPC handler will now HTML escape all strings. This prevents XSS attacks via tags, components or anything else which is loaded on the web page via RPC and then shown as string. Even if someone saves <script>alert(123);</script> in the database the returned result will be HTML escaped and will not be executed as JavaScript!

  Notes:

  This is easy to exploit but people able to do so should have accounts in your Kiwi TCMS installation and write privileges on their accounts. If they do this means they can cause a lot more damage much more easily!

• Update Django from 3.0.3 to 3.0.4 - fixes security issue CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle which we believe does not affect Kiwi TCMS

Improvements

• Update bleach from 3.1.0 to 3.1.1

• Update django-colorfield from 0.1.15 to 0.2.1

• Update markdown from 3.2 to 3.2.1

• On bug creation send email to assignee. Fixes Issue #1154 (Mfon Eti-mfon)

• Make it possible to provide override settings in a directory. Kiwi TCMS will respect:

  • local_settings.py
  • local_settings_dir/*.py

  For more information see https://kiwitcms.readthedocs.io/en/latest/installing_docker.html#customization

• Allow adding TestPlan to TestCase via UI. Fixes Issue #1021

• Add visual representation of failures in TestCase health telemetry

• Add helper text to TestExecutionStatus admin

• Add link to discussion forum in Help menu

API

• TestCase.create() method no longer accepts product or product_id fields which have previously been deprecated
• API methods which receive True/False values will no longer parse yes,no,1,0 values. The only accepted values are boolean constants defined in the calling programming language which are then transmitted via XML-RPC or JSON-RPC and converted to native boolean on the backend

Bug fixes

• The number of search results shown per page can now be controlled via DEFAULT_PAGE_SIZE setting, which is 100 by default. Fixes Issue #1210 (Ivailo Karabojkov)
• Use comma separated display of components in bug reports. Fixes Issue #1157 (Ivailo Karabojkov)
• Update selector for 'Select All' test executions in TestRun page. Fixes Issue #1404
• Fix crash when sorting test cases in TestPlan page. Fixes Sentry #KIWI-TCMS-A6
• Fix a TC-undefined displayed in TestCase health telemetry

Refactoring

• Add test for TestRunAdmin.change_view() (Mariyan Garvanski)
• Remove unused showCaseRunsWithSelectedStatus
• Internal JavaScript updates

Translations

• Updated Bulgarian translation
• Updated Chinese Simplified translation
• Updated French translation
• Updated Slovenian translation

Improvements

• Update Django from 3.0.2 to 3.0.3
• Update django-grappelli from 2.13.3 to 2.14.1
• Update markdown from 3.1.1 to 3.2
• Update python-gitlab from 1.15.0 to 2.0.1
• Update pygithub from 1.45 to 1.46
• Allow customization of test execution statuses via admin. For more information see https://kiwitcms.readthedocs.io/en/latest/admin.html#test-execution-statuses. Fixes Issue #236
• Add passing rate chart to Execution trends telemetry
• Documentation updates (@Prome88)

Database

This release adds several migrations which alter the underlying database schema by renaming multiple columns.

WARNINGS:

• SQLite has very poor capabilities for altering schema and it will break when run with existing database! If you had deployed Kiwi TCMS with SQLite for production purposes you will not be able to upgrade! We recommend switching to Postgres first and then upgrading!

• docker-compose.yml has been updated from MariaDB 5.5 to MariaDB 10.3. The 10.x MariaDB containers change their datadir configuration from /var/lib/mysql to /var/lib/mysql/data! We recommend first upgrading your MariaDB version, using Kiwi TCMS 7.3 and afterwards upgrading to Kiwi TCMS 8.0:

  1. Backup existing database with:

     docker exec -it kiwi_db mysqldump -u kiwi -pYourPass kiwi > backup.sql
     

  2. docker-compose down

  3. docker volume rm kiwi_db_data - will remove existing data volume b/c of incompatibilities between different MariaDB versions

  4. docker-compose up - will recreate data volume with missing data. e.g. manage.py showmigrations will report that 0 migrations have been applied.

  5. Restore the data from backup:

     cat backup.sql | docker exec -u 0 -i kiwi_db /opt/rh/rh-mariadb103/root/usr/bin/mysql kiwi
     

     note: This connects to the database as the root user

  6. Proceed to upgrade your Kiwi TCMS container !

CHANGES:

• Remove model fields of type AutoField. They are a legacy construct and shouldn't be specified in the source code! Django knows how to add them dynamically. These are:
  • Tag.id
  • TestCaseStatus.id
  • Category.id
  • PlanType.id
  • TestExecutionStatus.id
• Remove db_column attribute from model fields
• Rename several primary key fields to id:
  • Build.build_id -> Build.id
  • TestRun.run_id -> TestRun.id
  • TestPlan.plan_id -> TestPlan.id
  • TestCase.case_id -> TestCase.id
  • TestExecution.case_run_id -> TestExecution.id

API

WARNING:

The database schema changes mentioned above affect multiple API methods in a backwards incompatible way! There is possibility that your API scripts will also be affected. You will have to adjust those to use the new field names where necessary!

