File Release Notes and Changelog

Notes
Release Name: 8.1

Notes:
Tuleap 8.1 (Monday, May 4th 2015)
========================================

Enhancement
-----------------------

    * story #7813: restricted users can view unrestricted public projects in trove cats
    * request #7979: Disable usage statistics in project administration
    * request #7384: restoring a git repository is now done by the APP user
    * request #7938: Allow proper reverse proxy of Tuleap (Allow to query REST API in HTTP without SSL)

Bug Fix
-----------------------

    * request #8052: Switch between reports don't work in TV3
    * request #8045: restricted user cannot access services even if they are a project member
    * request #8050: Fatal error with sparklines
    * request #7780: service_file_lbl_key is displayed in the toolbar in frs > edit package
    * request #8012: /soap/index.php is no more reachable; project data no-longer exports
    * request #7978: REST route called in top backlog in planning v2 contians a PHP notice
    * request #7985: SQL permissions object_id with no quotes if it is an ID
    * request #8023: Infinite loop when Tracker plugin is restricted
    * request #8016: Force codendiadm owner group for FRS folder
    * request #8035: Missing route in REST API: OPTIONS projects/id/user_groups
    * request #8039: Fix the purification in user group permissions
    * request #8044: Fatal error on full text search

Security
-----------------------

    * request #8015: Fix reflected XSS in the user group creation
    * request #8017: SQL injection in user groups project administration
    * request #7974: Prevent SQL injections at the project creation
    * request #7977: Reflected XSS in project statistics
    * request #7790: Add missing anti-CSRF token in SSH keys edit form and bookmarks management
    * request #7797: Fix persistent XSS in autocomplete forms
    * request #7763: Avoid errors concerning SELinux policies in packages

Plugins
-----------------------


### admindelegation 2.9

    * story #7813: allow the project administrator to give restricted users access to their project

### agiledashboard 1.188

    * request #7880 Hide Closed Items in V2 Planning only hides Parent artifacts
    * request #7975: Can't move an item from a submilestone to the top backlog in planning v2
    * request #7925: Milestone should be collapsed by default in planning v2
    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23

### cardwall 1.48

    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23

### docman 2.26.74

    * request #8040: avoid to display HTML entities in the popup when you delete a property in Docman
    * request #8027: Git repositories in private projects can be accessed by non project members
    * request #8028: Fix docman search table header
    * request #8019 Not able to create an approval table for folder
    * request #7981: Docman approval_table_reminder fix of warning (Contrib STMicroelectronics)
    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23

### fusionforge_compat 0.9

    * story #7813: allow the project administrator to give restricted users access to their project
    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23

### git 4.43

    * request #8045: restricted user cannot access services even if they are a project member
    * request #8027: Git repositories in private projects can be accessed by non project members
    * story #7813: site admin can rename registered and authentified groups
    * story #7813: update git repositories when switching project access
    * story #7813: detect access platform switch and update git repositories accordingly
    * request #8025: fatal error FTS queue
    * request #8024: Syntax not compatible with PHP 5.1
    * story #7813: Properly inject GitPermissionsManager
    * story #8021: Refactoring: extract gitolite project serializer
    * story #8021: Add hostname info as mirror parameter
    * request #8018 Git repostory update does not update Grokmirror manifest file
    * story #7813: configure a git repo to allow access for restricted users
- need forge and project to allow restricted users
- restricted user can clone and push
- switching project to public or private disables access for restricted on repos
- switching forge to public or anon disables access for restricted on repos (UI only)
    * request #8001: SSH key update does not update Grokmirror manifest file
    * request #8003: Git HTTP - error while cloning
    * story #7813: allow the project administrator to give restricted users access to their project
    * request #7384: restoring a git repository is now done by the APP user
    * request #7384: Restore archived gitolite repositories
    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23
    * Move sys_allow_anon in the database (story #7813: grant restricted users access to git repositories)
    * story #7813: Refactoring- Introduce ConfigValueFileProvider
    * request #7960: Disabled "Migrate to gerrit" if repo not fully created

