Safety vulnerability ID: 37503
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Kiwitcms 8.1 updates its dependency 'Django' to v2.2.2 to include a security fix.
Latest version: 12.4
Test Case Management System
Improvements
~~~~~~~~~~~~
- Update python-gitlab from 1.8.0 to 1.10.0
- Update django-grappelli from 2.12.3 to 2.13.1
- Update django-simple-history from 2.7.2 to 2.7.3
- Update django-attachments to 1.4.1
- Update PyGithub from 1.43.7 to 1.43.8
- Update patternfly to version 3.59.3
- Update prismjs to version 1.17.0
- Add Testing Status Matrix telemetry
- Add Testing Execution Trends telemetry
- Make it possible to attach files directly inside Test Plan page
- Make it possible to attach files directly inside Test Execution widget
- Convert Clone TestPlan page to Patternfly, greatly simplify the UI
and update behavior:
- Cloned TP author will always be set to the current user
- Cloned TC author will always be set to the current user
- Always keep the original default tester for test cases when cloning
- Refactor to class based view
- Fix a problem where Version values failed form validation b/c
we've been trying to filter based on non-existing field
``product_id`` instead of just ``product``
- Fixes a problem where erroneous Version value was shown in the UI
- Convert Clone TestCase page to Patternfly, greatly simplify the UI
and update behavior. Fixes
`Issue 838 <https://github.com/kiwitcms/Kiwi/issues/838/>`_:
- Allow cloning into multiple test plans
- Remove 'Filter another plan' option. Will be replaced by
'Add TP to TC', see
`Issue 1021 <https://github.com/kiwitcms/Kiwi/issues/1021>`_
- Always update sortkey. Cloned TC will show at the bottom of the
TestPlan
- Cloned TC author will always be set to the current user
- Always keep the original default tester
API
~~~
- First parameter of RPC method ``Bug.report()``
has been renamed from ``test_case_run_id`` to ``execution_id``. This may
break existing API scripts which try to pass this argument by name
instead of by position!
Settings
~~~~~~~~
- Allow ENV variables ``KIWI_USE_TZ`` and ``KIWI_TIME_ZONE`` to control
settings ``USE_TZ`` and ``TIME_ZONE``. Fixes
`Issue 982 <https://github.com/kiwitcms/Kiwi/issues/982/>`_ (Jason Yi)
Bug fixes
~~~~~~~~~
- Fix wrong permission label when deleting comments. Fixes
`Issue 1010 <https://github.com/kiwitcms/Kiwi/issues/1010/>`_
Refactoring
~~~~~~~~~~~
- Disable unnecessary pylint messages for missing-permission-required
checker (Svetlomir Balevski)
- Remove unnecessary ``from_plan`` URL variable making cleaner URLs
- kiwi_lint: Don't check nested functions for permissions
- Remove and regroup JavaScript functions
- Instruct pyup-bot to monitor ``requirements/tarballs.txt`` for updates
Translations
~~~~~~~~~~~~
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
Kiwi TCMS 6.10 (18 June 2019)
-----------------------------
**IMPORTANT:** this is a small security and improvement update.
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)
After upgrade don't forget to::
./manage.py migrate
Security
~~~~~~~~
- Update Django from 2.2.1 to 2.2.2 for medium severity
CVE-2019-12308 (XSS), CVE-2019-11358 (jQuery).
`More info <https://docs.djangoproject.com/en/2.2/releases/2.2.2/>`_
- Add missing permission checks for menus in Test run page UI template.
Permission check added for TestExecution status and comment menu.
References `Issue 716 <https://github.com/kiwitcms/Kiwi/issues/716>`_
- Re-enable static analysis with ``bandit`` and ``Coverity Scan`` in
Travis CI (Svetlomir Balevski)
Improvements
~~~~~~~~~~~~
- Update psycopg2 from 2.8.2 to 2.8.3
- Update markdown from 3.1 to 3.1.1
- Update patternfly to version 3.59.2
- Override ``PasswordResetForm`` because ``Site.objects.get_current()``
didn't produce correct results when working with ``kiwitcms-tenants``
- Show column ``is_active`` in user admin page
Refactoring
~~~~~~~~~~~
- Add test for ``email_case_deletion()`` (Rik)
- New linter to warn about usage of ``AutoField``. Fixes
`Issue 737 <https://github.com/kiwitcms/Kiwi/issues/737>`_ (Ivo Donchev, HackSoft)
- New linter to discover empty classed. Fixes
`Issue 739 <https://github.com/kiwitcms/Kiwi/issues/739>`_ (Daniel Goshev)
- New linter to warn about usage of ``OneToOneField``. Fixes
`Issue 735 <https://github.com/kiwitcms/Kiwi/issues/735>`_ (George Goranov)
- New linter to warn about usage of function based views. Fixes
`Issue 734 <https://github.com/kiwitcms/Kiwi/issues/734>`_ (Yavor Lulchev, Uber)
- New linter to discover Python files in directories without ``__init__.py``. Fixes
`Issue 790 <https://github.com/kiwitcms/Kiwi/issues/790>`_
Kiwi TCMS 6.9 (15 May 2019)
---------------------------
**IMPORTANT:** this is a small improvement and bug-fix update which introduces
our first telemetry report: testing breakdown. Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)
After upgrade don't forget to::
./manage.py migrate
Improvements
~~~~~~~~~~~~
- Update mysqlclient from 1.4.2 to 1.4.2.post1
- Ship with prism.js so it can be used for syntax highlighting
- Add Testing Breakdown telemetry
- Mark more strings for translations
- Add ``delete_user()`` function which can delete data across
Postgre schemas (if kiwitcms-tenants add-on is installed)
API
~~~
- Remove deprecated ``TestCaseRun.`` API methods. Use the new
``TestExecution.`` methods introduced in v6.7. Fixes
`Issue 889 <https://github.com/kiwitcms/Kiwi/issues/889/>`_
Bug fixes
~~~~~~~~~
- Fix typos in documentation (Prome88)
- Fix ``TemplateParseError`` in email templates when removing test cases.
