Tuleap 13.x

Tuleap 13.12

Nothing to mention.

Tuleap 13.11

Changes in the way SVN authentication and project level authorization is handled

This change is not expected to require modifications from system administrators. As it impacts a sensitive part of Tuleap, system administrators should test carefully SVN accesses after the upgrade. In case of issues, please reach out to the development team.

The way Tuleap authenticates users and authorizes them at the project level has changed. Until now, Tuleap was handling this using a mod_perl module in Apache. The authentication is now handled like other web requests without dependending on a module loaded in Apache.

Tuleap instances deployed using the advanced distributed SVN setup must ensure the Apache server cannot be reached directly by the end-users otherwise they could access resources without being authenticated.

Tuleap 13.10

General availability of Document

Please welcome Document plugin in Tuleap Community Edition 🎉.

There is now only one package tuleap-plugin-document to serve the Document Manager. There is nothing to do for users of the legacy tuleap-plugin-docman, it will be automatically replaced by tuleap-plugin-document during the upgrade.

Tuleap 13.9

Brazilian Portuguese

Brazilian Portuguese can be enabled for your instance by adding pt_BR to the list of supported languages in /etc/tuleap/conf/local.inc. For example:

$sys_supported_languages = 'en_US,fr_FR,pt_BR';

Please note that Brazilian Portuguese is a community contribution and is only partially translated.

Tuleap 13.8

General availability of Baseline

Tuleap Enterprise users that were using the specific Baseline repository to retrieve the Baseline plugin can now remove it from their Yum configuration.

The Baseline plugin is now available in the main Tuleap Enterprise repository.

Docker Images

The environment variables TULEAP_DB_SSL_MODE and TULEAP_DB_SSL_CA were removed in favor of the official variables:

  • TULEAP_SYS_ENABLESSL: can be either 0 to disable or 1 to enable encryption of traffic with database.

  • TULEAP_SYS_DB_SSL_VERIFY_CERT: can be either 0 to disable or 1 to enable verification of database’s certificates.

  • TULEAP_SYS_DB_SSL_CA: path toward a custom CA file for certifacte verification.

This only affect newly deployed containers (this variable is only used at container initalization at the moment).

Tuleap 13.7

Webdav

The access via a dedicated host (like https://webdav.tuleap.example.com/) that was once necessary for Windows 7 and before, is now removed. Webdav is only accessible on https://tuleap.example.com/plugins/webdav.

Tuleap 13.6

Configuration / local.inc

Two variables from local.inc, $sys_dbauth_user and $sys_dbauth_passwd were automatically transfered to the database at upgrade. You should remove those 2 variables from local.inc. Please note that sys_dbauth_passwd is now stored encrypted.

RedHat/CentOS git package no longer needed

With packaging of gitolite as part of Tuleap, there is no longer any dependencies on “system” git. You can remove the package with:

yum remove git

Tuleap 13.5

Docker Images

Docker images now requires password for database user (tuleapadm) and site administrator to be injected at container initialization. See mandatory configuration variables.

The parameter DB_HOST was renamed TULEAP_SYS_DBHOST. This only affect newly deployed containers (this variable is only used at container initalization at the moment).

Tuleap 13.4

Removal of the textualreport plugin

This plugin is replaced by the Tuleap DocGen (document_generation) plugin. You can active the Tuleap DocGen plugin from the site administration if you wish to keep a way to generate document from a tracker report.

Tuleap 13.3

Nothing to mention.

Tuleap 13.2

Metadata of the Tuleap Community repository are now signed

The metadata of the Tuleap Community repository are now GPG signed. Previously, only the packages themselves were signed. You can update your /etc/yum.repos.d/Tuleap.repo to add the repo_gpgcheck=1 directive to tell yum to verify the signature.

You can verify your configuration is correct by checking the Tuleap installation page.

End of life for Tuleap “stable” repository

The repository located at the URL https://ci.tuleap.net/yum/tuleap/rhel/7/stable/x86_64/ will not be updated anymore. The repository will put offline at some point in the future without further notice.

Please note that stable name has always been misleading as it’s merely a snapshot a fixed point in time with no stabilization process. It was there provide dependencies (eg. mailman or mediawiki) that we were not able to ship elsewhere. Those packages are now built properly within the regular publication pipeline. Hence, stable has no reasons to be kept.

Tuleap Enterprise users can remove it from their repo file /etc/yum.repos.d/Tuleap.repo (it is the repository with the exclude=tuleap* instruction). In case of doubt please reach out to your support contact.

Tuleap Community users should update their configuration to match the instructions given on the Tuleap installation page. Please note this repository was never officially supported for Tuleap Community.

All users will need to log in again after the upgrade (>= Tuleap Community 13.1.99.22)

In order to mitigate performance issues we have been forced to clear all the ongoing sessions. All your users will be disconnected after this upgrade. This is a one time thing and there is no security implications to it.

Mediawiki MLEB extensions removed

Those Mediawiki extensions are disabled since Tuleap 12.7. Since no feedback has been provided since then they have been removed definitely. If the package php-mediawiki-mleb-tuleap is installed on your server, it is safe to remove it.

Tuleap 13.1

All users will need to log in again after the upgrade (>= Tuleap Enterprise 13.1-2)

In order to mitigate performance issues we have been forced to clear all the ongoing sessions. All your users will be disconnected after this upgrade. This is a one time thing and there is no security implications to it.

Minimal browser support raised to Firefox 78 ESR and Chrome 87

The best effort support is now Firefox 78 ESR and Chrome 87. Versions older than that do not work at all anymore to browse Tuleap.

The recommendation is still to use the latest version of Mozilla Firefox, Microsoft Edge or Google Chrome.

Tuleap can no longer be accessed with http without TLS (HTTPS only)

Tuleap always expects to be accessed over HTTPS, for this reason having a dedicated setting sys_https_host is no more necessary.

You should make sure the setting sys_default_domain in your /etc/tuleap/conf/local.inc file is set to the qualified domain name you use to access the instance.

The setting sys_https_host can be removed from your /etc/tuleap/conf/local.inc file as it is no more used.

Plugin configuration can no longer be edited from Tuleap Site Administrator UI

It’s been deprecated and deactivated by default since Tuleap 9.8, released in may 2017. So hopefully nobody still have this activated and used. Before Tuleap 9.8, plugin variables defined in /etc/tuleap/plugin/$PLUGIN/etc/$PLUGIN.inc file were editable from site administration interface.

This was a major security risk (allow users to write code that will be executed is always a major risk) so we deactivated it by default for all platforms and introduced a parameter in local.inc to allow admins to do a smooth transition.

In case of doubt, check if /etc/tuleap/conf/local.inc contains a variable named $sys_plugins_editable_configuration:

  • If it is set to 0. If it’s the case, you’re good, you can remove this variable, it’s no longer used.

  • If it is set to 1. You were at risk and you are now safer.

For teams that were still $sys_plugins_editable_configuration = 1; it means that update of the configuration must now be done with an SSH access to the platform.

Tuleap 13.0

Nothing to mention.