Tuleap 13.x

Tuleap 13.3

Note

Tuleap 13.3 is currently under development.

Tuleap 13.2

Metadata of the Tuleap Community repository are now signed

The metadata of the Tuleap Community repository are now GPG signed. Previously, only the packages themselves were signed. You can update your /etc/yum.repos.d/Tuleap.repo to add the repo_gpgcheck=1 directive to tell yum to verify the signature.

You can verify your configuration is correct by checking the Tuleap installation page.

End of life for Tuleap “stable” repository

The repository located at the URL https://ci.tuleap.net/yum/tuleap/rhel/7/stable/x86_64/ will not be updated anymore. The repository will put offline at some point in the future without further notice.

Please note that stable name has always been misleading as it’s merely a snapshot a fixed point in time with no stabilization process. It was there provide dependencies (eg. mailman or mediawiki) that we were not able to ship elsewhere. Those packages are now built properly within the regular publication pipeline. Hence, stable has no reasons to be kept.

Tuleap Enterprise users can remove it from their repo file /etc/yum.repos.d/Tuleap.repo (it is the repository with the exclude=tuleap* instruction). In case of doubt please reach out to your support contact.

Tuleap Community users should update their configuration to match the instructions given on the Tuleap installation page. Please note this repository was never officially supported for Tuleap Community.

All users will need to log in again after the upgrade (>= Tuleap Community 13.1.99.22)

In order to mitigate performance issues we have been forced to clear all the ongoing sessions. All your users will be disconnected after this upgrade. This is a one time thing and there is no security implications to it.

Mediawiki MLEB extensions removed

Those Mediawiki extensions are disabled since Tuleap 12.7. Since no feedback has been provided since then they have been removed definitely. If the package php-mediawiki-mleb-tuleap is installed on your server, it is safe to remove it.

Tuleap 13.1

All users will need to log in again after the upgrade (>= Tuleap Enterprise 13.1-2)

In order to mitigate performance issues we have been forced to clear all the ongoing sessions. All your users will be disconnected after this upgrade. This is a one time thing and there is no security implications to it.

Minimal browser support raised to Firefox 78 ESR and Chrome 87

The best effort support is now Firefox 78 ESR and Chrome 87. Versions older than that do not work at all anymore to browse Tuleap.

The recommendation is still to use the latest version of Mozilla Firefox, Microsoft Edge or Google Chrome.

Tuleap can no longer be accessed with http without TLS (HTTPS only)

Tuleap always expects to be accessed over HTTPS, for this reason having a dedicated setting sys_https_host is no more necessary.

You should make sure the setting sys_default_domain in your /etc/tuleap/conf/local.inc file is set to the qualified domain name you use to access the instance.

The setting sys_https_host can be removed from your /etc/tuleap/conf/local.inc file as it is no more used.

Plugin configuration can no longer be edited from Tuleap Site Administrator UI

It’s been deprecated and deactivated by default since Tuleap 9.8, released in may 2017. So hopefully nobody still have this activated and used. Before Tuleap 9.8, plugin variables defined in /etc/tuleap/plugin/$PLUGIN/etc/$PLUGIN.inc file were editable from site administration interface.

This was a major security risk (allow users to write code that will be executed is always a major risk) so we deactivated it by default for all platforms and introduced a parameter in local.inc to allow admins to do a smooth transition.

In case of doubt, check if /etc/tuleap/conf/local.inc contains a variable named $sys_plugins_editable_configuration:

  • If it is set to 0. If it’s the case, you’re good, you can remove this variable, it’s no longer used.

  • If it is set to 1. You were at risk and you are now safer.

For teams that were still $sys_plugins_editable_configuration = 1; it means that update of the configuration must now be done with an SSH access to the platform.

Tuleap 13.0

Nothing to mention.