CHANGES:

• Methods Build.create(), Build.filter() and Build.update() will return id instead of build_id field
• Method TestRun.get_cases() will return execution_id instead of case_run_id field and id instead of case_id field
• Methods TestRun.add_case(), TestExecution.create(), TestExecution.filter() and TestExecution.update() will return id instead of case_run_id field
• Methods TestRun.create(), TestRun.filter(), TestRun.update() will return id instead of run_id field
• Methods TestPlan.create(), TestPlan.filter() and TestPlan.update() will return id instead of plan_id field
• Methods TestCase.add_component(), TestCase.create(), TestCase.filter() and TestCase.update() will return id instead of case_id field

NOTES:

Kiwi TCMS automation framework plugins have been updated to work with the newest API. At the time of Kiwi TCMS v8.0 release their versions are:

• kiwitcms-tap-plugin v8.0.1
• kiwitcms-junit.xml-plugin v8.0.1
• kiwitcms-junit-plugin v8.0

Bug fixes

• Allow displaying lists with more then 9 items when reviewing test cases. Fixes Issue #339 (Mfon Eti-mfon)
• Make tcms.tests.storage.RaiseWhenFileNotFound` capable of finding finding static files on Windows which enables development mode for folks not using Linux environment. See SO #55297178 (Mfon Eti-mfon)
• Allow changing test execution status without adding comment. Fixes Issue #1261
• Properly refresh test run progress bar when changing statuses. Fixes Issue #1326
• Fix a bug where updating test cases from the UI was causing text and various other fields to be reset. Fixes Issue #1318

Refactoring

• Extract attachments widget to new template. Fixes Issue #1124 (Rosen Sasov)
• Rename RPC related classes. Fixes Issue #682 (Rosen Sasov)
• Add new test (Mariyan Garvanski)
• Start using GitHub actions, first for running flake8
• Remove unused TestCase.get_previous_and_next()
• Remove unused TestCaseStatus.string_to_instance()
• Remove unused TestCase.create()
• Remove unused json_success_refresh_page()
• Remove unused fields from SearchPlanForm
• Use JSON-RPC in previewPlan()
• Remove toggleTestCaseContents(), duplicate of toggleTestExecutionPane()
• Refactor a few more views to class-based

Translations

• Updated Bulgarian translation
• Updated French translation
• Updated Korean translation
• Updated Slovenian translation
• Updated Turkish translation

Security

• Update Django from 2.2.8 to 3.0.2

Improvements

• Update python-gitlab from 1.13.0 to 1.15.0
• Update pygithub from 1.44.1 to 1.45
• Update django-grappelli from 2.13.2 to 2.13.3
• Bump django-uuslug from 1.1.9 to 1.2.0
• Bump django-attachments from 1.4.1 to 1.5
• Bump django-vinaigrette from 1.2.0 to 2.0.1
• Update marked to version 0.8.0
• Update prismjs to version 1.19.0
• Generalize existing kiwitcms.telemetry.plugins handling code by renaming the entry point to kiwitcms.plugins
• Refactor views to class based (Svetlozar Stoyanov)
• Teach Kiwi TCMS to automatically report bugs to GitHub when the user selects such action. Fall back to opening a new browser window for manually entering the bug if something goes wrong

Database

• When migrating from the older Bug model to LinkReference skip bugs which are attached directly to test cases instead of test executions. See SO #59321756
• Remove AutoField.max_length because it is ignored by Django 3

API

• TestCase.update() method now allows to update the author field. Fixes Issue #630

Bug fixes

• Modify template pass object as test_plan. Fixes Issue #1307 (Ed Oswald S. Go)
• Enable version selection in test plan search page. Fixes Issue #1276
• Apply percentage rounding for completed test executions. Fixes Issue #1230
• Fix a logical bug in conditional expression when deciding whether or not reporting bugs to selected issue tracker is disabled

Refactoring

• Add code of conduct. Fixes Issue #1185 (Rosen Sasov)
• Add test for KIWI_DONT_ENFORSE_HTTPS. Closes Issue #1274
• Replace ugettext_lazy with gettext_lazy for Django 3
• Remove BaseCaseSearchForm.bug_id field
• Refactor testcase edit view to class-based
• Happy New Year pylint

Translations

• Updated Chinese Simplified translation
• Updated Slovenian translation
• Updated Vietnamese translation

Improvements

• Base docker image to new CentOS 8
• Update Django from 2.2.6 to 2.2.8
• Update django-contrib-comments from 1.9.1 to 1.9.2
• Update django-grappelli from 2.13.1 to 2.13.2
• Update django-modern-rpc from 0.11.1 to 0.12.0
• Update django-simple-history from 2.7.3 to 2.8.0
• Update mysqlclient from 1.4.4 to 1.4.6
• Update pygithub from 1.44 to 1.44.1
• Update python-gitlab from 1.12.1 to 1.13.0
• Several documentation updates

Database migrations

• Add new database fields weight, icon and color to TestExecutionStatus and adjust existing code to work with them. This is a necessary step before allowing customization of test execution statuses, see Issue #236

