Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2019-04-22: Flyspray 1.0-rc9 released See

ID  descCategoryTask TypeSeveritySummaryStatusProgressAssigned ToDue In VersionOpenedLast Edited
2554User InterfaceTODOLowkeyboard shortcuts help box should adapt to current pag...New
06.06.201906.06.2019 Task Description

The shortcuts help infobox should adapt to the current page type.

So when in editing a task for instance, the n (next task) and p (previous task) shortcuts are not available for a good reason. Listing them there with same priority as other keys then is not helpful.

The simpliest solution is probably putting some if-statements depending on the $do variable into CleanFS/templates/shortcuts.tpl ..

2553User InterfaceTODOLowintelligent accesskey shortcut helper dependent of OS, ...New
06.06.201906.06.2019 Task Description

The HTML accesskey attribute feature is differently accessible dependent of operating system, web browser and web browser configuration, and users keyboard layout and user language.

By taking advantage of the User-Agent HTTP header value provided by default by web browsers, Flyspray could better know of what kind of keyboard and browser the user sits in front off and show the key combinations for the accesskey feature that best fits the users environment.

2552EmailBug ReportHighEmail TLS error (was 'Mail Adress encryption')Unconfirmed
130.05.201931.05.2019 Task Description

Official release

Steps done to create the problem:
Insert correct (tested with gmail) data into the notification tab and click on “Test”

SSL and TLS are checked.

Expected behavior:
Send test email and confirm it.

Experienced behavior:
Following error message

Error message:
Warning: stream_socket_enable_crypto(): Peer certificate CN=`*’ did not match expected CN=`mail*’ in /var/www/vhosts/**/flyspray/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php on line 103 Completely unexpected exception: Unable to connect with TLS encryption
This should never happend, please inform Flyspray Developers

2551User InterfaceInformationLowLDAP/AD intergrationUnconfirmed
115.05.201915.05.2019 Task Description


Please advise if there are known issues when integrating Flyspray with Active Directory using LDAP.

2550EmailBug ReportLowException handling sending email notificationUnconfirmed
06.05.201906.05.2019 Task Description

Someone reported this:

Today i tried to report an issue about xxx on the xxx (namely xxx) and the following error message has been displayed:
Completely unexpected exception: Expected response code 250 but got code “451”, with message “451 Error in writing spool file "
This should never happend, please inform Flyspray Developers
The issue itself has been created though.
2549User InterfaceBug ReportLowOauth register template always shows "Username already ...Unconfirmed
06.05.201906.05.2019 Task Description

RC9 running on CentOS LAMP stack

Steps done to create the problem:
Set up google as an oauth provider.
Have a user click “Sign in with Google” in the login box.
User connects their account with Flyspray.
Google redirects the user back to Flyspray
The return screen (on flyspray) asks for a username.

Expected behavior:
No warning about duplicate username should be shown on initial page load since no username was entered yet

Experienced behavior:
A warning about the username being already taken is shown.

It appears there is no logic for showing or hiding that warning in register.oauth.tpl

(It would be great if flyspray was able to just use the email as a username to make the UX even better/simpler.)

2548User InterfaceFeature RequestLowCSS grid layout for task details page typeNew
05.05.201905.05.2019 Task Description

Layouts from 320 pixel mobile portrait, tablet sizes and up to 4k monitor landscape mode using

@media queries

Mockups required not only for different sizes, but also different project configurations, user permissions, and task relations.

Should look ok whatever project configuration is done or how weird a task description is.

On wider screens the comments could be beside the task description for instance.
Or some tabs or menus could be shown directly instead of grouping in the tabs.

2545User InterfaceInformationLowCan't delete system wide 'Task Statuses'Unconfirmed
320.04.201905.05.2019 Task Description

From the ‘Task Statuses’ menu, when in the global project, the ‘delete’ cases are grayed out, preventing me from deleting them.

This is a problem for me because I would like to only have project specific statuses and I would like to name one of those statuses ‘Assigned’.