On-delete email notification is now sent properly
Refactoring
~~~~~~~~~~~
- Add more tests around TestRun/TestExecution menu permissions
- Minor pylint fixes
Translations
~~~~~~~~~~~~
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
Kiwi TCMS 6.8 (03 May 2019)
---------------------------
**IMPORTANT:** this is a small improvement and bug-fix update.
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)
After upgrade don't forget to::
./manage.py migrate
Improvements
~~~~~~~~~~~~
- Update Django from 2.2 to 2.2.1
- Update django-simple-history from 2.7.0 to 2.7.2
- Update django-grappelli from 2.12.2 to 2.12.3
- Update psycopg2 from 2.8 to 2.8.2
- Update pygithub from 1.43.6 to 1.43.7
- Upgrade pip and setuptools inside Docker image
- Update documentation with newer screenshots and updated Tutotial. Fixes
`Issue 837 <https://github.com/kiwitcms/Kiwi/issues/837/>`_ (Prome88)
- Document how to enable public read-only views
- Remove deprecated documentation section about Bugzilla authentication
- Install PostgreSQL libraries in Docker image which makes it easier to
switch the DB backend without rebuilding the entire image
- Remove npm, libxml2-devel and libxslt-devel from Docker image
- Database engine configuration now respects the ``KIWI_DB_ENGINE`` environment
variable which defaults to ``django.db.backends.mysql``. This will make it
easier for admins to change DB engine by updating their ``docker-compose.yml``
Bug fixes
~~~~~~~~~
- Pin bootstrap-switch to version 3.3.4 in ``package.json``. Fixes
`Issue 916 <https://github.com/kiwitcms/Kiwi/issues/916/>`_
Translations
~~~~~~~~~~~~
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
- Updated `Russian translation <https://crowdin.com/project/kiwitcms/ru>`_
- New language `Czech <https://crowdin.com/project/kiwitcms/cz>`_
Refactoring
~~~~~~~~~~~
- Don't use ``Site.objects.get_current()`` because it has an internal cache
and causes email notifications from tenants to use the wrong URL
- More changes around renaming of TestCaseRun to TestExecution
Kiwi TCMS 6.7 (06 April 2019)
-----------------------------
**IMPORTANT:** this is a small improvement and bug-fix update.
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)
After upgrade don't forget to::
./manage.py migrate
Improvements
~~~~~~~~~~~~
- Update Django from 2.1.7 to 2.2
- Update markdown from 3.0.1 to 3.1
- Update psycopg2 from 2.7.7 to 2.8
- Update pygithub from 1.43.5 to 1.43.6
- Update bleach-whitelist from 0.0.9 to 0.0.10
- Update marked(.js) to version 0.6.2
- Support arbitrary depth for ``MENU_ITEMS`` setting
- Support auto-discovery of 3rd party Telemetry plugins, see
`documentation <https://kiwitcms.readthedocs.io/en/latest/telemetry/index.html>`_
Database migrations
~~~~~~~~~~~~~~~~~~~
- Rename ``TestCaseRun`` to ``TestExecution`` including renaming existing
permissions
- Rename ``TestCaseRunStatus`` to ``TestExecutionStatus``
API
~~~
- Rename ``TestCaseRun.*`` to ``TestExecution.*``
- Rename ``TestCaseRunStatus.*`` to ``TestExecution.*``
- This version keeps the old names for backwards compatibility reasons
Bug fixes
~~~~~~~~~
- Prompt user before deleting attachments. Fixes
`Issue 867 <https://github.com/kiwitcms/Kiwi/issues/867>`_ (Martin Jordanov)
- ``email_case_deletion()`` format error fixed so notifications when
test cases are deleted are not sent (Rik)
Refactoring
~~~~~~~~~~~
- Remove unused images
- Install ``node_modules/`` under ``tcms/`` and include it inside PyPI tarball
Translations
~~~~~~~~~~~~
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
Kiwi TCMS 6.6 (19 Mar 2019)
---------------------------
**IMPORTANT:** this is a medium severity security update, improvement and
bug-fix update. Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)
After upgrade don't forget to::
./manage.py migrate
Security
~~~~~~~~
- Explicitly require marked v0.6.1 to fix medium severity ReDoS vulnerability. See
`SNYK-JS-MARKED-73637 <https://snyk.io/vuln/SNYK-JS-MARKED-73637>`_
Improvements
~~~~~~~~~~~~
- Update ``python-gitlab`` from 1.7.0 to 1.8.0
- Update ``django-contrib-comments`` from 1.9.0 to 1.9.1
- More strings marked as translatable (Christophe CHAUVET)
- When creating new TestCase you can now change notification settings.
