Safety vulnerability ID: 36649
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Kiwitcms 6.0 updates its dependency Django to v2.1.2 to include a security fix.
Latest version: 12.4
Test Case Management System
will break without an intermediate upgrade to 5.3! Use ``kiwitcms/kiwi:5.3.1``
from Docker Hub when upgrading at some point in the future!
After upgrade don't forget to::
./manage.py migrate
Improvements
~~~~~~~~~~~~
- Update to `Django 2.1.1 <https://docs.djangoproject.com/en/2.1/releases/2.1.1/>`_
- Update Patternfly version. Fixes
`Issue 381 <https://github.com/kiwitcms/Kiwi/issues/381>`_
- Replace TinyMCE with SimpleMDE markdown editor. You may need to strip existing
texts from HTML tags that were generated by TinyMCE
- Allow downstream builds to customize the login templates by
providing ``registration/custom_login.html`` template. It can either
override the entire login page or provide additional information inside
the ``custom_login`` block!
Visual changes
~~~~~~~~~~~~~~
- Remove breadcrumbs at the top of pages. Only admin pages still have them
- Convert login and registration templates to Patternfly. Fixes
`Issue 211 <https://github.com/kiwitcms/Kiwi/issues/211>`_
- Convert 404 and 500 templates to Patternfly
- Convert dashboard page to Patternfly
- Convert TestRun new, edit and clone pages to Patternfly. Fixes
`Issue 17 <https://github.com/kiwitcms/Kiwi/issues/17>`_
- Convert Search Test Plans page to Patternfly
- Convert Search Test Runs page to Patternfly
- Convert Search Test Cases page to Patternfly
- TestPlan view page, Runs tab now re-uses the search form for test runs
which is built using Patternfly
Removed functionality
~~~~~~~~~~~~~~~~~~~~~
- When creating or editing TestRun
- field ``estimated_time`` is scheduled for removal and is not shown
- ``product_version`` is scheduled for removal in favor of
``TR.plan.product_version``
- Product & Version can't be edited anymore. Must be set on the parent
TestPlan instead. Still allows to specify builds
- Remove the ability to clone multiple TestPlans from search results
- Remove the ability to upload TestPlan document files in favor of
the existing API
- Remove TestCase export to XML in favor of existing API
- Remove Advanced Search functionality. Fixes
`Issue 448 <https://github.com/kiwitcms/Kiwi/issues/448>`_,
`Issue 108 <https://github.com/kiwitcms/Kiwi/issues/108>`_
- Remove tech preview feature: Django Report Builder
Translations
~~~~~~~~~~~~
- Updated `German translation <https://crowdin.com/project/kiwitcms/de>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
- Marked more strings as translatable
Bug fixes
~~~~~~~~~
- Don't use ``get_full_url()`` where not needed. Closes
`Issue 380 <https://github.com/kiwitcms/Kiwi/issues/380>`_
- Remove unused templates. Fixes
`Issue 114 <https://github.com/kiwitcms/Kiwi/issues/114>`_
- Submit filter form when clicking on tag value. Fixes
`Issue 426 <https://github.com/kiwitcms/Kiwi/issues/426>`_
- Update ``TestCaseRun.tested_by`` when setting status. Fixes
`Issue 459 <https://github.com/kiwitcms/Kiwi/issues/459>`_
- Add tests for ``KiwiUserAdmin``. Closes
`Issue 489 <https://github.com/kiwitcms/Kiwi/issues/489>`_
Settings
~~~~~~~~
- The following settings have been removed ``MOTD_LOGIN``, ``WELCOME_MESSAGE``
and ``TINYMCE_DEFAULT_CONFIG``
Refactoring
~~~~~~~~~~~
- Fix pylint errors (Anton Sankov, Ivaylo Ivanov)
- Remove lots of unused functions and classes
- Remove old or unnecessary templates
- Remove ``html2text`` dependency
- Remove unused CSS and vendored-in JavaScript libraries
- Add JavaScript JSON-RPC client which is now used by the front-end to
communicate with the existing JSON-RPC API on the back-end. This
replaces many 'ajax' views which are only used to render the UI and were
duplicating functionality with existing API
- Non ``dist/`` files are no longer removed from ``node_modules/`` when building
a docker image because packages like ``moment.js`` and ``bootstrap-datetimepicker.js``
don't ship their files in ``dist/``
- Convert TestPlans.TreeView to JSON RPC
Kiwi TCMS 5.2 (07 August 2018)
------------------------------