For now, I got around it renaming the system wide ‘Assigned’ status.

2544EmailBug ReportLowError when registering new accountUnconfirmed
123.03.201923.03.2019 Task Description

I installed the developer edition.

mysql Ver 14.14 Distrib 5.7.25, for Linux
PHP 7.2.15-0ubuntu0.18.04.1
Ubuntu 18.04.2

Admin settings → Allow users to register and send conf. email.

I DID set up email settings thru google and sent a test email. it did work.

After logging out, I tried to register a new account. I filled in details and got the following error:
Completely unexpected exception: Expected response code 250 but got code “530”, with message “530 5.7.0 Must issue a STARTTLS command first. u13sm3937813iog.80 - gsmtp "
This should never happend, please inform Flyspray Developers

Obviously, the confirmation email was never sent.

I am going to try to manually add a new user. Will update with outcome.

2536Backend/CoreFeature RequestMediumstore session in Flyspray databaseNew
221.01.201915.03.2019 Task Description

Currently the sessions are stored by the webservers default settings.

Having this sessions under control by Flyspray by storing it in the database has following advantages:

  1. Allows handling of all sessions of a user by Flyspray.
  2. Providing a session management for each user. The user can see on which devices he is currently logged in and could also force a logout on selective devices.
  3. A forced logoff of all or some user sessions is easy implementable for admins.
  4. Statistics about how many users and who is logged in. (user status: hide always, online, offline, do not disturb, ..)
  5. Could make onpage-notifications easier to implement.
  6. .. ?


  1. A potential unknown security bug in Flyspray that could lead to reading a session db table could leak informations like who is currently online/active and make further attacks more focused or makes session takeover easier.
  2. .. ?
2535Backend/CoreFeature RequestLownew optional Flyspray setting: add new users automatica...New
216.01.201921.01.2019 Task Description

When a Flyspray installation allows user self registration and has public but also more private projects, this feature could make the required configuration more clear:

In this case, keep the number of global user groups as low as possible and the global user group for basic or just registered users has only the ‘can login’ permission and nothing more.
Because that only would be useless for new registered users, adding them also to a basic user group of a public project could be useful.

So my suggestion is:

A new optional global setting: Something like ‘default project user group’ (store 2 values: a project_id and a group_id). Validity of that setting must be checked during any user registration, so that project must exists now and at later time as also that project user group within that project. (’Checks’ of admin prefs)

So it would be like this for a new registered userA:

  1. userA is in a basic default global user group: only login permission to handle his account registration (login, logout, user preferences, password forgotten)
  2. userA is in project X default user group: some basic permissions you want allow for every (new) registered user in project X
  3. project Y: all ‘allow anyone ...’-settings are unchecked, userA not in any user group of project Y

The setting is probably best put below the ‘Default global group for new users’ setting in the global admin prefs tab #userregistration as

Either: A dropdown list with all public projects with an existing user group and dependend on the selection the available basic project groups are loaded by ajax as a select list too.

Or: Only one dropdown list that contains a list of public projects with possible project user groups. Would not require extra ajax calls and is maybe enough because we could exclude project groups that have project manager permission or such configuration nobody would allow new registered users.

no default project user group
public projectA - simple user groupA1
public projectA - simple user groupA2
public projectB - simple user groupB
public projectC - simple user groupC

This idea could be enhanced further (put the new user to multiple public projects when he registers or let user choose from public allowed projects during registration process), but lets start simple.

2534Backend/CoreFeature RequestLowPrivate projectsUnconfirmed
816.01.201918.01.2019 Task Description

I would like to restrict certain projects from view from normal users (Basic group.) I couldn’t find out a way to do it. I could restrict them from viewing tasks, which is good, but it would be nice to hide the project entirely from the Overview screen.

2531TranslationsFeature RequestLowdetect usage of translation keywordsNew
110.01.201919.03.2019 Task Description

Some translation keywords of Flyspray are used at more than one code location.