Previously this was only possible during editing
- Document import-export approaches. Closes
`Issue 795 <https://github.com/kiwitcms/Kiwi/issues/795>`_
- Document available test automation plugins
- Improve documentation around Docker customization and SSL termination
- Add documentation example of reverse rroxy configuration for HAProxy (Nicolas Auvray)
- ``TestPlan.add_case()`` will now set the sortkey to highest in plan + 10 (Rik)
- Add ``LinkOnly`` issue tracker. Fixes
`Issue 289 <https://github.com/kiwitcms/Kiwi/issues/289>`_
- Use the same HTML template for both TestCase new & edit
- New API methods for adding, removing and listing attachments. Fixes
`Issue 446 <https://github.com/kiwitcms/Kiwi/issues/446>`_:
- TestPlan.add_attachment()
- TestCase.add_attachment()
- TestPlan.list_attachments()
- TestCase.list_attachments()
- Attachments.remove_attachment()
Database migrations
~~~~~~~~~~~~~~~~~~~
- Populate missing ``TestCase.text`` history.
In version 6.5 the ``TestCase`` model was updated to store the text
into a single field called ``text`` instead of 4 separate fields.
During that migration historical records were updated to have
the new ``text`` field but values were not properly assigned.
The "effect" of this is that in TestCaseRun records you were not
able to see the actual text b/c it was None.
This change ammends ``0006_merge_text_field_into_testcase_model`` for
installations which have not yet migrated to 6.5 or later. We also
provide the data-only migration ``0009_populate_missing_text_history``
which will inspect the current state of the DB and copy the text to
the last historical record.
Removed functionality
~~~~~~~~~~~~~~~~~~~~~
- Remove legacy reports. Closes
`Issue 657 <https://github.com/kiwitcms/Kiwi/issues/657>`_
- Remove "Save & Continue" functionality from TestCase edit page
- Renamed API methods:
- ``TestCaseRun.add_log()`` -> ``TestCaseRun.add_link()``
- ``TestCaseRun.remove_log()`` -> ``TestCaseRun.remove_link()``
- ``TestCaseRun.get_logs()`` -> ``TestCaseRun.get_links()``
These methods work with URL links, which can be added or removed to
test case runs.
Bug fixes
~~~~~~~~~
- Remove hard-coded timestamp in TestCase page template, References
`Issue 765 <https://github.com/kiwitcms/Kiwi/issues/765>`_
- Fix handling of ``?from_plan`` URL parameter in TestCase page
- Make ``TestCase.text`` occupy 100% width when rendered. Fixes
`Issue 798 <https://github.com/kiwitcms/Kiwi/issues/798>`_
- Enable ``markdown.extensions.tables``. Fixes
`Issue 816 <https://github.com/kiwitcms/Kiwi/issues/816>`_
- Handle form erros and default values for TestPlan new/edit. Fixes
`Issue 864 <https://github.com/kiwitcms/Kiwi/issues/864>`_
- Tests + fix for failing TestCase rendering in French
- Show color-coded statuses on dashboard page when seen with non-English
language
- Refactor check for confirmed test cases when editting to work with
translations
- Fix form values when filtering test cases inside TestPlan. Fixes
`Issue 674 <https://github.com/kiwitcms/Kiwi/issues/674>`_ (marion2016)
- Show delete icon for attachments. Fixes
`Issue 847 <https://github.com/kiwitcms/Kiwi/issues/847>`_
Refactoring
~~~~~~~~~~~
- Remove unused ``.current_user`` instance attribute
- Remove ``EditCaseForm`` and use ``NewCaseForm`` instead, References
`Issue 708 <https://github.com/kiwitcms/Kiwi/issues/708>`_,
`Issue 812 <https://github.com/kiwitcms/Kiwi/issues/812>`_
- Fix "Select All" checkbox. Fixes
`Issue 828 <https://github.com/kiwitcms/Kiwi/issues/828>`_ (Rady)
Translations
~~~~~~~~~~~~
- Updated `Chinese Simplified translation <https://crowdin.com/project/kiwitcms/zh-CN>`_
- Updated `Chinese Traditional translation <https://crowdin.com/project/kiwitcms/zh-TW>`_
- Updated `German translation <https://crowdin.com/project/kiwitcms/de>`_
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
- Changed misspelled source string ``Requirments`` -> ``Requirements`` (Prome88)
tcms-api 5.3 (24 Feb 2019)
--------------------------
- Add ``plugin_helpers.Backend.add_comment()`` which allows plugins to add
comments to test executions, for example a traceback
Kiwi TCMS 6.5.3 (11 Feb 2019)
-----------------------------
**IMPORTANT:** this is a security, improvement and bug-fix update that includes new
versions of Django, includes several database migrations and fixes several bugs.
