From 78251dccf098d95f1d2c726939cac7a5ca0e1c6c Mon Sep 17 00:00:00 2001 From: "Mr. Senko" Date: Sun, 1 Mar 2020 16:45:35 +0200 Subject: [PATCH] Changelog for v8.1 --- CHANGELOG.rst | 107 +++++++++++++++++++++++++++++++++++++++++++++++ tcms/__init__.py | 2 +- 2 files changed, 108 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a706dcfd1e..ad74f24644 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,6 +1,113 @@ Change Log ========== + +Kiwi TCMS 8.1 (04 Mar 2020) +--------------------------- + +**IMPORTANT:** this is a small security and improvement release which +also includes several bug fixes, internal refactoring and updated translations. + + +Supported upgrade paths:: + + 5.3 (or older) -> 5.3.1 + 5.3.1 (or newer) -> 6.0.1 + 6.0.1 -> 6.1 + 6.1 -> 6.1.1 + 6.1.1 -> 6.2 (or newer) + +After upgrade don't forget to:: + + ./manage.py migrate + + +Security +~~~~~~~~ + +- JSON-RPC handler will now HTML escape all strings. This prevents XSS attacks + via tags, components or anything else which is loaded on the web page via RPC + and then shown as string. Even if someone saves ```` + in the database the returned result will be HTML escaped and will not be executed + as JavaScript! + + .. note:: + + This is easy to exploit but people able to do so should have accounts in + your Kiwi TCMS installation and write privileges on their accounts. If they + do this means they can cause a lot more damage much more easily! +- Update Django from 3.0.3 to 3.0.4 - fixes security issue CVE-2020-9402: + Potential SQL injection via ``tolerance`` parameter in GIS functions and aggregates + on Oracle which we believe does not affect Kiwi TCMS + + +Improvements +~~~~~~~~~~~~ + +- Update bleach from 3.1.0 to 3.1.1 +- Update django-colorfield from 0.1.15 to 0.2.1 +- Update markdown from 3.2 to 3.2.1 +- On bug creation send email to assignee. Fixes + `Issue #1154 `_ (Mfon Eti-mfon) +- Make it possible to provide override settings in a directory. Kiwi TCMS will + respect: + + - ``local_settings.py`` + - ``local_settings_dir/*.py`` + + For more information see + https://kiwitcms.readthedocs.io/en/latest/installing_docker.html#customization +- Allow adding TestPlan to TestCase via UI. Fixes + `Issue #1021 `_ +- Add visual representation of failures in TestCase health telemetry +- Add helper text to TestExecutionStatus admin +- Add link to discussion forum in Help menu + + +API +~~~ + +- ``TestCase.create()`` method no longer accepts ``product`` or ``product_id`` + fields which have previously been deprecated +- API methods which receive True/False values will no longer parse yes,no,1,0 values. + The only accepted values are boolean constants defined in the calling programming + language which are then transmitted via XML-RPC or JSON-RPC and converted to + native boolean on the backend + + +Bug fixes +~~~~~~~~~ + +- The number of search results shown per page can now be controlled via + ``DEFAULT_PAGE_SIZE`` setting, which is 100 by default. Fixes + `Issue #1210 `_ (Ivailo Karabojkov) +- Use comma separated display of components in bug reports. Fixes + `Issue #1157 `_ (Ivailo Karabojkov) +- Update selector for 'Select All' test executions in TestRun page. Fixes + `Issue #1404 `_ +- Fix crash when sorting test cases in TestPlan page. Fixes + `Sentry #KIWI-TCMS-A6 `_ +- Fix a ``TC-undefined`` displayed in TestCase health telemetry + + +Refactoring +~~~~~~~~~~~ + +- Add test for ``TestRunAdmin.change_view()`` (Mariyan Garvanski) +- Remove unused ``showCaseRunsWithSelectedStatus`` +- Internal JavaScript updates + + +Translations +~~~~~~~~~~~~ + +- Updated `Bulgarian translation `_ +- Updated `Chinese Simplified translation `_ +- Updated `French translation `_ +- Updated `Slovenian translation `_ + + + Kiwi TCMS 8.0 (12 Feb 2020) --------------------------- diff --git a/tcms/__init__.py b/tcms/__init__.py index bcad6ed0a7..637ceaaa47 100644 --- a/tcms/__init__.py +++ b/tcms/__init__.py @@ -1,2 +1,2 @@ # -*- coding: utf-8 -*- -__version__ = '8.0' +__version__ = '8.1'