**IMPORTANT:** this release introduces new database migrations and converts
the Docker image to a non-root user with uid 1001. You may have to adjust
ownership/permissions on the ``kiwi_uploads`` Docker volume! After upgrade don't
forget to::
./manage.py migrate
Enhancements
~~~~~~~~~~~~
- Upgrade to `Django 2.1 <https://docs.djangoproject.com/en/2.1/releases/2.1/>`_
- Upgrade to ``django-report-builder 6.2.2``, compatible with Django 2.1
- Docker image now executes with uid 1001 instead of root
- image based on ``centos7`` image instead of ``centos/httpd``
- image now exposes ports 8080 and 8443
- Apache logs now printed on Docker console
- SSL certificates copied to ``/Kiwi/ssl`` inside Docker image instead of being bind-mounted
- uploads dir changed to ``/Kiwi/uploads``
- static dir changed to ``/Kiwi/static``
- ``/Kiwi`` is now owned by uid 1001
- ``/venv`` is now owned by uid 1001
- ``docker-compose.yml`` is updated to match
- Fix pylint errors (Ivaylo Ivanov)
- Allow users to see other profiles via Admin
- Use password change form from Admin instead of custom one
- ``product.py`` will try to import ``local_settings.py`` if available in the
same directory. This can be used to customize settings in downstream
distributions
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
Bug fixes
~~~~~~~~~
- Make password reset views public
- Don't crash when adding new users via Admin
Refactoring
~~~~~~~~~~~
- Remove ``UserProfile`` model. Kiwi TCMS doesn't needs extra information
about users so we remove this part of the application. Custom installations
may choose to define their own profiles if they wish
- Remove custom ``DBModelBackend`` authentication backend
- Remove unused ``tcms.core.context_processors.auth_backend_processor``
- Remove unused ``get_using_backend()``. Fixes
`Issue 261 <https://github.com/kiwitcms/Kiwi/issues/261>`_
- Remove ``dj_pagination``. Fixes
`Issue 110 <https://github.com/kiwitcms/Kiwi/issues/110>`_
Settings
~~~~~~~~~
- ``AUTHENTICATION_BACKENDS`` is removed
- ``PAGINATION_DEFAULT_PAGINATION`` is removed
- Navigation menu links are now defined in ``MENU_ITEMS`` and can be redefined
Signals
~~~~~~~
- ``USER_REGISTERED_SIGNAL`` now doesn't receive the ``backend`` parameter
Kiwi TCMS 5.1 (31 July 2018)
----------------------------
**IMPORTANT:** this release introduces new database migrations, an experimental
reporting feature, deprecated functionality and bug fixes. After upgrade don't
forget to::
./manage.py migrate
Enhancements
~~~~~~~~~~~~
- Integrate with Django Report Builder as tech-preview. This makes it possible
for power users and administrators to generate
`tabular reports <http://django-report-builder.readthedocs.io/en/latest/howto/>`_.
You will have to know the existing DB schema if you want to create your own reports.
See http://kiwitcms.readthedocs.io/en/latest/db.html. This feature is in
tech-preview and it may be removed if it doesn't work out. Please comment at:
`Issue 452 <https://github.com/kiwitcms/Kiwi/issues/452>`_.
- Allow using ``manage.py dumpdata|loaddata|sqlflush|dbshell`` for backups, see
`blog post <http://kiwitcms.org/blog/atodorov/2018/07/30/how-to-backup-docker-volumes-for-kiwi-tcms/>`_
- In TestCase view page add a link to delete the current test case
- In TestCase Admin page the ``+ Add TestCase`` button now allows to create new
test case
- The version menu item in the helper menu now links to
`Changelog <https://github.com/kiwitcms/Kiwi/blob/master/CHANGELOG.rstchange-log>`_
Deprecated functionality
~~~~~~~~~~~~~~~~~~~~~~~~
- Start showing deprecation warning for Advanced search, see
`Issue 448 <https://github.com/kiwitcms/Kiwi/issues/448>`_
Bug fixes
~~~~~~~~~
- Allows Product/Version/Build to be shown in Testing Report. Fixes
`Sentry KIWI-TCMS-2C <https://sentry.io/open-technologies-bulgaria-ltd/kiwi-tcms/issues/618688608/>`_
- Default to ``https://`` links if not running locally. Fixes
`Issue 450 <https://github.com/kiwitcms/Kiwi/issues/450>`_
- Apply missing CSS class for object history table so it can be displayed nicely
Refactoring
~~~~~~~~~~~
- Squash some database migrations
- Fix a number of pylint issues