Security
~~~~~~~~
- Update Django from 2.1.5 to 2.1.7. Fixes CVE-2019-6975:
Memory exhaustion in ``django.utils.numberformat.format()``
Improvements
~~~~~~~~~~~~
- Update mysqlclient from 1.4.1 to 1.4.2
- Multiple template strings marked as translatable (Christophe CHAUVET)
Database migrations
~~~~~~~~~~~~~~~~~~~
- Email notifications for TestPlan and TestCase now default to True
- Remove ``TestPlanEmailSettings.is_active`` field
API
~~~
- New method ``Bug.report()``, References
`Issue 18 <https://github.com/kiwitcms/Kiwi/issues/18>`_
- Method ``Bug.create()`` now accepts parameter ``auto_report=False``
Translations
~~~~~~~~~~~~
- Updated `German translation <https://crowdin.com/project/kiwitcms/de>`_
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
Bug fixes
~~~~~~~~~
- Show the user who actually tested a TestCase instead of hard-coded value. Fixes
`Issue 765 <https://github.com/kiwitcms/Kiwi/issues/765>`_
- Properly handle pagination button states and page numbers. Fixes
`Issue 767 <https://github.com/kiwitcms/Kiwi/issues/767>`_
- Add TestCase to TestPlan if creating from inside a TestPlan. Fixes
`Issue 777 <https://github.com/kiwitcms/Kiwi/issues/777>`_
- Made TestCase text more readable. Fixes
`Issue 764 <https://github.com/kiwitcms/Kiwi/issues/764>`_
- Include missing templates and static files from PyPI tarball
Refactoring
~~~~~~~~~~~
- Use ``find_packages()`` when building PyPI tarball
- Install Kiwi TCMS as tarball package inside Docker image instead of copying
from the source directory
- Pylint fixes
- Remove ``testcases.views.ReturnActions()`` which is now unused
- Refactor New TestCase to class-based view and add tests
Kiwi TCMS 6.5 (1 Feb 2019)
--------------------------
We are celebrating 10 years of open source history at FOSDEM, Brussels!
**IMPORTANT:** this is a minor security, improvement and bug-fix update that includes new
versions of Django and other dependencies, removes some database fields,
includes backend API updates and fixes several bugs.
Together with this release we announce:
* `kiwitcms-tap-plugin <https://github.com/kiwitcms/tap-plugin>`_ : for reading
Test Anything Protocol (TAP) files and uploading the results to Kiwi TCMS
* `kiwitcms-junit.xml-plugin <https://github.com/kiwitcms/junit.xml-plugin>`_ :
for reading junit.xml formatted files and uploading the results to Kiwi TCMS
Both of these are implemented in Python and should work on standard TAP and
junit.xml files generated by various tools!
Additionally 3 more plugins are currently under development by contributors:
* Native `JUnit 5 plugin <https://github.com/kiwitcms/junit-plugin/>`_ written
in Java
* Native `PHPUnit <https://github.com/kiwitcms/phpunit-plugin/>`_ written
in PHP
* `py.test plugin <https://github.com/kiwitcms/pytest-plugin/>`_
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)
After upgrade don't forget to::
./manage.py migrate
Security
~~~~~~~~
- Better override of SimpleMDE markdown rendering to prevent XSS vulnerabilities
in SimpleMDE
Improvements
~~~~~~~~~~~~
- Update patternfly to version 3.59.1
- Update bleach from 3.0.2 to 3.1.0
- Update django-vinaigrette from 1.1.1 to 1.2.0
- Update django-simple-history from 2.6.0 to 2.7.0
- Update django-grappelli from 2.12.1 to 2.12.2
- Update mysqlclient from 1.3.14 to 1.4.1
- Update psycopg2 from 2.7.6.1 to 2.7.7
- Update pygithub from 1.43.4 to 1.43.5
- Convert TestCase page to Patternfly
- page menu is under ``...`` in navigation bar
- Test plans card is missing the old 'add plan' functionality b/c we are not
at all sure if adding plans to test cases is used at all. Can bring it back
upon user request!
- Bugs card is missing the add/remove functionality for b/c we are not
quite sure how that functionality is used outside test runs!
- Convert new TestCase page to Patternfly and provide Given-When-Then text
template. This prompts the author to use a BDD style definition for their
scenarios. We believe this puts the tester into a frame of mind more
suitable for expressing what needs to be tested
- Add a favicon. Fixes
`Issue 532 <https://github.com/kiwitcms/Kiwi/issues/532>`_
- Sort Component, Product and Version objects alphabetically. Fixes
`Issue 633 <https://github.com/kiwitcms/Kiwi/issues/633>`_
- Search test case page now shows Components and Tags
- Search test case page now allows filtering by date. Fixes
`Issue 715 <https://github.com/kiwitcms/Kiwi/issues/715>`_
- Search test case page now uses radio buttons to filter by automation status
- Small performance improvement when searching test plans and test cases
- Search test run page now allows to filter by Product but still continue to
display all Builds in the selected Product
- Updated doc-string formatting for some ``tcms`` modules
Database migrations
~~~~~~~~~~~~~~~~~~~
**Known issues:** on our demo installation we have observed that permission
labels were skewed after applying migrations. The symptom is that labels for
removed models are still available, labels for some models may have been removed
from groups/users or there could be permission labels appearing twice in the
database.
