Safety vulnerability ID: 51780
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Kiwitcms 11.6 updates its dependency 'Django' from 4.0.7 to 4.1.3 to include a security fix.
Latest version: 12.4
Test Case Management System
- Sanitize HTML input when generating history diff to prevent XSS attacks
Improvements
~~~~~~~~~~~~
- Update django-extensions from 3.2.0 to 3.2.1
- Update jira from 3.4.0 to 3.4.1
- Update psycopg2 from 2.9.3 to 2.9.5
- Update pygithub from 1.55 to 1.57
- Update python-gitlab from 3.9.0 to 3.11.0
- Update tzdata from 2022.2 to 2022.6
- Container is now built on top of Red Hat Enteroprise Linux 9 and Python 3.9
.. warning::
There is high risk of breaking downstream containers. Pay attention to
bind-mounted settings files. Inspect downstream Dockerfile & docker-compose.yml
files !!!
- Unify some translation strings
- Document add-on issue tracker integrations
- Rename Properties to Parameters because "test case parameters" is
more widely used
Bug fixes
~~~~~~~~~
- ``JIRA.get_issue_type_from_jira()`` now accepts a second argument. Fixes
`Issue 2929 <https://github.com/kiwitcms/Kiwi/issues/2929>`_ (cmbahadir)
- Fix typo in documentation (Christian Clauss)
- Trim white-space after splitting parameter values. For example the inputs
'OS=Linux' and 'OS = Windows ' will result in
Key: 'OS', Values: ['Linux', 'Windows']
Refactoring and testing
~~~~~~~~~~~~~~~~~~~~~~~
- Update Fedora from 32 to 36 in /tests/bugzilla
- Remove Travis CI config b/c we don't use it anymore
- Add Coverity Scan as a GitHub action
- Don't scan devel dependencies with Coverity Scan
- Redirect to where we came from in case posting a comment results in invalid
form
- Configure Dependabot to update Docker containers and try tightening security
around docker containers used during testing
- Use npm audit fix to automatically update some Node.js dependecies
- Execute ``npm audit signatures`` when installing Node.js packages
- Start using ``find_namespace_packages()`` to resolve
'Package would be ignored' warnings from setuptools
- Add missing field in ``setup()`` to avoid a warning
Translations
~~~~~~~~~~~~
- Updated `Chinese Simplified translation <https://crowdin.com/project/kiwitcms/zh-CN#>`_
- Updated `Chinese Traditional translation <https://crowdin.com/project/kiwitcms/zh-TW#>`_
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr#>`_
- Updated `German translation <https://crowdin.com/project/kiwitcms/de#>`_
- Updated `Slovak translation <https://crowdin.com/project/kiwitcms/sk#>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl#>`_
Kiwi TCMS 11.5 (06 Sep 2022)
----------------------------
.. important::
This is a small release which contains several improvements, bug fixes
and new translations!
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)
After upgrade don't forget to::
./manage.py upgrade
Improvements
~~~~~~~~~~~~
- Update jira from 3.3.1 to 3.4.0
- Update pygments from 2.12.0 to 2.13.0
- Update python-gitlab from 3.7.0 to 3.9.0
- Update tzdata from 2022.1 to 2022.2
- Add Product drop down field in Build admin page. Closes
`Issue 2818 <https://github.com/kiwitcms/Kiwi/issues/2818>`_
- Add 'prune' argument required for Django 4.1 compatibility
- Improve documentation around ``DEFAULT_GROUPS``
- Update docs about language preferences and add a Change language menu item. Closes
`Issue 2901 <https://github.com/kiwitcms/Kiwi/issues/2901>`_,
`Issue 2902 <https://github.com/kiwitcms/Kiwi/issues/2902>`_,
`Issue 2903 <https://github.com/kiwitcms/Kiwi/issues/2903>`_
- Performance improvement for Status matrix telemetry
- Performance improvement for Execution trends telemetry
- Display a spinner widget while telemetry data is still loading. Closes
`Issue 1801 <https://github.com/kiwitcms/Kiwi/issues/1801>`_
Bug fixes
~~~~~~~~~
- Fix error ``Jquery deferred: No length property of null object`` (cmbahadir)
Refactoring and testing
~~~~~~~~~~~~~~~~~~~~~~~
- Add test for ``AnonymousViewBackend`` & ``auth.`` permissions
- Exclude ``auth.view_`` permissions from ``AnonymousViewBackend``
- Specify 30 seconds timeout for internal requests via the requests library
Translations
~~~~~~~~~~~~
- Updated `Chinese Simplified translation <https://crowdin.com/project/kiwitcms/zh-CN#>`_
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr#>`_
- Updated `Polish translation <https://crowdin.com/project/kiwitcms/pl#>`_
- Updated `Russian translation <https://crowdin.com/project/kiwitcms/ru#>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl#>`_
Kiwi TCMS 11.4 (03 Aug 2022)
----------------------------
.. important::
This is a medium sized release which contains security related updates,
multiple improvements, database and API changes, new settings, bug fixes
and new translations!
Supported upgrade paths::
5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)
After upgrade don't forget to::
./manage.py upgrade
Security
~~~~~~~~
- Update django from 4.0.3 to 4.0.7, see
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application