Kiwi TCMS 6.5.3 (11 Feb 2019)

IMPORTANT: this is a security, improvement and bug-fix update that includes new
versions of Django, includes several database migrations and fixes several bugs.

Security

- Update Django from 2.1.5 to 2.1.7. Fixes CVE-2019-6975:
  Memory exhaustion in ``django.utils.numberformat.format()``


Improvements

• Update mysqlclient from 1.4.1 to 1.4.2
• Multiple template strings marked as translatable (Christophe CHAUVET)

Database migrations

- Email notifications for TestPlan and TestCase now default to True
- Remove ``TestPlanEmailSettings.is_active`` field


API
~~~

- New method ``Bug.report()``, References
  `Issue #18 <https://github.com/kiwitcms/Kiwi/issues/18>`_
- Method ``Bug.create()`` now accepts parameter ``auto_report=False``


Translations
~~~~~~~~~~~~

- Updated `German translation <https://crowdin.com/project/kiwitcms/de#>`_
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr#>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl#>`_


Bug fixes
~~~~~~~~~

- Show the user who actually tested a TestCase instead of hard-coded value. Fixes
  `Issue #765 <https://github.com/kiwitcms/Kiwi/issues/765>`_
- Properly handle pagination button states and page numbers. Fixes
  `Issue #767 <https://github.com/kiwitcms/Kiwi/issues/767>`_
- Add TestCase to TestPlan if creating from inside a TestPlan. Fixes
  `Issue #777 <https://github.com/kiwitcms/Kiwi/issues/777>`_
- Made TestCase text more readable. Fixes
  `Issue #764 <https://github.com/kiwitcms/Kiwi/issues/764>`_
- Include missing templates and static files from PyPI tarball


Refactoring
~~~~~~~~~~~

- Use ``find_packages()`` when building PyPI tarball
- Install Kiwi TCMS as tarball package inside Docker image instead of copying
  from the source directory
- Pylint fixes
- Remove ``testcases.views.ReturnActions()`` which is now unused
- Refactor New TestCase to class-based view and add tests

Kiwi TCMS 6.5 (1 Feb 2019)

We are celebrating 10 years of open source history at FOSDEM, Brussels!

IMPORTANT: this is a minor security, improvement and bug-fix update that includes new
versions of Django and other dependencies, removes some database fields,
includes backend API updates and fixes several bugs.

Together with this release we announce:

• kiwitcms-tap-plugin <https://github.com/kiwitcms/tap-plugin>_ : for reading
  Test Anything Protocol (TAP) files and uploading the results to Kiwi TCMS
• kiwitcms-junit.xml-plugin <https://github.com/kiwitcms/junit.xml-plugin>_ :
  for reading junit.xml formatted files and uploading the results to Kiwi TCMS

Both of these are implemented in Python and should work on standard TAP and
junit.xml files generated by various tools!

Additionally 3 more plugins are currently under development by contributors:

• Native JUnit 5 plugin <https://github.com/kiwitcms/junit-plugin/>_ written
  in Java
• Native PHPUnit <https://github.com/kiwitcms/phpunit-plugin/>_ written
  in PHP
• py.test plugin <https://github.com/kiwitcms/pytest-plugin/>_

Supported upgrade paths::

5.3   (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1            -> 6.1
6.1              -> 6.1.1
6.1.1            -> 6.2 (or newer)

After upgrade don't forget to::

./manage.py migrate

Security

- Better override of SimpleMDE markdown rendering to prevent XSS vulnerabilities
  in SimpleMDE


Improvements

• Update patternfly to version 3.59.1

• Update bleach from 3.0.2 to 3.1.0

• Update django-vinaigrette from 1.1.1 to 1.2.0

• Update django-simple-history from 2.6.0 to 2.7.0

• Update django-grappelli from 2.12.1 to 2.12.2

• Update mysqlclient from 1.3.14 to 1.4.1

• Update psycopg2 from 2.7.6.1 to 2.7.7

• Update pygithub from 1.43.4 to 1.43.5

• Convert TestCase page to Patternfly

  • page menu is under ... in navigation bar
  • Test plans card is missing the old 'add plan' functionality b/c we are not
    at all sure if adding plans to test cases is used at all. Can bring it back
    upon user request!
  • Bugs card is missing the add/remove functionality for b/c we are not
    quite sure how that functionality is used outside test runs!