To help translators doing the correct translations, it would help to show in what context a translation keyword is used.
Especially when a keyword is used more than once.

As we have our own translation helper integrated into Flyspray, we could show a ‘translation keyword usage counter’ there and maybe show on request in which file
a translation keyword is used.

It would also help to identify ‘abandoned’ translation keywords that are not used anymore by Flyspray source.

Also it would help to identify when a translation is used at more than one location with maybe different context.

I think we can use a regular expression and scan the whole Flyspray source for that.
(and maybe database entries if there are places that have translation keywords stored - I don’t think so, but better check that too first than forget that case)

The regular expression should match that examples case insensitive for the translation keyword report:


but also ugly cases like
l(    'report'
El ( "report"

case insensitive.

But not for example

2528User InterfaceBug ReportLowNew user registration doesn't check for duplicate usern...Confirmed
505.01.201907.01.2019 Task Description

Steps done to create the problem:
Visit in a private browser window (so you are logged out)

Put in an already taken username (e.g. Stefan or Stefan2)

Expected behavior:
Username gets red and a note appears that username already is taken

Experienced behavior:
Username gets green and registration of a new user proceeds with sending a notification mail with confirmation code.
After putting in the confirmation code in provided page, user gets presented a “username is already taken, choose another” (where?) message, and has to re-start registration process from beginning and hopefully this time choose a not taken name.

2527Backend/CoreBug ReportLowDatabase Check »Your mysql supports full utf-8 since 5....Unconfirmed
105.01.201905.01.2019 Task Description

Steps done to create the problem:
Access /index.php?do=admin&area=checks with a MySQL Version >= 5.5.3

Expected behavior:
Flyspray tests for character set and displays »Your mysql supports full utf-8 since 5.5.3. You are using x.x.x and flyspray tables could be upgraded.« when database schema or one table isn’t set to utf8mb4 character set.

Experienced behavior:
Flyspray always shows this note, even though character set is correct.

As far as I can tell from the source, a query gets executed to the database (and if I do that manually the result is “utf8mb4, utf8mb4_unicode_ci” for my database), but the result doesn’t get checket, the note is always shown (line 123)

2524EmailInformationLowSMTP Mailer doesn't accept custom portsUnconfirmed
05.11.201827.11.2018 Task Description

Did you installed an official release or did you used an inoffical docker?!
MySQL 8.0.12, 7.2.9 on debian buster

Steps done to create the problem:
Enter server:port at Mail-Settings

Expected behavior: would make use of the custom port

Experienced behavior:
TLS Errors

          if ($fs->prefs['email_tls']) {
              $swiftconn = Swift_SmtpTransport::newInstance($fs->prefs['smtp_server'], 587, 'tls');
          } else if ($fs->prefs['email_ssl']) {
              $swiftconn = Swift_SmtpTransport::newInstance($fs->prefs['smtp_server'], 465, 'ssl');
          } else {
              $swiftconn = Swift_SmtpTransport::newInstance($fs->prefs['smtp_server']);

Should be changed to

          $someTemporaryVariable = explode(':',$fs->prefs['smtp_server']);
          if ($fs->prefs['email_tls']) {
              $swiftconn = Swift_SmtpTransport::newInstance($someTemporaryVariable[0], $someTemporaryVariable[1] || 587, 'tls');
          } else if ($fs->prefs['email_ssl']) {
              $swiftconn = Swift_SmtpTransport::newInstance($someTemporaryVariable[0], $someTemporaryVariable[1] || 465, 'ssl');
          } else {
              $swiftconn = Swift_SmtpTransport::newInstance($someTemporaryVariable[0], $someTemporaryVariable[1] || 25);
2522Backend/CoreFeature RequestLowemail vs username login issuesResearching
431.10.201802.11.2018 Task Description

So, I’ve been away from Flyspray for more than a few years. When I tried to login to the Flyspray here, I was unable to login, because I don’t remember my username, and I was unable to retrieve my username, because there’s no function for that. I was *also* unable to re-register the same email address. SO, having an account system that requires both unique usernames and unique email addresses, but has no way of retrieving one from the other, doesn’t work out so well.

