Manager 9.8.3-2 Patch Release Notes

Module API security fix

In response to the below Module API security fix #35067, we have updated the following API's which enhances security to view/retrieve responses from Projects and requires users to have appropriate Project level-permissions.

Therefore, from 9.8.8 and going forward, users will require Project-level permissions for any API and UI actions unless the API is specifically at the Site-level and does not target a specific Project.

  1. Module:

    • Get Modules: /api/v3/projects/projectId/modules

    • Get a Module: qtestUrl/api/v3/projects/projectId/modules/moduleId

      • Permission: Requirement and Test Design Tree

  2. Test Execution:

    • qtestUrl/api/v3/projects/projectId/test-runs/execution-statuses

      • Permission: View Test Run

  3. Link Objects:

    • Remove link objects - Success with link between build and requirements

    • qtestUrl/api/v3/projects/projectId/builds/newBuildId1/link?type=requirements

      Permission Notes:

      • Build: support requirement

        • Permission: Edit Release\Build + View Requirements

      • Release: support requirement

        • Permission: Edit Release/Build + View Requirements

      • Requirement: support Test Case

        • Permission: Edit Requirement + View Test Cases

      • Test Logs: support Defects

        • Permission: Edit Test Run

      • Test Step Logs: Defects

        • Permission: Edit Test Run

  4. Custom fields:

    • Get fields: /api/v3/projects/projectId/settings/{objectType}/fields

      • Create custom field: ( release / build / requirement / test case / test suite / test run / defect/api/v3/projects/projectId/settings/objectType/fields

      • Update system field: /api/v3/projects/projectId/settings/defects/system-fields/6421

        • Permission: Manage Field Settings

Additionally, the Automation Integration APIs listed below will also be affected with this change and users will need "Automation Schedules" Project-level permissions for the associated {projectId}:

  1. Create an Automation Agent

    • POST /api/v3/projects/{projectId}/automation/hosts/{host_server_id}/agents

  2. Update an Automation Agent

    • PUT /api/v3/projects/{projectId}/automation/hosts/{host_server_id}/agents/{agent_server_id}

  3. Delete an Automation Agent

    • DEL /api/v3/projects/{projectId}/automation/hosts/{host_server_id}/agents/{agent_server_id}

  4. Activate an Automation Agent

    • POST/api/v3/projects/{projectId}/automation/hosts/{host_server_Id}/agents/{agent_server_id}/activate

  5. Deactivate an Automation Agent

    • POST /api/v3/projects/{projectId}/automation/hosts/{host_server_Id}/agents/{agent_server_id}/deactivate

  6. Update a Job’s Status

    • PUT /api/v3/projects/{projectId}/automation/jobs/{job_id}/status

Data Query with JIRA fields

In response to PIR-154, the "Data Query with JIRA fields" enhancement that was released with Manager 9.8 has been modified to reduce the number of database connections. The following changes are applied to the Requirement Data Query:

The "JIRA ID" field has been replaced with the "External ID" field.

In the Criteria drop-down, the "JIRA Issue Type" field has been replaced with the "External Object Type" field. However, users will still see “JIRA Issue Type” in Customize View, Query Results grid and Export.

If there are any saved queries that used the "JIRA ID" or "JIRA Issue Type" fields before, they will be changed automatically without any effect on the query result. The user will also see "External ID" and "External Object Type" in Customize View, Query Results grid, and Export.

JIRA Integration

Atlassian API changes affected the JIRA integration and some users could not create new defects from qTest to Jira nor could they save the JIRA connection. Error messages were received when saving the connection "Connection failed. Permissions queries data is required". Issue types linked to JIRA were not visible from the Integration Settings page. This is resolved.