This may affect only existing installations, new installations do not have
this problem!
We are not certain what caused this but a quick fix is to remove all permissions
from the default *Tester* group and re-add them again!
- Remove ``TestCase.alias``
- Remove ``TestCaseRun.running_date``
- Remove ``TestCaseRun.notes``
- Remove ``TestCase.is_automated_proposed``
- Remove ``TestCaseText`` model, merge into ``TestCase.text`` field. Closes
`Issue 198 <https://github.com/kiwitcms/Kiwi/issues/198>`_
- Remove ``Priority.sortkey``
- Remove ``Build.description``
- Remove ``Classification.sortkey`` and ``Classification.description``
- Convert ``TestCase.is_automated`` from ``int`` to ``bool``
- Rename ``TestCaseRun.case_run_status`` to ``status``
API
~~~
- New method ``TestCaseRunStatus.filter()``
- New method ``Product.create()``
- New method ``Classification.filter()``
- New method ``BugSystem.filter()``
- Changes to ``TestCase.add_component()``:
- now accepts component name instead of id
- now fails if trying to add components linked to another Product.
- now returns serialized ``TestCase`` object
Translations
~~~~~~~~~~~~
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
Bug fixes
~~~~~~~~~
- Fix for missing migrations from ``django-simple-history``, see
`DSH 512 <https://github.com/treyhunner/django-simple-history/issues/512>`_ and
`StackOverflow 54177838 <https://stackoverflow.com/questions/54177838/>`_
- Fix cloning of test cases by surrounding bootstrap-selectpicker call with
``try-catch``. Fixes
`Issue 695 <https://github.com/kiwitcms/Kiwi/issues/695>`_
- Fix a traceback with TestRun report page when the RPC connection to Bugzilla
can't be established
Refactoring
~~~~~~~~~~~
- Remove unused form classes, methods, fields and label attributes
- Remove unused or duplicate methods from ``TestCase`` model
- Remove useless methods from BaseCaseForm()
- Add test for discovering missing migrations
- Add test for sanity checking PyPI packages which will always
build tarball and wheel packages
tcms-api 5.2 (30 Jan 2019)
--------------------------
- Add ``plugin_helpers.Backend`` which implements our test runner plugin
`specification <http://kiwitcms.org/blog/atodorov/2018/11/05/test-runner-plugin-specification/>`_
in Python
- Add dependency to ``kerberos`` (Aniello Barletta)
Kiwi TCMS 6.4 (7 Jan 2019)
--------------------------
**IMPORTANT:** this is a security, improvement and bug-fix update that includes new
versions of Django, Patternfly and other dependencies.
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)
After upgrade don't forget to::
./manage.py migrate
Security
~~~~~~~~
- Update Django from 2.1.4 to 2.1.5, which deals with CVE-2019-3498:
Content spoofing possibility in the default 404 page
- Update Patternfly to version 3.59.0, which deals with XSS issue in bootstrap.
See CVE-2018-14041
- By default session cookies will expire after 24 hours. This can be controlled
via the ``SESSION_COOKIE_AGE`` setting. Fixes
`Issue 556 <https://github.com/kiwitcms/Kiwi/issues/556>`_
Improvements
~~~~~~~~~~~~
- Update mysqlclient from 1.3.13 to 1.3.14
- Update python-gitlab from 1.6.0 to 1.7.0
- Update django-simple-history from 2.5.1 to 2.6.0
- Update pygithub from 1.43.3 to 1.43.4
- New API method ``TestCase.remove()``. Initially requested as
`SO 53844380 <https://stackoverflow.com/questions/53844380/>`_
- Drop down select widges in Patternfly pages are now styled with
``bootstrap-select`` giving them more consistent look and feel with
the rest of the page (Anton Sankov)
- Create new TestPlan page now includes toggles to control notifications
and whether or not the test plan is active. This was previously available
only in edit page (Anton Sankov)
- By default TestPlan notification toggles are turned on. Previously they
were off (Anton Sankov)
- Create and Edit TestPlan pages now look the same (Anton Sankov)
- Kiwi TCMS is now accepting donations via
`Open Collective <https://opencollective.com/kiwitcms>`_
Removed functionality
~~~~~~~~~~~~~~~~~~~~~
- Remove ``TestPlan page -> Run menu -> Add cases to run`` action.
This is the same as ``TestRun page -> Cases menu -> Add`` action
- Legacy reports will be removed after 1st March 2019. Provide your
feedback in
`Issue 657 <https://github.com/kiwitcms/Kiwi/issues/657>`_
- The ``/run/`` URL path has been merged with ``/runs/`` due to configuration
refactoring. This may break your bookmarks or permalinks!
