Tuleap 17.1 turns up the heat on the Burning Parrot makeover: cleaner, sharper, and more consistent screens across Tracker, Git, and Document. With the MediaWiki 1.43 LTS upgrade, the removal of legacy services, and 41 fixes including key security updates, this release keeps Tuleap moving forward.
The Grand Burning Parrot Migration
Visual Overhaul and Theme Alignment
We continue our journey to align the visual theme and improve consistency across Tuleap. No functional changes have been introduced, but the interface is becoming progressively more cohesive. Below, you'll find screenshots of the migrated pages and a list of all updated screens in version 17.1.
Tracker
Updated sections:
Administration tracker
Semantics (velocity)
Permissions (tracker & fields)
Workflow (field dependencies, global rules, triggers, webhooks)
Administration (general settings, tracker hierarchy, canned responses)
Document
Updated sections:
Git
Updated sections:
Service administration (gerrit, administrators, pull request templates, access control templates, jenkins)
Repository settings (fork, access control, webhooks)
Other Burning Parrotifications
Legacy MediaWiki (if you still use it, you should migrate to MediaWiki Standalone)
Subversion (notifications, repository display)
Backlog (configuration schedules, configuration charts)
MediaWiki upgrade to 1.43
We bumped "MediaWiki Standalone" to the latest LTS version. This update includes numerous improvements across MediaWiki and its key extensions. For details, see the release notes for 1.40, 1.41, 1.42 & 1.43 release notes.
Highlight:
Improved Edit Recovery (from version 1.42): Quickly restore unsaved edits when returning to the editing interface, protecting against browser crashes, accidental navigation, and other disruptions.
Removal of Legacy Services
As announced, we are cleaning-up the legacy services. In Tuleap 17.1, the following are gone:
Tracker v3
Project links plugin
Tracker v3 date reminder
Bugs and requests
During the 17.1 release cycle, 41 requests were implemented. Bugs and security fixes have already been backported to Tuleap Enterprise builds. You will find below a detailed list of fixes. The most notable ones are in bold.
Security
#45583 FRS project administrator can access releases in all projects – CVE-2025-64497 – High
#45593 Missing CSRF protections when updating tracker general settings – CVE-2025-64498 – Moderate
#45592 Missing CSRF protections on planning management – CVE-2025-64499 – Moderate
#45618 Missing CSRF protections in the management of tracker triggers – CVE-2025-64760 – Moderate
#45632 Missing CSRF protections in tracker field dependencies – CVE-2025-65962 – Moderate
Tracker
Test Management
Document
File releases system
#45589 Cancel button on FRS package creation form should not submit the form
#45584 Unnamed FRS package
#45585 table overflow on release files table
A Tracker is a tool for tracking a type of information that allows you to create, manage and track a set of artifacts that share the same nature.