Suggestion: either use email as username, or add a function to retrieve username (perhaps along with password retrieval . . password retrieval would then have to take username -or- email, probably)

2521EmailInformationLowTLS email with self-signed certificate doesn't work, "C...Unconfirmed
531.10.201803.11.2018 Task Description

I use a personal email server with a self-signed certificate (i’m not sure if it’s possible to use my https certificate for that? i don’t even kind of understand what all I did to get this email server setup, and I don’t really want to mess with it... especially since my https certificate comes from Let’s Encrypt... so i might have to muck with the email server every 60 days ... not sure?) ..

anyway, when I try to connect to it with Flyspray, I get above the Test Email button, “Completely unexpected exception: Unable to connect with TLS encryption
This should never happend, please inform Flyspray Developers”

Most systems have a way to override and accept an invalid cert, but I’m not seeing anything obvious about doing that with Flyspray. Does a function for this already exist, or do we need a way to do that? (alternatively, I would accept help in properly configuring my email lol)

2520NotificationsFeature RequestLowSend a notification for a new task in slack integration...Unconfirmed
324.10.201819.03.2019 Task Description

Hi, i made a way to integrate slack in flyspray using webhooks.. i not added to git.. if some can add for me it’s ok.

The process is simple.. maybe in the front the team can add a field for add the webhook for each action could be better.. in this moment the webhook is triggered only for newtask using the log method.. but you can simply add some “if” for each “type” of log.


1. Create a new field in the table flyspray_users named “slack”, and add the user slack for each user.
2. Edit the file /includes/class.flyspray.php , go to the function “logEvent” and change it by this:

public static function logEvent($task_id, $type, $newvalue = '', $oldvalue = '', $field = '', $time = null)
				global $db, $user;
				// This function creates entries in the history table.  These are the event types:
				//  0: Fields changed in a task
				//  1: New task created
				//  2: Task closed
				//  3: Task edited (for backwards compatibility with events prior to the history system)
				//  4: Comment added
				//  5: Comment edited
				//  6: Comment deleted
				//  7: Attachment added
				//  8: Attachment deleted
				//  9: User added to notification list
				// 10: User removed from notification list
				// 11: Related task added to this task
				// 12: Related task removed from this task
				// 13: Task re-opened
				// 14: Task assigned to user / re-assigned to different user / Unassigned
				// 15: This task was added to another task's related list
				// 16: This task was removed from another task's related list
				// 17: Reminder added
				// 18: Reminder deleted
				// 19: User took ownership
				// 20: Closure request made
				// 21: Re-opening request made
				// 22: Adding a new dependency
				// 23: This task added as a dependency of another task
				// 24: Removing a dependency
				// 25: This task removed from another task's dependency list
				// 26: Task was made private
				// 27: Task was made public
				// 28: PM request denied
				// 29: User added to the list of assignees
				// 30: New user registration
				// 31: User deletion
				// 32: Add new subtask
				// 33: Remove Subtask
				// 34: Add new parent
				// 35: Remove parent
				$query_params = array(intval($task_id), intval($user->id),
				((!is_numeric($time)) ? time() : $time),
				$type, $field, $oldvalue, $newvalue);
				if ($type == 14) {
					$usuarios = $db->query("SELECT DISTINCT a.slack, c.item_summary, d.project_title
						FROM {users} a
						JOIN {assigned} b on b.user_id = a.user_id
						JOIN {tasks} c on c.task_id = b.task_id
						JOIN {projects} d on d.project_id = c.project_id
						WHERE b.task_id = ?
						and a.slack <> '-'", array(intval($task_id)));
						$slackUsers = $db->fetchAllArray($usuarios);
						foreach ($slackUsers as $users) {
							$data = array(
								'text' => "New task: Project: " . $users['project_title'] . " | summary: " . $users['item_summary'] . " | taskId:" . $task_id ,
								'username' => "bott inslack",
								'link_names' => "1",
								'channel' =>  "@" . $users['slack'],
								'icon_emoji' => ":panda_face:"
							$options = array(
								'http' => array(
									'header'  => 'Content-type: application/x-www-form-urlencoded\r\n',
									'method'  => 'POST',
									'content' => json_encode($data)
                                                      // DEFINE SLACK WEBHOOK
							$context  = stream_context_create($options);
							$result = file_get_contents("", false, $context);
					if($db->query('INSERT INTO {history} (task_id, user_id, event_date, event_type, field_changed,
						old_value, new_value) VALUES (?, ?, ?, ?, ?, ?, ?)', $query_params)) {
							return true;
						return false;
2499User InterfaceBug ReportHighChange recaptcha from using file_get_contents to CurlUnconfirmed
118.09.201802.11.2018 Task Description