API

• RPC method TestExecution.add_comment() now requires django_comments.add_comment permission
• Add new RPC method TestExecution.remove_comment()
• Add new RPC method TestCase.add_comment()
• Add new RPC method TestCase.remove_comment()

Bug fixes

• testplans.views.DeleteCasesView now requires testplans.change_testplan permission (Svetlomir Balevski)
• testplans.views.ReorderCasesView now requires testplans.change_testplan permission (Svetlomir Balevski)
• Fix counting bug in execution trends telemetry
• Fix several telemetry queries to still show data in the corner case where test cases have been deleted from a TestPlan but test runs are still available
• Fix broken bulk menu in TestRun page when (translated) status names are too long
• Automatically expand TestExecution comment history if there are comments present. Fixes Issue #349 (Matt Porter)
• Document timezone settings and show current server time in navbar. Fixes Issue #1206
• Check for permissions in HTML template. Closes Issue #961
• Document bug tracker integration support. Fixes Issue #698
• Delete comments when TestCase and TestExecution are removed. Closes Issue #1028

Refactoring

• Pylint fixes (Mariyan Garvanski)
• Use django.utils.timezone.now() instead of datetime.now(). Closes Issue #545
• Use JSON-RPC instead of backend views when working with comments. Resolves Issue #960
• Remove tcms.core.contrib.comments module. Closes Issue #959
• Remove label= attribute from form field. Fixes Issue #652
• Move and rename XML-RPC forms. Resolves Issue #681
• Convert testplans.views.DeleteCasesView to JSON-RPC
• Refactor more views from function based to class based
• Remove duplicate JavaScript

Translations

• Updated Bulgarian translation
• Updated Chinese Traditional translation
• Updated French translation

Improvements

• Update django from 2.2.5 to 2.2.6
• Update python-gitlab from 1.11.0 to 1.12.1
• Update pygithub from 1.43.8 to 1.44
• Update psycopg2 from 2.8.3 to 2.8.4
• Add help tooltips in all telemetry pages
• Better styling for checkboxes in 'Add hyperlink' dialog, part of TestRun page
• Add hyperlink validation. Fixes Issue #1147

Database migrations

• Add bugs permissions to Tester group. Will make any difference only if upgrading from existing installation

API

• New method Bug.remove()

Bug fixes

• Always build with the latest versions of translations
• Add 'Delete' menu item in Bugs page. Fixes #1153 Issue #1153
• When deleting hyperlink from TestExecution hide the actual UI elements from the page
• Fix failure to delete TCs when the number of TCs inside TP is greater than 100. Fixes Issue #1149 and Sentry KIWI-TCMS-8F

Refactoring

• Rename directory xmlrpc to rpc and pylint updates. Refs Issue #682 (Matej Aleksandrov, Sinergise)
• Remove labels from form fields, Refs Issue #652 (Azmi YÜKSEL)
• New base class for tests around permissions (Svetlomir Balevski)
• New "blueprint" test case around permissions to make testing in this area more robust
• Refactor many views from function based to class based
• Update stale tests in tcms/core/tests/ and make sure they aren't ignored by the test runner
• Remove empty class XMLRPCBaseCaseForm
• Remove XMLRPCNewCaseForm, duplicate of NewCaseForm
• Remove rpc.forms.UpdateCaseForm in favor of XMLRPCUpdateCaseForm
• Update only English sources with new strings as a temporary workaround b/c Crowdin uses different formatting heuristics than gettext. This will minimize the number of .po format changes
• A few pylint fixes

Translations

• Updated Albanian translation - 97%
• Updated Bulgarian translation - 91%
• Updated Chinese Simplified - 71%
• Updated Greek translation - 44%
• Updated Italian translation - 97%
• Updated Japanese translation - 0%
• Updated Macedonian translation - 11%
• Updated Russian translation - 97%
• Updated Slovenian translation - 100%
• Updated Spanish translation - 96%
• Updated Turkish translation - 97%

Security

• API method BugSystem.filter() has been removed (now unused) but it was possible to use this method to steal passwords or keys used for Issue Tracker integration. This vulnerability could be exploited by users logged into Kiwi TCMS and is classified as medium severity! We advise you to change your integration API keys and passwords immediately!