Bug fixes
~~~~~~~~~
- Don't traceback if markdown text is ``None``. Originally reported as
`SO 53662887 <https://stackoverflow.com/questions/53662887/>`_
- Show loading spinner when searching. Fixes
`Issue 653 <https://github.com/kiwitcms/Kiwi/issues/653>`_
- Quick fix: when viewing TestPlan cases make TC summary link to the test case.
Previously the summary column was a link to nowhere.
Translations
~~~~~~~~~~~~
- Updated `Chinese Traditional translation <https://crowdin.com/project/kiwitcms/zh-TW>`_
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
Refactoring
~~~~~~~~~~~
- New and updated internal linters
- Refactor ``testplans.views.new`` to class based view (Anton Sankov)
- Refactor ``TestCase -> Bugs tab -> Remove`` to JSON-RPC. References
`Issue 18 <https://github.com/kiwitcms/Kiwi/issues/18>`_
- Refactor ``removeCaseRunBug()`` to JSON-RPC, References
`Issue 18 <https://github.com/kiwitcms/Kiwi/issues/18>`_
- Remove unused ``render_form()`` methods
- Remove unnecessary string-to-int conversion (Ivaylo Ivanov)
- Remove obsolete label fields. References
`Issue 652 <https://github.com/kiwitcms/Kiwi/issues/652>`_ (Anton Sankov)
- Pylint fixes
- Remove JavaScript that duplicates ``requestOperationUponFilteredCases()``
- Remove ``QuerySetIterationProxy`` class - not used anymore
Kiwi TCMS 6.3 (4 Dec 2018) - Heisenbug Edition
----------------------------------------------
**IMPORTANT:** this is a medium severity security update that includes new versions
of Django and Patternfly, new database migrations, lots of improvements, bug fixes
and internal refactoring.
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)
After upgrade don't forget to::
./manage.py migrate
Security
~~~~~~~~
- Resolve medium severity XSS vulnerability which can be exploited when
previewing malicious text in Simple MDE editor. See
`CVE-2018-19057 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19057>`_,
`SNYK-JS-SIMPLEMDE-72570 <https://snyk.io/vuln/SNYK-JS-SIMPLEMDE-72570>`_
- Use ``mozilla/bleach`` before rendering Markdown to the user as a second layer
of protection against the previously mentioned XSS vulnerability.
Improvements
~~~~~~~~~~~~
- Update to `Django 2.1.4 <https://docs.djangoproject.com/en/2.1/releases/2.1.4/>`_
- Update to `Patternfly 3.58.0 <https://github.com/patternfly/patternfly/releases>`_
- Make docker container restartable (Maik Opitz, Adam Hall)
- Add GitLab issue tracker integration. Fixes
`Issue 176 <https://github.com/kiwitcms/Kiwi/issues/176>`_
(Filipe Arruda, Federal Institute of Pernambuco)
- Convert ``Create new TestPlan`` page to Patternfly (Anton Sankov)
- Upon successfull registration show the list of super-users in case new
accounts must be activated manually. This can be the same or expanded
version of the addresses in the ``ADMIN`` setting. Include super-users
in email notifications sent via ``tcms.signals.notify_admins()``.
- Don't include ``admin/js/*.js`` files in templates when not
necessary. Results in faster page load. Fixes
`Issue 209 <https://github.com/kiwitcms/Kiwi/issues/209>`_
- Enable ``nl2br`` Markdown extension which allows newline characters
to be rendered as ``<br>`` tags in HTML. Visually the rendered
text will look closer to what you seen in the text editor. Fixes
`Issue 623 <https://github.com/kiwitcms/Kiwi/issues/623>`_
- Use auto-complete for adding components to TestCase
Removed functionality
~~~~~~~~~~~~~~~~~~~~~
- Bulk-update of Category for selected TestCase(s) inside of
TestPlan
- Bulk-update of Components for selected TestCase(s) inside of
TestPlan
- Bulk-update of automated status for selected TestCase(s) inside of
TestPlan
- Bulk-remove for TestCase Component tab
These actions have always been a bit broken and didn't check the
correct permission labels. You can still update items idividually!
- Selection of Components when creating new TestCase. Closes
`Issue 565 <https://github.com/kiwitcms/Kiwi/issues/565>`_.
Everywhere else Kiwi TCMS doesn't allow selection of many-to-many
relationships when creating or editing objects. Tags, Bugs, Components,
TestPlans can be added via dedicated tabs once the object has been saved.
Bug fixes
~~~~~~~~~
- Hide ``KiwiUserAdmin.password`` field from super-user. Fixes
`Issue 610 <https://github.com/kiwitcms/Kiwi/issues/610>`_
- Don't show inactive Priority. Fixes
`Issue 637 <https://github.com/kiwitcms/Kiwi/issues/637>`_
- Don't traceback when adding new users via Admin. Fixes
`Issue 642 <https://github.com/kiwitcms/Kiwi/issues/642>`_
- Teach ``TestRun.update()`` API method to process the ``stop_date``
field. Fixes
`Issue 554 <https://github.com/kiwitcms/Kiwi/issues/554>`_ (Anton Sankov)
- Previously when reporting issues to Bugzilla, directly from a TestRun,
Kiwi TCMS displayed the error ``Enable reporting to this Issue Tracker by
configuring its base_url`` although that has already been configured.