• Convert new TestCase page to Patternfly and provide Given-When-Then text
  template. This prompts the author to use a BDD style definition for their
  scenarios. We believe this puts the tester into a frame of mind more
  suitable for expressing what needs to be tested

• Add a favicon. Fixes
  Issue #532 <https://github.com/kiwitcms/Kiwi/issues/532>_

• Sort Component, Product and Version objects alphabetically. Fixes
  Issue #633 <https://github.com/kiwitcms/Kiwi/issues/633>_

• Search test case page now shows Components and Tags

• Search test case page now allows filtering by date. Fixes
  Issue #715 <https://github.com/kiwitcms/Kiwi/issues/715>_

• Search test case page now uses radio buttons to filter by automation status

• Small performance improvement when searching test plans and test cases

• Search test run page now allows to filter by Product but still continue to
  display all Builds in the selected Product

• Updated doc-string formatting for some tcms modules

Database migrations

**Known issues:** on our demo installation we have observed that permission
labels were skewed after applying migrations. The symptom is that labels for
removed models are still available, labels for some models may have been removed
from groups/users or there could be permission labels appearing twice in the
database.

This may affect only existing installations, new installations do not have
this problem!

We are not certain what caused this but a quick fix is to remove all permissions
from the default *Tester* group and re-add them again!

- Remove ``TestCase.alias``
- Remove ``TestCaseRun.running_date``
- Remove ``TestCaseRun.notes``
- Remove ``TestCase.is_automated_proposed``
- Remove ``TestCaseText`` model, merge into ``TestCase.text`` field. Closes
  `Issue #198 <https://github.com/kiwitcms/Kiwi/issues/198>`_
- Remove ``Priority.sortkey``
- Remove ``Build.description``
- Remove ``Classification.sortkey`` and ``Classification.description``
- Convert ``TestCase.is_automated`` from ``int`` to ``bool``
- Rename ``TestCaseRun.case_run_status`` to ``status``


API
~~~

- New method ``TestCaseRunStatus.filter()``
- New method ``Product.create()``
- New method ``Classification.filter()``
- New method ``BugSystem.filter()``
- Changes to ``TestCase.add_component()``:

  - now accepts component name instead of id
  - now fails if trying to add components linked to another Product.
  - now returns serialized ``TestCase`` object


Translations
~~~~~~~~~~~~

- Updated `French translation <https://crowdin.com/project/kiwitcms/fr#>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl#>`_


Bug fixes
~~~~~~~~~

- Fix for missing migrations from ``django-simple-history``, see
  `DSH #512 <https://github.com/treyhunner/django-simple-history/issues/512>`_ and
  `StackOverflow #54177838 <https://stackoverflow.com/questions/54177838/>`_
- Fix cloning of test cases by surrounding bootstrap-selectpicker call with
  ``try-catch``. Fixes
  `Issue #695 <https://github.com/kiwitcms/Kiwi/issues/695>`_
- Fix a traceback with TestRun report page when the RPC connection to Bugzilla
  can't be established


Refactoring
~~~~~~~~~~~

- Remove unused form classes, methods, fields and label attributes
- Remove unused or duplicate methods from ``TestCase`` model
- Remove useless methods from BaseCaseForm()
- Add test for discovering missing migrations
- Add test for sanity checking PyPI packages which will always
  build tarball and wheel packages

Kiwi TCMS 6.4 (7 Jan 2019)

IMPORTANT: this is a security, improvement and bug-fix update that includes new
versions of Django, Patternfly and other dependencies.