Improvements

• Update Django from 2.2.4 to 2.2.5
• Update django-uuslug from 1.1.8 to 1.1.9
• Update mysqlclient from 1.4.2.post1 to 1.4.4
• Update python-bugzilla from 2.2.0 to 2.3.0
• Update python-gitlab from 1.10.0 to 1.11.0
• Update patternfly from 3.59.3 to 3.59.4
• Reduce docker image size from 1.01 GB to under 600 MB
• Add TestCase Health telemetry
• Add support for Redmine issue tracker. Fixes Issue #41 (Jesse C. Lin)
• Add breathing room around HTML form's submit buttons (Rady Madjev)
• New TestRun page action: bulk-add hyperlinks to TestExecution(s)
• Make it possible to disable HTTPS by specifying the KIWI_DONT_ENFORCE_HTTPS environment variable! Fixes Issue #1036 (Marco Descher)
• Documentation updates, including internal style checker. Fixes Issue #1000 (Prome88)
• When linking a TestExecution to a defect and choosing to update the Issue Tracker Kiwi TCMS will not add a comment pointing back to TR ID/summary/URL and TE ID/summary. This provides more detailed information about the reproducer instead of just linking to a TestCase without any specific execution details like we did in the past
• Display additional defect information via Issue Tracker integration. On Patternfly pages which show defect URLs this is accessible via a small info icon. Fixes Issue #117
• Add minimalistic defect tracker functionality. Fixes Issue #699
  • integrated with Issue Tracker integration layer as if it was an external system
  • when adding hyperlink to TestExecition (also via API method TestExecution.add_link()) this is special cased and the references between Bug and TestExecution are always updated
  • when clicking 'Report bug' from inside Test Execution the new defect is reported automatically and a new browser window opens to display the information

Database migrations

• Tell the migration planner to apply testruns.0006_rename_test_case_run_to_test_execution after linkreference.0001_squashed. This enables subsequent migrations and new functionality to be applied without crashing.

  Warning

  Django should be able to handle this automatically both for existing installations and for new ones. In any case make sure you backup your data first and make a dry-run to verify that nothing breaks!

• Remove fields url_reg_exp, validate_reg_exp and description from BugSystem model

• Update the following fields in LinkReference model:

  • rename test_case_run to execution
  • add indexing for created_on and url
  • add is_defect field

• Apply LinkReference permissions to default group Tester. Fixes Issue #881

  Warning

  Administrators of existing applications will need to apply these permissions by hand via the Admin section.

• Remove testcases.Bug model, replaced with LinkReference. Closes Issue #1029 and obsoletes Issue #320.

  Note

  Linking bugs to TestExecution is now performed via URLs instead of keeping a reference to BUG-ID and trying to reconstruct the URL on the fly.

  Warning

  The model named Bug which is added by subsequent migrations refers to defects reported into Kiwi TCMS minimalistic defect tracker!

• New model bugs.Bug is now available. Permissions of type bugs | bug | Can ... will be applied to the default group named Tester only for new installations.

  Warning

  Administrators of existing applications will need to apply these permissions by hand via the Admin section.

API

• TestExecution.add_link() method now returns serialized LinkReference object.
• TestExecution.remove_link() method now accepts one parameter of type dict used to filter the objects which to remove
• TestExecution.get_links() method now accepts one parameter of type dict instead of int
• TestExecution.add_link() method signature changed from (int, str, str) to (dict), where the single parameter holds field values for the LinkReference model
• Remove TestExecution.add_bug() method, use TestExecution.add_link()
• Remove TestExecution.remove_bug() method, use TestExecution.remove_link()
• Remove TestCase.add_bug() method
• Remove TestCase.remove_bug() method
• Remove Bug.remove() method, use TestExecution.remove_link()
• Remove Bug.create() method, use TestExecution.add_link()
• Add method Bug.details() which together with the underlying IssueTracker.details() is the foundation of how Kiwi TCMS fetches extra details from the issue tracking system. The default implementation uses OpenGraph protocol to collect the data that will be shown. You may override .details() for each issue tracker (or add your own IT) to extend this functionality. Information is cached for 1 hour by default. References Issue #117
• Add methods Bug.add_tag() and Bug.remove_tag()
• Existing method with name Bug.filter() has changed behavior. It is now used to query objects from Kiwi TCMS minimalistic defect tracker

Removed functionality

• Remove IssueTrackerType.all_issues_link() method. This was used in TestRun Report page to show a single link that will open all bugs in the Issue Tracker. Most trackers don't support this and the UI portion has been rewritten
• Remove LinkOnly issue tracker - obsolete because all defects are now added to TestExecutions via their URLs
• Remove bulk-add/bulk-remove of bugs in TestRun page, replaced by bulk-add for hyperlinks

Settings

• Respect the CACHES setting, see Django docs for more info. Initially this setting is used to cache defect details received via Issue Tracker integration. See Issue #117

Bug fixes

• Don't auto-download FontAwesome for SimpleMDE. Resolves icons disappearing on pages which have the markdown editor. Fixes Issue #905
• Reorder HTML elements so Delete button is still visible in TestCase review comment section. Fixes Issue #1013 (Rady Madjev)
• Remove section that displays bugs in TestExecution container. Bugs are now denoted by a small icon next to their hyperlink. Closes Issue #475
• Cache Issue Tracker connections per base_url. Fixes Issue #290

Refactoring

• Lots of refactoring from function based views to class based views (Rady Madjev)
• Use JavaScript and the API to remove case execution instead of dedicated backend function (Rady Madjev)
• Update pylint directives around missing permissions (Svetlomir Balevski)
• Fix typo in identifier. Fixes CID 344186
• Use TestExecution.add_link() and TestExecution.remove_link() in UI instead of dedicated backend function.
• Remove unused LinkReference views, forms and tests modules

Translations

• Introduce a translation mode where you can translate the interface via in-context editor. For more information see Translation guide. Fixes Issue #1098
• Updated Albanian translation
• Updated Bulgarian translation
• Updated Chinese Traditional translation
• Updated French translation
• Updated Greek translation
• Updated Italian translation
• Updated Slovenian translation
• Updated Turkish translation

For more information check-out all supported languages. To request new language click here!