- Remove unused ``testruns.views::view_caseruns()``. References
`Issue 316 <https://github.com/kiwitcms/Kiwi/issues/316>`_
- Remove unused template ``report/caserun.html``
- Handle TestRun deletion via admin not home grown code
Kiwi TCMS 5.0 (24 July 2018)
----------------------------
**IMPORTANT:** this release introduces new database migrations, object history
tracking, removal of old functionality and unused code, lots of internal
updates and bug fixes. After upgrade don't forget to::
./manage.py migrate
./manage.py populate_history --auto
Settings
~~~~~~~~
- Remove ``CACHE`` because not used
- Remove ``PLAN_EMAIL_TEMPLATE``, ``CASE_EMAIL_TEMPLATE`` and
``CASE_DELETE_EMAIL_TEMPLATE``. Templates can still be overriden if desired
Enhancements
~~~~~~~~~~~~
- Upgrade to `Django 2.0.7 <https://docs.djangoproject.com/en/2.0/releases/2.0.7/>`_
- Allow to delete TestPlan. Fixes
`Issue 273 <https://github.com/kiwitcms/Kiwi/issues/273>`_
- Don't include username in dashboard URL
- Copy latest TestPlan text when cloning
- Always require users to be logged in. Anonymous users will not be allowed
access by default. Read-only access to some views (e.g. get TestPlan or TestRun)
can be enabled by disabling ``GlobalLoginRequiredMiddleware``! Fixes
`Issue 230 <https://github.com/kiwitcms/Kiwi/issues/230>`_
- Start tracking change history for TestPlan, TestCase, TestRun and TestCaseRun.
Fixes `Issue 294 <https://github.com/kiwitcms/Kiwi/issues/294>`_
- History changes are recorded as unified diff which is a universally recognized format
- Show the actual changes in email notifications. Fixes
`Issue 199 <https://github.com/kiwitcms/Kiwi/issues/199>`_
Bug fixes
~~~~~~~~~
- Fix ``UnboundLocalError local variable 'message' referenced before assignment``. Fixes
`Sentry KIWI-TCMS-1S <https://sentry.io/open-technologies-bulgaria-ltd/kiwi-tcms/issues/589209883/>`_
- Make email address unique when adding users via admin panel. Fixes
`Issue 352 <https://github.com/kiwitcms/Kiwi/issues/352>`_ and
`Issue 68 <https://github.com/kiwitcms/Kiwi/issues/68>`_
- Fix ``unsupported operand type(s) for +=: 'int' and 'datetime.timedelta'`` by
initializing timedelta variable properly. Fixes
`Sentry KIWI-TCMS-1Y <https://sentry.io/open-technologies-bulgaria-ltd/kiwi-tcms/issues/593838484/>`_
- Remove ``core.models.fields`` with MySQL time conversions. Fixes
`Issue 390 <https://github.com/kiwitcms/Kiwi/issues/390>`_
- Fix bad JavaScript comparison. Fixes Coverity 289956
- Remove expression with no effect. Fixes Coverity 289974
- Rewrite ``request_host_link()`` to fix Coverity 289987
- Fix Coverity 289923 - Typo in identifier
- Don't send emails for changes performed by myself. Fixes
`Issue 216 <https://github.com/kiwitcms/Kiwi/issues/216>`_
Refactoring
~~~~~~~~~~~
- Fix pylint issues in several modules (Anton Sankov & Ivaylo Ivanov)
- Fix wrong Plan Type template variable in advanced search form
- Do not use ``Model.objects.update()`` because it doesn't respect history
- Use the standard ``ModelChoiceField`` instead of custom one
- Use ``updateRunStatus()`` instead of deprecated ``updateObject()``
- Simplify JavaScript function ``getInfo()`` and use it multiple times
- Simplify ``previewPlan()`` by removing unused parameters
- Unify ``addChildPlan()`` and ``removeChildPlan()``
- Unify ``getInfoAndUpdateObject()`` with ``changeCaseRunAssignee()``
- Unify ``onTestCaseStatusChange()`` with ``changeTestCaseStatus()``
- Convert ``TestCaseEmailSettings.cc_list`` to string field
- Merge ``report/caseruns_table.html`` with ``reports/caseruns.html``
- Rename model ``UserActivateKey`` to ``UserActivationKey``. Fixes
`Issue 276 <https://github.com/kiwitcms/Kiwi/issues/276>`_
- Remove ``cached_entities()``. Fixes
`Issue 307 <https://github.com/kiwitcms/Kiwi/issues/307>`_
- Remove ``TestPlanText.checksum`` field
- Remove checksum fields for ``TestCaseText`` model
- Remove unused and home-grown template tags
- Remove unused fields ``auto_blinddown``, ``description``, ``sortkey`` from
``TestCaseRunStatus`` model. Fixes
`Issue 186 <https://github.com/kiwitcms/Kiwi/issues/186>`_
- Remove ``Meta.db_name`` effectively renaming all tables. New names will use
