Archive for the 'Uncategorized' Category

How much do YOU know about Tigris?

This year, Tigris.Org celebrates its 10th anniversary. It’s been a long and interesting time!

How much do you know about Tigris.Org? For instance, which are the busiest projects here? Take a shot at the new poll, over to the right. The answer will be revealed next Monday!

Tigris upgrade/patch to (patch 4)

Update (11 May 2020 14:11) Tigris is back up and ready for full service. Thank you for your patience.

Update (11 May 2010 13:30) Tigris is now down. Expect it back up in an hour or so.

Tigris will be down for upgrade to CollabNet Enterprise Edition version on May 11, beginning at 13:00 PDT.

Changes in this upgrade include:

  • Fix for artf64160: spam leaking into lists
  • Fix for artf63648: The domain level CAPTCHA setting not overriding the forum level CAPTCHA setting, allowing web-posted spam
  • Fix for artf53786: Files uploaded in the docs and files section with blank space or special characters in the name were not downloading properly in IE.
  • Fix for artf54006: IZ screens for Japanese locale showed garbled characters.
  • Fix for artf54459: mass-add users to project
  • Fix for artf63424, artf63426: improve scaling of Project Tracker
  • Fix for artf52858: some Project Content Editor pages were showing HTML source instead of rendered pages. (A hot fix for this problem was already in place; this is the permanent fix.)

Maintenance window reschedule

Due to production delays, we will not be performing the maintenance originally scheduled for the evening of April 28 (Pacific Daylight Time). The work will be rescheduled into some time in the next two weeks.

Please follow this blog, or the “announce” list at, for updates.

Tigris maintenance, 9:30pm April 28

There will be a brief (1 hour) maintenance window beginning at 9:30pm PDT on April 28, 2010, to install recently discovered security / spam fixes.

This maintenance will install CEE 5.3 patch 4, which includes:

  • Security: close several cross-site scripting vulnerabilities
  • Security: restore CAPTCHA domain-level overrides (previously hot-fixed)
  • Administration: mass-add of users sometimes fails
  • Performance: enhanced concurrency in Project Tracker (Scarab)
  • Downloads: files with names containing certain characters don’t download properly in Internet Explorer
  • Localization: some Issue Tracker pages garbled in some locales

New stuff at Tigris: Managing those approval queues

Now that our upgrade’s complete, what did we get?

Here’s one thing that should interest all discussion list maintainers: your Pending Approval page just got more manageable, in two ways. The heart of the matter is, if you don’t act on a moderation request within a month, then the request is deleted entirely, automatically. No more eternally-growing spam lists to paw through for the occasional legitimate post.

If you’ve been in the habit of just ignoring this page entirely, then you can stop feeling guilty (you were, right?). These silly things are no longer bloating the database and slowing performance for everyone.

If, on the other hand, you’ve been in the habit of cleaning this stuff out occasionally, or hunting through it for legitimate requests to approve, then rejoice! The list is now in control.

Are you a list moderator, and don’t know what I’m talking about? Visit your project Discussions page (the one that lists the various discussion fora), and check the left navigation bar. You should see a “Project tools” section, including a “Discussions”  link. If you’re a list moderator for any list in this project, there should be a “Pending approval” category below there. Click that.

If you don’t find these links in your left nav, the Project Owner (who, of course, may also be you) has probably customized them away. There’s a check box for that, in the “Edit project -> Tool configuration” page, or some projects have made extensive HTML customizations that completely override these links. If  checking “Project tool links” doesn’t enable these links (or, if it conflicts too heavily with your re-HTML-ization), then make a book mark or something to


Getting rid of that spam

If you moderate a mail list on Tigris, you may have noticed an increase in moderation requests for irrelevant junk. Here’s what you can do about that immediately, what we’re doing about it quick-as-we-can, and a little explanation in case you’re still reading by then.

What you can do

  1. Visit the “Edit discussion” page for each afflicted list.
  2. Find the “Web post CAPTCHA” section, about half way down.
  3. Change the setting from “No CAPTCHA” to “Anonymous web posts only.”
  4. [Save changes] (way at the bottom)

What’s broken

While you were changing that setting, you probably noticed a note:

This option will be overridden to “Anonymous web posts only” as “Force CAPTCHA for unregistered users” is set at the domain configuration.

Therein lies the bug: the global override isn’t happening. This was working just fine before the upgrade, implemented as a “hot fix” for the site. The “hot fix” seems to be missing, or failing, with the new upgraded site.

What we’re doing

Still working on that, but we’ll get it fixed as soon as possible. Tune in to the list, or here, for information as it happens.

Upgrade complete; back in service

The upgrade of Tigris.Org is complete, and the system is back in service.

Please report any problems to if at all possible. Of course, if it goes down, that won’t work, so feel free to tweet @tigrisdotorg, or add a comment here instead.

Tigris stage testing: hurry, hurry: only a few bugs left!

Have you found your bug in the Tigris stage site? Many brave souls have already dared the waters, yet not a one has identified a single problem! Could you be the first? Find out today! Log in to the staged version of your favorite Tigris project at Send bugs, complaints, and ecstatic praise to

Instructions and known problems were posted last week.

Unless some clever tester finds some major problem, we’ll be upgrading the real Tigris to this software version soon. We’re planning a weekend upgrade, either the weekend of March 26, or April 3. More on that as details develop.

Tigris.Org Update Update

Due to an additional problem discovered in the Subversion support of the new release, the Tigris upgrade to CEE 5.3 has been delayed a few days. The new schedule is:

Update stage to patch 3 1d  Wed 2/24/10 Wed 2/24/10
QA testing              5d  Thu 2/25/10 Wed 3/3/10
Community testing      10d  Thu 3/4/10  Wed 3/17/10
Production upgrade      1d  Fri 3/19/10 Fri 3/19/10

Permissions changes on Tigris.Org

Due to widespread defacement of project wikis, we have been forced to tighten security on Tigris.Org a bit. As of yesterday, users who are merely “Observers” in a project are no longer able to edit wiki pages. Project Owners who still want to grant widespread edit rights may add the new “Wiki Contributor” role along with “Observer,” to get the same permissions as before.

Why did we do this?
Well, you know … spam!

Over the last month or so, many projects have seen a rise in defacement of their wikis, by users with various fanciful names.

But Wikipedia isn’t so restrictive!

That’s true (though they’ve become somewhat stricter of late, and that trend may continue). But Wikipedia is a single wiki, with thousands of editors watching for this sort of thing. Tigris, on the other hand, is thousands of separate wikis, many with no editors actively watching them at all. The policies of each project are the responsibility of the Project Owner; central oversight and policy only comes into play at times like these, when there is widespread and unambiguous abuse.

How bad is it?

The defacements we’ve found to date are commercial / “warez” level spam, advertising businesses, some of whom have a less-than-obvious legal position, but none of which are pornographic or violent or otherwise deeply offensive. Similarly, we have not found any cases where the legitimate content of the wiki was damaged, only links to off-site web servers were added.

What can we do to clean up?

Every Project Owner should take a look over their project wiki for defacement. If it’s found, you’ll want to remove it; the “Page Information” link will be a handy way to do that. Page Information will also show you the user names of the culprits. You might want to rescind their membership in your project (although the security change I’ve mentioned here should be enough to prevent further defacement by Observer members).

tigrisdotorg on Twitter

RSS Announcements mail list

  • An error has occurred; the feed is probably down. Try again later.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 179 other followers

Tigris.Org is powered, hosted, and managed by CollabNet, Inc.

Tigris.Org is powered, hosted, and managed by CollabNet, Inc.