Security

• Update Django from 2.2.2 to 2.2.4
• Update marked to version 0.7.0, see release notes

Improvements

• Update python-gitlab from 1.8.0 to 1.10.0
• Update django-grappelli from 2.12.3 to 2.13.1
• Update django-simple-history from 2.7.2 to 2.7.3
• Update django-attachments to 1.4.1
• Update PyGithub from 1.43.7 to 1.43.8
• Update patternfly to version 3.59.3
• Update prismjs to version 1.17.0
• Add Testing Status Matrix telemetry
• Add Testing Execution Trends telemetry
• Make it possible to attach files directly inside Test Plan page
• Make it possible to attach files directly inside Test Execution widget
• Convert Clone TestPlan page to Patternfly, greatly simplify the UI and update behavior:
  • Cloned TP author will always be set to the current user
  • Cloned TC author will always be set to the current user
  • Always keep the original default tester for test cases when cloning
  • Refactor to class based view
  • Fix a problem where Version values failed form validation b/c we've been trying to filter based on non-existing field product_id instead of just product
  • Fixes a problem where erroneous Version value was shown in the UI
• Convert Clone TestCase page to Patternfly, greatly simplify the UI and update behavior. Fixes Issue #838:
  • Allow cloning into multiple test plans
  • Remove 'Filter another plan' option. Will be replaced by 'Add TP to TC', see Issue #1021
  • Always update sortkey. Cloned TC will show at the bottom of the TestPlan
  • Cloned TC author will always be set to the current user
  • Always keep the original default tester

API

• First parameter of RPC method Bug.report() has been renamed from test_case_run_id to execution_id. This may break existing API scripts which try to pass this argument by name instead of by position!

Settings

• Allow ENV variables KIWI_USE_TZ and KIWI_TIME_ZONE to control settings USE_TZ and TIME_ZONE. Fixes Issue #982 (Jason Yi)

Bug fixes

• Fix wrong permission label when deleting comments. Fixes Issue #1010

Refactoring

• Disable unnecessary pylint messages for missing-permission-required checker (Svetlomir Balevski)
• Remove unnecessary from_plan URL variable making cleaner URLs
• kiwi_lint: Don't check nested functions for permissions
• Remove and regroup JavaScript functions
• Instruct pyup-bot to monitor requirements/tarballs.txt for updates

Translations

• Updated French translation
• Updated Slovenian translation

Security

• Update Django from 2.2.1 to 2.2.2 for medium severity CVE-2019-12308 (XSS), CVE-2019-11358 (jQuery). More info
• Add missing permission checks for menus in Test run page UI template. Permission check added for TestExecution status and comment menu. References Issue #716
• Re-enable static analysis with bandit and Coverity Scan in Travis CI (Svetlomir Balevski)

Improvements

• Update psycopg2 from 2.8.2 to 2.8.3
• Update markdown from 3.1 to 3.1.1
• Update patternfly to version 3.59.2
• Override PasswordResetForm because Site.objects.get_current() didn't produce correct results when working with kiwitcms-tenants
• Show column is_active in user admin page

Refactoring

• Add test for email_case_deletion() (Rik)
• New linter to warn about usage of AutoField. Fixes Issue #737 (Ivo Donchev, HackSoft)
• New linter to discover empty classed. Fixes Issue #739 (Daniel Goshev)
• New linter to warn about usage of OneToOneField. Fixes Issue #735 (George Goranov)
• New linter to warn about usage of function based views. Fixes Issue #734 (Yavor Lulchev, Uber)
• New linter to discover Python files in directories without __init__.py. Fixes Issue #790

Improvements

• Update mysqlclient from 1.4.2 to 1.4.2.post1
• Ship with prism.js so it can be used for syntax highlighting
• Add Testing Breakdown telemetry
• Mark more strings for translations
• Add delete_user() function which can delete data across Postgre schemas (if kiwitcms-tenants add-on is installed)

API

• Remove deprecated TestCaseRun. API methods. Use the new TestExecution. methods introduced in v6.7. Fixes Issue #889

Bug fixes

• Fix typos in documentation (@Prome88)
• Fix TemplateParseError in email templates when removing test cases. On-delete email notification is now sent properly

Refactoring

• Add more tests around TestRun/TestExecution menu permissions
• Minor pylint fixes