### IM 1.5.26

    * request #7939: XSS in the web chat room
    * story #7813: allow the project administrator to give restricted users access to their project
    * request #7952: Disable the imadmin-bot account

### ldap 3.78

    * request #8043: Add more info on var usage in ldap.inc
    * Fix tests
    * story #7984: Fix LDAP write usage
    * story #7984: provision LDAP from Tuleap
    * request #7797: Fix persistent XSS in autocomplete forms
    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23
    * Move sys_allow_anon in the database (story #7813: grant restricted users access to git repositories)

### mediawiki 0.68

    * story #7886 - All new wikis are 1.23 if it's installed
    * Fix packaging issue
    * * story #7886: site admin can select a project to migrate
    * story #7886: Duplicate Tuleap theme for 1.23
    * story #7886: Import Monobook difference from REL1_23 branch @ MW
    * story #7886 - Fix UI Glitches
    * story #7886: replace MW symlinks by php includes
    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23
    * story  #7886 - remove Tuleap skin from deprecated autodiscovery mechanism

### openid 0.8

    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23
    * story #7813: Refactoring- Introduce ConfigValueFileProvider

### pluginsadministration 1.9

    * request #8023: Infinite loop when Tracker plugin is restricted
    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23

### statistics 0.48

    * request #8048: Table header overly escaped in project quota page
    * Fix tests
    * story #7742: Warn the user in UI that some dates have been purged
    * story #7742: launch the purge on daily basis
    * story #7742: first purge script
    * story #7813: allow the project administrator to give restricted users access to their project
    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23

### tracker 5.616

    * request #8042: Artifact displays blank page due to fatal error when fetching followup
    * request #8042: Artifact displays blank page due to fatal error
    * request #8030 Not able to modify value of a radio button
    * request #7995: Remove use of log method for cross tracker search
    * request #8005: Decorator for radio button values are not displayed
    * request #7980: fix XSS in site statistics
    * request #7990 Updated tracker shortname not updated in ArtifactLink_changesetValue
    * request #7998: Fix display of tracker form element string field
    * Refacto: Using the API to get information for REST tests
    * request #7973 Tracker XML export does not export field permissions
    * Properly display parent in the ArtifactLink field (follow-up to request #7945)
    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23
    * request #7945: Fix XSS in tracker form elements
    * request #7942: when too many inconsistencies to solve at once in AD, a time out occured
    * story #7813: Refactoring- Introduce ConfigValueFileProvider

### webdav 1.9.11

    * story #7813: allow the project administrator to give restricted users access to their project
    * story #7886 - rename Config to ForgeConfig for Mediawiki 1.23
    * Move sys_allow_anon in the database (story #7813: grant restricted users access to git repositories)

Themes
-----------------------

    * FlamingParrot: 1.81

Api
-----------------------

    * REST API: 1.8

Development
-----------------------

    * story #7742: ROOT_DAILY now logs if Exceptions are thrown during process
    * Fix test suite
Changes:
References
List of items referenced by or referencing this item.
Artifact Tracker v5
story #7813 , request #7979 , request #7384 , request #7938 , request #8052 , request #8045 , request #8050 , request #7780 , request #8012 , request #7978 , request #7985 , request #8023 , request #8016 , request #8035 , request #8039 , request #8044 , request #7790 , request #7763 , request #7880 , request #7975 , request #7925 , story #7886 , request #8040 , request #8028 , request #8019 , request #7981 , request #8025 , request #8024 , story #8021 , request #8018 , request #8001 , request #8003 , request #7960 , request #8043 , story #7984 , request #8048 , story #7742 , request #8042 , request #8030 , request #7995 , request #8005 , request #7990 , request #7998 , request #7973 , request #7942
Public

Release Name: 8.1