This is now fixed. See
`Stack Overflow 53434949 <https://stackoverflow.com/questions/53434949/>`_
Database
~~~~~~~~
- Remove ``TestPlan.owner`` field, duplicates ``TestPlan.author``
Translations
~~~~~~~~~~~~
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
Refactoring
~~~~~~~~~~~
- Remove ``fmt_queries()``. Fixes
`Issue 330 <https://github.com/kiwitcms/Kiwi/issues/330>`_ (Anton Sankov)
- Remove unused parameter from ``plan_from_request_or_none()``. Refers to
`Issue 303 <https://github.com/kiwitcms/Kiwi/issues/303>`_ (Anton Sankov)
- Remove ``ComponentActions()`` class. Fixes
`Issue 20 <https://github.com/kiwitcms/Kiwi/issues/20>`_
- Convert lots of AJAX calls to JSON-RPC
- Remove lots of unused Python, JavaScript and templates. Both after migration
to JSON RPC and other leftovers
- Pylint fixes (Alexander Todorov, Anton Sankov)
Kiwi TCMS 6.2.1 (12 Nov 2018)
-----------------------------
**IMPORTANT:** this is a small release that includes some improvements
and bug-fixes
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)
Improvements
~~~~~~~~~~~~
- Update to `Patternfly 3.57.0 <https://github.com/patternfly/patternfly/releases>`_
- Update to `psycopg2 2.7.6.1 <http://initd.org/psycopg/articles/tag/release/>`_
Bug fixes
~~~~~~~~~
- Fix InvalidQuery, field ``TestCase.default_tester`` cannot be both deferred and
traversed using ``select_related`` at the same time. References
`Issue 346 <https://github.com/kiwitcms/Kiwi/issues/346>`_
Refactoring
~~~~~~~~~~~
- Pylint fixes (Ivaylo Ivanov)
- Remove JavaScript and Python functions in favor of existing JSON-RPC
- Remove vendored-in ``js/lib/jquery.dataTables.js`` which is now replaced by
the npm package ``datatables.net`` (required by Patternfly)
Translations
~~~~~~~~~~~~
- New `French translation <https://crowdin.com/project/kiwitcms/fr>`_
(Christophe CHAUVET)
Kiwi TCMS 6.2 (02 Nov 2018) - PiterPy Edition
---------------------------------------------
**IMPORTANT:** this is a small release that removes squashed migrations
from previous releases and includes a few improvements.
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2
Improvements
~~~~~~~~~~~~
- Update to `Django 2.1.3 <https://docs.djangoproject.com/en/2.1/releases/2.1.3/>`_
- Update Apache config to print logs on the console. Fixes
`Issue 549 <https://github.com/kiwitcms/Kiwi/issues/549>`_
Database
~~~~~~~~
- Remove old variants of squashed migrations from earlier releases
Translations
~~~~~~~~~~~~
- Updated `German translation <https://crowdin.com/project/kiwitcms/de>`_
Refactoring
~~~~~~~~~~~
- Update ``tcms.tests.factories.BugFactory`` (Ivaylo Ivanov)
- Add test for ``tcms.testcases.views.group_case_bugs`` (Ivaylo Ivanov)
- Pylint fixes (Ivaylo Ivanov)
- Remove unused JavaScript and re-use the existing JSON RPC methods
Kiwi TCMS 6.1.1 (29 Oct 2018)
-----------------------------
**IMPORTANT:** this release squashes database migrations and removes
older migrations that have been squashed in previous releases, a few
improvements and bug fixes.
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
Improvements
~~~~~~~~~~~~
- Dashboard will now show TestRuns which have test cases assigned to current
user. Fixes
`Issue 520 <https://github.com/kiwitcms/Kiwi/issues/520>`_
- API method ``TestRun.add_case()`` now returns a serialized TestCaseRun object.
Previously this method returned None
Bug fixes
~~~~~~~~~
- Don't show disabled Priority records in UI. Fixes
`Issue 334 <https://github.com/kiwitcms/Kiwi/issues/334>`_
Translations
~~~~~~~~~~~~
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
Refactoring
~~~~~~~~~~~
- Fix some pylint errors (Ivaylo Ivanov)
Database
~~~~~~~~
- Remove old squashed migrations for ``management``, ``testplans``,
``testcases`` and ``testruns`` apps
- Squash the remaining migrations for ``management``, ``testplans``,
``testcases`` and ``testruns`` apps
Kiwi TCMS 6.1 (20 Oct 2018)
---------------------------
**IMPORTANT:** this release introduces new database migrations,
internal updates and bug fixes. It is a small release designed
to minimize the number of database migrations by squashing them together.
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
After upgrade don't forget to::
./manage.py migrate
Improvements
~~~~~~~~~~~~
- New middleware that will check missing settings. At the moment will only
check Base URL configuration which often gets forgotten!
Bug fixes
~~~~~~~~~
- Hot-fix for error caused by the API method ``TestRun.update``. Error was
initially reported on
`StackOverflow <https://stackoverflow.com/questions/52865463/>`_.