Translations

• Updated French translation
• Updated Slovenian translation

Improvements

• Update Django from 2.2 to 2.2.1
• Update django-simple-history from 2.7.0 to 2.7.2
• Update django-grappelli from 2.12.2 to 2.12.3
• Update psycopg2 from 2.8 to 2.8.2
• Update pygithub from 1.43.6 to 1.43.7
• Upgrade pip and setuptools inside Docker image
• Update documentation with newer screenshots and updated Tutotial. Fixes Issue #837 (@Prome88)
• Document how to enable public read-only views
• Remove deprecated documentation section about Bugzilla authentication
• Install PostgreSQL libraries in Docker image which makes it easier to switch the DB backend without rebuilding the entire image
• Remove npm, libxml2-devel and libxslt-devel from Docker image
• Database engine configuration now respects the KIWI_DB_ENGINE environment variable which defaults to django.db.backends.mysql. This will make it easier for admins to change DB engine by updating their docker-compose.yml

Bug fixes

• Pin bootstrap-switch to version 3.3.4 in package.json. Fixes Issue #916

Translations

• Updated French translation
• Updated Slovenian translation
• New language Russian
• New language Czech

Refactoring

• Don't use Site.objects.get_current() because it has an internal cache and causes email notifications from tenants to use the wrong URL
• More changes around renaming of TestCaseRun to TestExecution

Improvements

• Update Django from 2.1.7 to 2.2
• Update markdown from 3.0.1 to 3.1
• Update psycopg2 from 2.7.7 to 2.8
• Update pygithub from 1.43.5 to 1.43.6
• Update bleach-whitelist from 0.0.9 to 0.0.10
• Update marked(.js) to version 0.6.2
• Support arbitrary depth for MENU_ITEMS setting
• Support auto-discovery of 3rd party Telemetry plugins, see documentation

Database migrations

• Rename TestCaseRun to TestExecution including renaming existing permissions
• Rename TestCaseRunStatus to TestExecutionStatus

API

• Rename TestCaseRun.* to TestExecution.*
• Rename TestCaseRunStatus.* to TestExecution.*
• This version keeps the old names for backwards compatibility reasons but they will be removed in Issue #889

Bug fixes

• Prompt user before deleting attachments. Fixes Issue #867 (Martin Jordanov)
• email_case_deletion() format error fixed so notifications when test cases are deleted are not sent (Rik)

Refactoring

• Remove unused images
• Install node_modules/ under tcms/ and include it inside PyPI tarball

Translations

• Updated Slovenian translation

Security

• Explicitly require marked v0.6.1 to fix medium severity ReDoS vulnerability. See SNYK-JS-MARKED-73637

Improvements

• Update python-gitlab from 1.7.0 to 1.8.0
• Update django-contrib-comments from 1.9.0 to 1.9.1
• More strings marked as translatable (Christophe CHAUVET)
• When creating new TestCase you can now change notification settings. Previously this was only possible during editing
• Document import-export approaches. Closes Issue #795
• Document available test automation plugins
• Improve documentation around Docker customization and SSL termination
• Add documentation example of reverse rroxy configuration for HAProxy (Nicolas Auvray)
• TestPlan.add_case() will now set the sortkey to highest in plan + 10 (Rik)
• Add LinkOnly issue tracker. Fixes Issue #289
• Use the same HTML template for both TestCase new & edit
• New API methods for adding, removing and listing attachments. Fixes Issue #446:
  • TestPlan.add_attachment()
  • TestCase.add_attachment()
  • TestPlan.list_attachments()
  • TestCase.list_attachments()
  • Attachments.remove_attachment()

Database migrations

• Populate missing TestCase.text history. In version 6.5 the TestCase model was updated to store the text into a single field called text instead of 4 separate fields. During that migration historical records were updated to have the new text field but values were not properly assigned.

  The "effect" of this is that in TestCaseRun records you were not able to see the actual text b/c it was None.

  This change ammends 0006_merge_text_field_into_testcase_model for installations which have not yet migrated to 6.5 or later. We also provide the data-only migration 0009_populate_missing_text_history which will inspect the current state of the DB and copy the text to the last historical record.

Removed functionality

• Remove legacy reports. Closes Issue #657

• Remove "Save & Continue" functionality from TestCase edit page

• Renamed API methods:

  • TestCaseRun.add_log() -> TestCaseRun.add_link()
  • TestCaseRun.remove_log() -> TestCaseRun.remove_link()
  • TestCaseRun.get_logs() -> TestCaseRun.get_links()

  These methods work with URL links, which can be added or removed to test case runs.

Bug fixes

• Remove hard-coded timestamp in TestCase page template, References Issue #765
• Fix handling of ?from_plan URL parameter in TestCase page
• Make TestCase.text occupy 100% width when rendered. Fixes Issue #798
• Enable markdown.extensions.tables. Fixes Issue #816
• Handle form erros and default values for TestPlan new/edit. Fixes Issue #864
• Tests + fix for failing TestCase rendering in French
• Show color-coded statuses on dashboard page when seen with non-English language
• Refactor check for confirmed test cases when editting to work with translations
• Fix form values when filtering test cases inside TestPlan. Fixes Issue #674 (@marion2016)
• Show delete icon for attachments. Fixes Issue #847

Refactoring

• Remove unused .current_user instance attribute
• Remove EditCaseForm and use NewCaseForm instead, References Issue #708, Issue #812
• Fix "Select All" checkbox. Fixes Issue #828 (Rady)