Supported upgrade paths::

5.3   (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1            -> 6.1
6.1              -> 6.1.1
6.1.1            -> 6.2 (or newer)

After upgrade don't forget to::

./manage.py migrate

Security

- Update Django from 2.1.4 to 2.1.5, which deals with CVE-2019-3498:
  Content spoofing possibility in the default 404 page
- Update Patternfly to version 3.59.0, which deals with XSS issue in bootstrap.
  See CVE-2018-14041
- By default session cookies will expire after 24 hours. This can be controlled
  via the ``SESSION_COOKIE_AGE`` setting. Fixes
  `Issue #556 <https://github.com/kiwitcms/Kiwi/issues/556>`_


Improvements

• Update mysqlclient from 1.3.13 to 1.3.14
• Update python-gitlab from 1.6.0 to 1.7.0
• Update django-simple-history from 2.5.1 to 2.6.0
• Update pygithub from 1.43.3 to 1.43.4
• New API method TestCase.remove(). Initially requested as
  SO #53844380 <https://stackoverflow.com/questions/53844380/>_
• Drop down select widges in Patternfly pages are now styled with
  bootstrap-select giving them more consistent look and feel with
  the rest of the page (Anton Sankov)
• Create new TestPlan page now includes toggles to control notifications
  and whether or not the test plan is active. This was previously available
  only in edit page (Anton Sankov)
• By default TestPlan notification toggles are turned on. Previously they
  were off (Anton Sankov)
• Create and Edit TestPlan pages now look the same (Anton Sankov)
• Kiwi TCMS is now accepting donations via
  Open Collective <https://opencollective.com/kiwitcms>_

Removed functionality

- Remove ``TestPlan page -> Run menu -> Add cases to run`` action.
  This is the same as ``TestRun page -> Cases menu -> Add`` action
- Legacy reports will be removed after 1st March 2019. Provide your
  feedback in
  `Issue #657 <https://github.com/kiwitcms/Kiwi/issues/657>`_
- The ``/run/`` URL path has been merged with ``/runs/`` due to configuration
  refactoring. This may break your bookmarks or permalinks!


Bug fixes
~~~~~~~~~

- Don't traceback if markdown text is ``None``. Originally reported as
  `SO #53662887 <https://stackoverflow.com/questions/53662887/>`_
- Show loading spinner when searching. Fixes
  `Issue #653 <https://github.com/kiwitcms/Kiwi/issues/653>`_
- Quick fix: when viewing TestPlan cases make TC summary link to the test case.
  Previously the summary column was a link to nowhere.


Translations
~~~~~~~~~~~~

- Updated `Chinese Traditional translation <https://crowdin.com/project/kiwitcms/zh-TW#>`_
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr#>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl#>`_


