Tuleap 13.x

Tuleap 13.2

Note

Tuleap 13.2 is currently under development.

All users will need to log in again after the upgrade (>= Tuleap Community 13.1.99.22)

In order to mitigate performance issues we have been forced to clear all the ongoing sessions. All your users will be disconnected after this upgrade. This is a one time thing and there is no security implications to it.

Tuleap 13.1

All users will need to log in again after the upgrade (>= Tuleap Enterprise 13.1-2)

In order to mitigate performance issues we have been forced to clear all the ongoing sessions. All your users will be disconnected after this upgrade. This is a one time thing and there is no security implications to it.

Minimal browser support raised to Firefox 78 ESR and Chrome 87

The best effort support is now Firefox 78 ESR and Chrome 87. Versions older than that do not work at all anymore to browse Tuleap.

The recommendation is still to use the latest version of Mozilla Firefox, Microsoft Edge or Google Chrome.

Tuleap can no longer be accessed with http without TLS (HTTPS only)

Tuleap always expects to be accessed over HTTPS, for this reason having a dedicated setting sys_https_host is no more necessary.

You should make sure the setting sys_default_domain in your /etc/tuleap/conf/local.inc file is set to the qualified domain name you use to access the instance.

The setting sys_https_host can be removed from your /etc/tuleap/conf/local.inc file as it is no more used.

Plugin configuration can no longer be edited from Tuleap Site Administrator UI

It’s been deprecated and deactivated by default since Tuleap 9.8, released in may 2017. So hopefully nobody still have this activated and used. Before Tuleap 9.8, plugin variables defined in /etc/tuleap/plugin/$PLUGIN/etc/$PLUGIN.inc file were editable from site administration interface.

This was a major security risk (allow users to write code that will be executed is always a major risk) so we deactivated it by default for all platforms and introduced a parameter in local.inc to allow admins to do a smooth transition.

In case of doubt, check if /etc/tuleap/conf/local.inc contains a variable named $sys_plugins_editable_configuration:

  • If it is set to 0. If it’s the case, you’re good, you can remove this variable, it’s no longer used.

  • If it is set to 1. You were at risk and you are now safer.

For teams that were still $sys_plugins_editable_configuration = 1; it means that update of the configuration must now be done with an SSH access to the platform.

Tuleap 13.0

Nothing to mention.