Translations

• Updated Chinese Simplified translation
• Updated Chinese Traditional translation
• Updated German translation
• Updated French translation
• Updated Slovenian translation
• Changed misspelled source string Requirments -> Requirements (@Prome88)

Security

• Update Django from 2.1.5 to 2.1.7. Fixes CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()

Improvements

• Update mysqlclient from 1.4.1 to 1.4.2
• Multiple template strings marked as translatable (Christophe CHAUVET)

Database migrations

• Email notifications for TestPlan and TestCase now default to True
• Remove TestPlanEmailSettings.is_active field

API

• New method Bug.report(), References Issue #18
• Method Bug.create() now accepts parameter auto_report=False

Translations

• Updated German translation
• Updated French translation
• Updated Slovenian translation

Bug fixes

• Show the user who actually tested a TestCase instead of hard-coded value. Fixes Issue #765
• Properly handle pagination button states and page numbers. Fixes Issue #767
• Add TestCase to TestPlan if creating from inside a TestPlan. Fixes Issue #777
• Made TestCase text more readable. Fixes Issue #764
• Include missing templates and static files from PyPI tarball

Refactoring

• Use find_packages() when building PyPI tarball
• Install Kiwi TCMS as tarball package inside Docker image instead of copying from the source directory
• Pylint fixes
• Remove testcases.views.ReturnActions() which is now unused
• Refactor New TestCase to class-based view and add tests

Security

• Better override of SimpleMDE markdown rendering to prevent XSS vulnerabilities in SimpleMDE

Improvements

• Update patternfly to version 3.59.1
• Update bleach from 3.0.2 to 3.1.0
• Update django-vinaigrette from 1.1.1 to 1.2.0
• Update django-simple-history from 2.6.0 to 2.7.0
• Update django-grappelli from 2.12.1 to 2.12.2
• Update mysqlclient from 1.3.14 to 1.4.1
• Update psycopg2 from 2.7.6.1 to 2.7.7
• Update pygithub from 1.43.4 to 1.43.5
• Convert TestCase page to Patternfly
  • page menu is under ... in navigation bar
  • Test plans card is missing the old 'add plan' functionality b/c we are not at all sure if adding plans to test cases is used at all. Can bring it back upon user request!
  • Bugs card is missing the add/remove functionality for b/c we are not quite sure how that functionality is used outside test runs!
• Convert new TestCase page to Patternfly and provide Given-When-Then text template. This prompts the author to use a BDD style definition for their scenarios. We believe this puts the tester into a frame of mind more suitable for expressing what needs to be tested
• Add a favicon. Fixes Issue #532
• Sort Component, Product and Version objects alphabetically. Fixes Issue #633
• Search test case page now shows Components and Tags
• Search test case page now allows filtering by date. Fixes Issue #715
• Search test case page now uses radio buttons to filter by automation status
• Small performance improvement when searching test plans and test cases
• Search test run page now allows to filter by Product but still continue to display all Builds in the selected Product
• Updated doc-string formatting for some tcms modules

Database migrations

Known issues: on our demo installation we have observed that permission labels were skewed after applying migrations. The symptom is that labels for removed models are still available, labels for some models may have been removed from groups/users or there could be permission labels appearing twice in the database.

This may affect only existing installations, new installations do not have this problem!

We are not certain what caused this but a quick fix is to remove all permissions from the default Tester group and re-add them again!

• Remove TestCase.alias
• Remove TestCaseRun.running_date
• Remove TestCaseRun.notes
• Remove TestCase.is_automated_proposed
• Remove TestCaseText model, merge into TestCase.text field. Closes Issue #198
• Remove Priority.sortkey
• Remove Build.description
• Remove Classification.sortkey and Classification.description
• Convert TestCase.is_automated from int to bool
• Rename TestCaseRun.case_run_status to status

API

• New method TestCaseRunStatus.filter()
• New method Product.create()
• New method Classification.filter()
• New method BugSystem.filter()
• Changes to TestCase.add_component():
  • now accepts component name instead of id
  • now fails if trying to add components linked to another Product.
  • now returns serialized TestCase object

Translations

• Updated French translation
• Updated Slovenian translation

Bug fixes

• Fix for missing migrations from django-simple-history, see DSH #512 and StackOverflow #54177838
• Fix cloning of test cases by surrounding bootstrap-selectpicker call with try-catch. Fixes Issue #695
• Fix a traceback with TestRun report page when the RPC connection to Bugzilla can't be established

Refactoring

• Remove unused form classes, methods, fields and label attributes
• Remove unused or duplicate methods from TestCase model
• Remove useless methods from BaseCaseForm()
• Add test for discovering missing migrations
• Add test for sanity checking PyPI packages which will always build tarball and wheel packages

Security

• Update Django from 2.1.4 to 2.1.5, which deals with CVE-2019-3498: Content spoofing possibility in the default 404 page
• Update Patternfly to version 3.59.0, which deals with XSS issue in bootstrap. See CVE-2018-14041
• By default session cookies will expire after 24 hours. This can be controlled via the SESSION_COOKIE_AGE setting. Fixes Issue #556