This patch makes it possible to use the API without crashing however the
``TestRun.update`` method doesn't handle the ``stop_date`` field at the moment!
Translations
~~~~~~~~~~~~
- Updated translation source strings
Database
~~~~~~~~
- Squash migrations for ``management`` app
- Squash migrations for ``testcases`` app
- Squash migrations for ``testplans`` app
- Squash migrations for ``testruns`` app
Kiwi TCMS 6.0.1 (20 Oct 2018)
-----------------------------
**IMPORTANT:** this release introduces new database migrations and
internal updates. It is a small release designed
to minimize the number of database migrations by squashing them together.
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
After upgrade don't forget to::
./manage.py migrate
Improvements
~~~~~~~~~~~~
- Update `Jira from 1.0.10 to 2.0.0 <https://github.com/pycontribs/jira>`_
- Update to `Patternfly 3.55.0 <https://github.com/patternfly/patternfly/releases>`_
- Use button instead of HTML link for deleting test plan (Oleg Kainov)
Translations
~~~~~~~~~~~~
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
- Updated `German translation <https://crowdin.com/project/kiwitcms/de>`_
- Updated translation source strings
Refactoring
~~~~~~~~~~~
- Fix pylint errors (Ivaylo Ivanov)
- Remove unused ``TestRun.list`` and ``TestCase.list_confirmed`` methods
- Remove unused ``plan_by_id_or_name()`` and ``is_int()``. Fixes
`Issue 269 <https://github.com/kiwitcms/Kiwi/issues/269>`_
Database
~~~~~~~~
- Rename ``tcms.core.contrib.auth`` to ``tcms.kiwi_auth``
- Remove field ``user`` from ``TestCaseTag``, ``TestRunTag`` and ``TestPlanTag``
models
Kiwi TCMS 6.0 (04 Oct 2018)
---------------------------
**IMPORTANT:** this release introduces new database migrations, removal of
environment properties in favor of tags, internal updates and bug fixes.
After upgrade don't forget to::
./manage.py migrate
Improvements
~~~~~~~~~~~~
- Update to `Django 2.1.2 <https://docs.djangoproject.com/en/2.1/releases/2.1.2/>`_
due to high severity security issue
- Update to `Patternfly 3.54.8 <https://github.com/patternfly/patternfly/releases>`_
- ``Tag`` objects are now shown in Admin panel
- Add autocomplete when adding tags to ``TestRun`` via UI
Removed functionality
~~~~~~~~~~~~~~~~~~~~~
- TestCase new and edit views no longer allow editing of tags. Tags can be
added/removed from the Tags tab which also makes sure to properly account
for permissions
- Remove ``EnvGroup``, ``EnvProperty`` and ``EnvValue`` models in favor of tags.
Existing values and properties are converted into tags and automatically added
to test runs!
- Convert squashed database migrations to regular ones and remove older migrations.
**WARNING:** upgrade from versions <= 5.3.1 to 6.0 will break without an intermediate
upgrade to ``kiwitcms/kiwi:5.3.1 a420465852be``.
- Remove deprecated ``TestCase.estimated_time`` and ``TestRun.estimated_time``. Fixes
`Issue 514 <https://github.com/kiwitcms/Kiwi/issues/514>`_
Backend API
-----------
- No longer use ``product_version`` for ``TestRun.create``. Fixes
`Issue 522 <https://github.com/kiwitcms/Kiwi/issues/522>`_
- 'product' is no longer required
- 'product_version' is no longer required
- 'manager' and 'default_tester' can be usernames or IDs
- ``TestCase.create`` no longer accepts 'tag' values
- ``TestRun.add_tag`` and ``TestRun.remove_tag`` now return list of tags.
Previously these methods returned ``None``!
This is the list of tags assigned to the TestRun that is being modified!
Bug fixes
~~~~~~~~~
- Fix mismatched HTML tag in ``plan/get.html`` template (Oleg Kainov)
- Don't use ``|slugify`` filter in templates which breaks HTML links with non-ASCII
TestPlan names. Fixes
`Sentry KIWI-TCMS-38 <https://sentry.io/open-technologies-bulgaria-ltd/kiwi-tcms/issues/676626096/>`_
Refactoring
~~~~~~~~~~~
- Fix pylint errors (Ivaylo Ivanov, Anton Sankov)
- Use existing JSON-RPC methods to add/remove tags via webUI and remove specialized
backend methods that handled these requests. Also make sure to obey respective
permissions
Translations
~~~~~~~~~~~~
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl>`_
Kiwi TCMS 5.3.1 (04 Sept 2018)
------------------------------
Visual changes
~~~~~~~~~~~~~~
- Add pagination controls to pages with search results
Kiwi TCMS 5.3 (04 Sept 2018)
----------------------------
**IMPORTANT:** this release brings lots of UI updates and removal of unused
and/or duplicated functionality and source code. Many pages have been redesigned
with the Patternfly library to have a modern look and feel.
Kiwi TCMS is now using the
`'kiwi-tcms' <https://stackoverflow.com/questions/tagged/kiwi-tcms>`_
tag on StackOverflow to track questions.
This will be the last release to carry around squashed migrations. In version
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application