Refactoring
~~~~~~~~~~~

- New and updated internal linters
- Refactor ``testplans.views.new`` to class based view (Anton Sankov)
- Refactor ``TestCase -> Bugs tab -> Remove`` to JSON-RPC. References
  `Issue #18 <https://github.com/kiwitcms/Kiwi/issues/18>`_
- Refactor ``removeCaseRunBug()`` to JSON-RPC, References
  `Issue #18 <https://github.com/kiwitcms/Kiwi/issues/18>`_
- Remove unused ``render_form()`` methods
- Remove unnecessary string-to-int conversion (Ivaylo Ivanov)
- Remove obsolete label fields. References
  `Issue #652 <https://github.com/kiwitcms/Kiwi/issues/652>`_ (Anton Sankov)
- Pylint fixes
- Remove JavaScript that duplicates ``requestOperationUponFilteredCases()``
- Remove ``QuerySetIterationProxy`` class - not used anymore

Kiwi TCMS 6.3 (4 Dec 2018) - Heisenbug Edition

IMPORTANT: this is a medium severity security update that includes new versions
of Django and Patternfly, new database migrations, lots of improvements, bug fixes
and internal refactoring.

Supported upgrade paths::

5.3   (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1            -> 6.1
6.1              -> 6.1.1
6.1.1            -> 6.2 (or newer)

After upgrade don't forget to::

./manage.py migrate

Security

- Resolve medium severity XSS vulnerability which can be exploited when
  previewing malicious text in Simple MDE editor. See
  `CVE-2018-19057 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19057>`_,
  `SNYK-JS-SIMPLEMDE-72570 <https://snyk.io/vuln/SNYK-JS-SIMPLEMDE-72570>`_
- Use ``mozilla/bleach`` before rendering Markdown to the user as a second layer
  of protection against the previously mentioned XSS vulnerability.


Improvements

• Update to Django 2.1.4 <https://docs.djangoproject.com/en/2.1/releases/2.1.4/>_
• Update to Patternfly 3.58.0 <https://github.com/patternfly/patternfly/releases>_
• Make docker container restartable (Maik Opitz, Adam Hall)
• Add GitLab issue tracker integration. Fixes
  Issue #176 <https://github.com/kiwitcms/Kiwi/issues/176>_
  (Filipe Arruda, Federal Institute of Pernambuco)
• Convert Create new TestPlan page to Patternfly (Anton Sankov)
• Upon successfull registration show the list of super-users in case new
  accounts must be activated manually. This can be the same or expanded
  version of the addresses in the ADMIN setting. Include super-users
  in email notifications sent via tcms.signals.notify_admins().
• Don't include admin/js/*.js files in templates when not
  necessary. Results in faster page load. Fixes
  Issue #209 <https://github.com/kiwitcms/Kiwi/issues/209>_
• Enable nl2br Markdown extension which allows newline characters
  to be rendered as <br> tags in HTML. Visually the rendered
  text will look closer to what you seen in the text editor. Fixes
  Issue #623 <https://github.com/kiwitcms/Kiwi/issues/623>_
• Use auto-complete for adding components to TestCase

Removed functionality

- Bulk-update of Category for selected TestCase(s) inside of
  TestPlan
- Bulk-update of Components for selected TestCase(s) inside of
  TestPlan
- Bulk-update of automated status for selected TestCase(s) inside of
  TestPlan
- Bulk-remove for TestCase Component tab

These actions have always been a bit broken and didn't check the
correct permission labels. You can still update items idividually!

- Selection of Components when creating new TestCase. Closes
  `Issue #565 <https://github.com/kiwitcms/Kiwi/issues/565>`_.
  Everywhere else Kiwi TCMS doesn't allow selection of many-to-many
  relationships when creating or editing objects. Tags, Bugs, Components,
  TestPlans can be added via dedicated tabs once the object has been saved.


Bug fixes
~~~~~~~~~

- Hide ``KiwiUserAdmin.password`` field from super-user. Fixes
  `Issue #610 <https://github.com/kiwitcms/Kiwi/issues/610>`_
- Don't show inactive Priority. Fixes
  `Issue #637 <https://github.com/kiwitcms/Kiwi/issues/637>`_
- Don't traceback when adding new users via Admin. Fixes
  `Issue #642 <https://github.com/kiwitcms/Kiwi/issues/642>`_
- Teach ``TestRun.update()`` API method to process the ``stop_date``
  field. Fixes
  `Issue #554 <https://github.com/kiwitcms/Kiwi/issues/554>`_ (Anton Sankov)
- Previously when reporting issues to Bugzilla, directly from a TestRun,
  Kiwi TCMS displayed the error ``Enable reporting to this Issue Tracker by
  configuring its base_url`` although that has already been configured.
  This is now fixed. See
  `Stack Overflow #53434949 <https://stackoverflow.com/questions/53434949/>`_


Database
~~~~~~~~

- Remove ``TestPlan.owner`` field, duplicates ``TestPlan.author``


Translations
~~~~~~~~~~~~

- Updated `French translation <https://crowdin.com/project/kiwitcms/fr#>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl#>`_


Refactoring
~~~~~~~~~~~

- Remove ``fmt_queries()``. Fixes
  `Issue #330 <https://github.com/kiwitcms/Kiwi/issues/330>`_ (Anton Sankov)
- Remove unused parameter from ``plan_from_request_or_none()``. Refers to
  `Issue #303 <https://github.com/kiwitcms/Kiwi/issues/303>`_ (Anton Sankov)
- Remove ``ComponentActions()`` class. Fixes
  `Issue #20 <https://github.com/kiwitcms/Kiwi/issues/20>`_
- Convert lots of AJAX calls to JSON-RPC
- Remove lots of unused Python, JavaScript and templates. Both after migration
  to JSON RPC and other leftovers
- Pylint fixes (Alexander Todorov, Anton Sankov)