Improvements

• Update mysqlclient from 1.3.13 to 1.3.14
• Update python-gitlab from 1.6.0 to 1.7.0
• Update django-simple-history from 2.5.1 to 2.6.0
• Update pygithub from 1.43.3 to 1.43.4
• New API method TestCase.remove(). Initially requested as SO #53844380
• Drop down select widges in Patternfly pages are now styled with bootstrap-select giving them more consistent look and feel with the rest of the page (Anton Sankov)
• Create new TestPlan page now includes toggles to control notifications and whether or not the test plan is active. This was previously available only in edit page (Anton Sankov)
• By default TestPlan notification toggles are turned on. Previously they were off (Anton Sankov)
• Create and Edit TestPlan pages now look the same (Anton Sankov)
• Kiwi TCMS is now accepting donations via Open Collective

Removed functionality

• Remove TestPlan page -> Run menu -> Add cases to run action. This is the same as TestRun page -> Cases menu -> Add action
• Legacy reports will be removed after 1st March 2019. Provide your feedback in Issue #657
• The /run/ URL path has been merged with /runs/ due to configuration refactoring. This may break your bookmarks or permalinks!

Bug fixes

• Don't traceback if markdown text is None. Originally reported as SO #53662887
• Show loading spinner when searching. Fixes Issue #653
• Quick fix: when viewing TestPlan cases make TC summary link to the test case. Previously the summary column was a link to nowhere.

Translations

• Updated Chinese Traditional translation
• Updated French translation
• Updated Slovenian translation

Refactoring

• Pylint fixes
• New and updated internal linters
• Refactor testplans.views.new to class based view (Anton Sankov)
• Refactor TestCase -> Bugs tab -> Remove to JSON-RPC. References Issue #18
• Refactor removeCaseRunBug() to JSON-RPC, References Issue #18
• Remove unused render_form() methods
• Remove unnecessary string-to-int conversion (Ivaylo Ivanov)
• Remove obsolete label fields. References Issue #652 (Anton Sankov)
• Remove JavaScript that duplicates requestOperationUponFilteredCases()
• Remove QuerySetIterationProxy class - not used anymore

Security

• Resolve medium severity XSS vulnerability which can be exploited when previewing malicious text in Simple MDE editor. See CVE-2018-19057, SNYK-JS-SIMPLEMDE-72570
• Use mozilla/bleach before rendering Markdown to the user as a second layer of protection against the previously mentioned XSS vulnerability

Improvements

• Update to Django 2.1.4
• Update to Patternfly 3.58.0
• Make docker container restartable (Maik Opitz, Adam Hall)
• Add GitLab issue tracker integration. Fixes Issue #176 (Filipe Arruda, Federal Institute of Pernambuco)
• Convert Create new TestPlan page to Patternfly (Anton Sankov)
• Upon successful registration show the list of super-users in case new accounts must be activated manually. This can be the same or expanded version of the addresses in the ADMIN setting. Include super-users in email notifications sent via tcms.signals.notify_admins().
• Don't include admin/js/*.js files in templates when not necessary. Results in faster page load. Fixes Issue #209
• Enable nl2br Markdown extension which allows newline characters to be rendered as <br> tags in HTML. Visually the rendered text will look closer to what you seen in the text editor. Fixes Issue #623
• Use auto-complete for adding components to TestCase

Removed functionality

• Bulk-update of Category for selected TestCase(s) inside of TestPlan
• Bulk-update of Components for selected TestCase(s) inside of TestPlan
• Bulk-update of automated status for selected TestCase(s) inside of TestPlan
• Bulk-remove for TestCase Component tab

These actions have always been a bit broken and didn't check the correct permission labels. You can still update items individually!

• Selection of Components when creating new TestCase. Closes Issue #565. Everywhere else Kiwi TCMS doesn't allow selection of many-to-many relationships when creating or editing objects. Tags, Bugs, Components, TestPlans can be added via dedicated tabs once the object has been saved.

Bug fixes

• Hide KiwiUserAdmin.password field from super-user. Fixes Issue #610
• Don't show inactive Priority. Fixes Issue #637
• Don't traceback when adding new users via Admin. Fixes Issue #642
• Teach TestRun.update() API method to process the stop_date field. Fixes Issue #554 (Anton Sankov)
• Previously when reporting issues to Bugzilla, directly from a TestRun, Kiwi TCMS displayed the error Enable reporting to this Issue Tracker by configuring its base_url although that has already been configured. This is now fixed. See Stack Overflow #53434949

Database

• Remove TestPlan.owner field, duplicates TestPlan.author

Translations

• Updated French translation
• Updated Slovenian translation

Refactoring

• Remove fmt_queries(). Fixes Issue #330 (Anton Sankov)
• Remove unused parameter from plan_from_request_or_none(). Refers to Issue #303 (Anton Sankov)
• Remove ComponentActions() class. Fixes Issue #20
• Convert lots of AJAX calls to JSON-RPC
• Remove lots of unused Python, JavaScript and templates. Both after migration to JSON RPC and other leftovers
• Pylint fixes (Alexander Todorov, Anton Sankov)