Django's default naming scheme
- Remove RawSQL queries. We are now 100% ORM based. Fixes
`Issue 36 <https://github.com/kiwitcms/Kiwi/issues/36>`_
- Remove duplicate ``MultipleEmailField`` definition
- Remove ``TCMSLog`` view, ``TCMSLogManager``, ``TCMSLogModel``
- Remove ``TestPlanText`` model, use ``TestPlan.text`` instead
- Remove unused JavaScript files
- ``lib/detetmine_type.js``
- ``lib/hole.js``
- ``lib/scriptaculous-controls.js.patch``
- ``lib/validations.js``
- ``static/js/index.js``
- Remove ``constructPlanParentPreviewDialog()``
- Remove ``changeCasePriority()``
- Remove ``changeCaseRunOrder()``
- Remove ``debug_output()`` from JavaScript files
- Remove deprecated ``/ajax/update/`` end-point
- Remove ``taggleSortCaseRun()``
- Remove ``strip_parameters()``
- Remove ``_InfoObjects.users()``
- Remove ``get_value_by_type()``
- Remove ``testcases.views.get_log()``
- Remove ``mail_scene()`` methods and related templates
Removed functionality
~~~~~~~~~~~~~~~~~~~~~
- TestRun completion status is no longer updated automatically. You can still
update the status manually via the 'Set Finished' or 'Set Running' links!
Fixes `Issue 367 <https://github.com/kiwitcms/Kiwi/issues/367>`_
- Remove bookmarks functionality. There are many great bookmark manager apps
and if the user is keen on bookmarks they should use one of them. Closes
`Issue 67 <https://github.com/kiwitcms/Kiwi/issues/67>`_ and
`Issue 210 <https://github.com/kiwitcms/Kiwi/issues/210>`_
- Don't track & display history of changes for ``EnvGroup`` model
- Remove Disable/Enable buttons from TestPlan page. Enabling and disabling
can still be done via the edit page
- Remove ``changeParentPlan()`` and the ability to change TestPlan parents
from the 'Tree View' tab. This can be done via the edit page
- When viewing a TestPlan the user is no longer able to specify a sorkey for a
particular TestCase. Instead they can use the ``Re-order cases`` button and
move around the entire row of cases to adjust the sort order
- When working with test case results, inside a TestRun you will not be allowed
to change the order of execution. Order should be defined inside the TestPlan
instead
- Remove ``XmlRpcLog()`` model. Kiwi TCMS will no longer log RPC calls to the
database. This leads to a small performance boost and can be overriden on
individual basis if you need to do so.
Translations
~~~~~~~~~~~~
- More source strings marked as translatable
- New translations for Chinese Simplified, Chinese Traditional, German and Slovenian
- Stop keeping compiled translations under git. Fixes
`Issue 387 <https://github.com/kiwitcms/Kiwi/issues/387>`_
tcms-api 5.0 (24 July 2018)
---------------------------
- Requires Python 3.6 or newer because it fixes bugs related to Django's
disabling of keep-alive connections. See https://bugs.python.org/issue26402
- The rpc client is now accessed via ``TCMS().exec.<Server-Method>``
- Leave only XML-RPC transport classes! This removes the top-level interface
behind the API client and the consuming side is left to work with Python
dictionaries instead of objects.
- Remove the interactive ``tcms`` script
- Remove ``tcms_api.config`` module
- Remove logging class
- Remove ``script_examples/`` directory. These were never tested and maintained
Kiwi TCMS 4.2 (23 June 2018)
----------------------------
**IMPORTANT:** this release introduces new database migrations, security updates
and GDPR related changes! It is also the first release after a great deal of
travelling for various conferences.
Security
~~~~~~~~
- Enable testing with Badit. Fixes
`Issue 237 <https://github.com/kiwitcms/Kiwi/issues/237>`_
- Enable testing with
`Coverity Scan <https://scan.coverity.com/projects/kiwitcms-kiwi>`_
- Enable testing with
`pyup.io <https://pyup.io/repos/github/kiwitcms/Kiwi/>`_
- Enable testing with
`Snyk <https://snyk.io/test/github/kiwitcms/Kiwi>`_
- Use SHA256 instead of MD5 and SHA1
- Use the ``secrets`` module for activation keys
- Remove unnecessary AJAX view that had remote code execution vulnerability
- Don't use hardcoded temporary directories
- Upgrade to
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application