File Release Notes and Changelog

Notes

Release Name: 7.11

Notes:
Tuleap 7.11 (Wednesday, March 4th 2015)
========================================

Feature
-----------------------

    * Parts of story #7495: set permissions on artifact priority change
    * story #7854 Add new extensions into Mediawiki
    * Parts of story #7579 move cards in my cardwall

Feature Request
-----------------------

    * request #7711: Add csv export in site admin user list interface (Contrib STMicroelectronics)

Security
-----------------------

    * request #7831: Fix SQL injection in trove cat listing
    * request #7818: Fix SQL injection in trove cat
    * request #7819: Fix persistent XSS in trove categories
    * request #7849: Fix XSS in development mode
    * request #7847: Fix persistent XSS in project sidebar
    * request #7806: Avoid HTTP Response Splitting and uncontroled redirection in FRS
    * request #7872: Escape all SQL queries parameters in survey service
    * request #7887: Properly escape SQL queries in cross reference
    * request #7889: Fix persistent XSS in cross reference
    * request #7895: Fix SQL injection in the most active projects page

Plugins
-----------------------


### agiledashboard 1.168

    * Kanban Glossification
- Transform table layout to div layout
- Width of columns is evenly distributed (even if user resize the
  browser or collapse/expand columns)
- Height/Width of the board are 100%
- When user scroll cards, they go under the column header
- spinners are replaced by animation on big numbers
- Fat combined is no more included in kanban view
- Cards color
This is part of story #7579 move cards in my cardwall
    * story #7579: Cards can be moved to any columns
    * story #7579: Save order when card is moved to backlog
    * story #7579: Display error message when rest fails
    * story #7579: Remove open/closed meaningless numbers in header
    * story #7579: Move card from other colmuns in backlog
    * story #7495 - permissions on static groups are not kept during duplication
    * story #7579 - Deal with global rank in archive
    * story #7579 - Deal with priority change
    * story #7495 - Tell the user why he can't drag'n'drop items
    * story #7495: Manage the perm in REST routes
    * story #7495 - Manage the perm in the planning v1
    * story #7495: Prevent adding element in the backlog in planning v2 if user hasn't the perm to prioritize items
    * story #7495: Manage the perm in the planning v2
    * story #7579: On load, display cards in archive
    * story #7579: On load, display cards not in backlog
    * story #7579: Drag 'n drop cards on Kanban (ui only)
    * story #7495 - I can't reorder items in the content if I don't have the permission to do it
    * story #7495 - Define a priority change permission on a planning (perms not taken into account)

### docman 2.26.66

    * request #7864: reindexing project services on ugroup changes

### fulltextsearch 0.126

    * Revert fix request #7862: Old phppwiki search method no longer available
    * request #7864: only reindex project services once
    * request #7864: reindexing project services on ugroup changes
    * request #7816: not trying to index files above a certain size in elastic search
    * Fix request #7862: Old phppwiki search method no longer available

### git 4.13

    * Refactor general settings to ease modifications
    * Have more git logs in debug mode

### graphontrackers 1.13

    * request #7828: Fix XSS in graph on tracker v3 plugin

### mediawiki 0.62

    * story #7745: Mediawiki new plugins
    * http://www.mediawiki.org/wiki/Extension:Labeled_Section_Transclusion
    * http://www.mediawiki.org/wiki/Categorytree
    * http://www.mediawiki.org/wiki/Extension:Cite
    * http://www.mediawiki.org/wiki/Extension:ImageMap
    * http://www.mediawiki.org/wiki/Extension:InputBox
    * http://www.mediawiki.org/wiki/UNC_links

### tracker 5.582

    * Deal with XML for POST Artifacts
For now, it only works (in XML) when we add in the XML structure 2 or moar fields
This task is part of story #7702 use XML for REST api
    * request #7894: Fixing potential blank page on report save
    * story #7702 use XML for REST api (Add Restler type in ArtifactReprensetation)
    * story #7579: Move card from other colmuns in backlog
    * request #7864: reindexing project services on ugroup changes
    * request #7640: on-screen notification for tracker admins when all the reports are set to Private
    * story #7776: see diff for string without having to click on 'Show diff button'
    * story #7495 - permissions on static groups are not kept during duplication
    * story #7579 - Deal with priority change
    * story #7495 - Manage the perm in the planning v1
    * request #7876 - Javascript error when not on tracker page
    * story #7579: On load, display cards not in backlog
    * request #7865: PHP fatal error when modifying a report
    * Fix request #7855: Issue with 'Select artifacts to link' on the artifact Edit page

### webdav 1.9.8

    * story #7821: Windows 7 webdav FRS file creation
    * Empty files can be created
    * Files can be updated
    * Files can be drag'n'droped from filesystem to webdav
    * You can't create files with name containing special chars (parenthesis are not allowed)

Bug Fix
-----------------------

    * request #7846: allowing a system to always handle CVS commits as coming from windows or utf8
    * request #7879: Add a whitelist for the Content-Security-Policy directive script-src
    * request #7758: php error when registering new user
    * request #7841: Pagination headers cannot be read in CORS request
    * request #7839: A project admin can't remove his rights if he is the only project admin
    * request #7855: Issue with 'Select artifacts to link' on the artifact Edit page
    * request #7862: Old phppwiki search method no longer available
    * request #7826: Improve error detection of FRS file moving
    * request #7860: Redirection link when you are not authenticated only redirects to service
    * request #7297: allowing a restricted user to see their own avatar
    * request #7809: force into utf8 tv3 export of artifact history
    * request #7877: Use a valid value for the Content Security Policy directive reflected-xss
    * request #7811: Filenames with ' are now correctly processed in FRS

Development
-----------------------

    * story #7495: be able to get ugroups of a project for a given permission
    * Have more git logs in debug mode
    * Bump copyright
    * Integrate REST api in version checker

Themes
-----------------------

    * FlamingParrot: 1.66

Api
-----------------------

    * REST API: 1.6
Changes:

References

List of items referenced by or referencing this item.

Artifact Tracker v5

story #7495 , story #7854 , story #7579 , request #7711 , request #7831 , request #7818 , request #7819 , request #7849 , request #7847 , request #7806 , request #7872 , request #7887 , request #7889 , request #7895 , request #7864 , request #7862 , request #7816 , request #7828 , story #7745 , story #7702 , request #7894 , request #7640 , story #7776 , request #7876 , request #7865 , request #7855 , story #7821 , request #7846 , request #7879 , request #7758 , request #7841 , request #7839 , request #7826 , request #7860 , request #7297 , request #7809 , request #7877 , request #7811

Public

Release Name: 7.11