The issue with many servers now and the reason that recaptcha does not work is because it requires servers to enable allow_url_fopen which is a huge security risk. That is why you get the warning message when you try to run recaptcha that file_get_contents failed to connect.

So the solution is to use Curl to do that job.

Here is the fixed file, excuse my mess i had not cleaned up my code yet... but recaptcha now works.

this file goes in the includes dir... you can clean up the file if you like again sorry about that.

2498TranslationsInformationLowApply variable in language keys to push the local site ...Unconfirmed
118.09.201802.11.2018 Task Description

Hi, in order for us to push our name (rather than flyspray) on emails, notifications, and GUI we had to edit the language file to replace the text “flyspray” with our install site name. That way notifications come from our company name rather than flyspray.

It would be nice if you could take the site name variable and add it to the language files in all keys that face the public user and all notifications. This would not only prevent editing of the lang file but also make setup alot faster.

Thanks so much..

2496EmailBug ReportLowNotification Mail - Link to the task invalid when quick...Waiting on Customer
213.09.201814.09.2018 Task Description


I’m having an issue on the notification’s mail sent to people when quick-editing a task, more precisely on the link to the task below.

I had this in my older mails :

I “corrected” it by adding a str_replace here (see my screenshot), and now it’s good.

Thank you

2491Backend/CoreBug ReportLowgroup member links if project manager but not adminNew
0% Task Description

When a user has project manager permissions, but not admin permissions, then on the ‘edit group’ pages like index.php?do=pm&area=editgroup&id=8
the links in the list of users of that group are


instead of linking to the users page


and a redirect follows with Error #4: You don’t have administrative rights.

2490User InterfaceBug ReportMediumReset Password's Username field has maxlength of 20 - t...Confirmed
1.0201.09.201810.09.2018 Task Description

I’ve set up an account with a username longer than 20 characters, but can’t reset the password because the
page username field has maxlength=”20” The maxlength for a new user registration seems to be 32 characters.

A related concern is that when setting up the default/admin user on first load of the system, I can use an email address as username (always my preference), but it’s actually not a valid username to create for others thereafter. Consider allowing ‘@’ character in usernames.

2484Backend/CoreInformationLowIncrease min. version of PHP requirementUnconfirmed
10.08.201810.08.2018 Task Description

Then you can gracefully drop support of old MySQL extension AND drop the need for password compat, since BCRYPT and password_hash are built into PHP from version 5.5 onwards

2482Backend/CoreInformationLowProtect issues by defaultUnconfirmed
110.08.201810.08.2018 Task Description

I get that your project is public and you want people visiting this site to see what issues you’re working on, but most people probably don’t want their bugs list open to the public;

Can this be protected/private by default?

2481Backend/CoreInformationLowMove to MVCUnconfirmed
10.08.201810.08.2018 Task Description

That way you can just protect the setup routes after installation, etc.

And have a much less cumbersome .htaccess file.

And take sensitive files outside of the server path and not risk letting them get out in the public

2480Backend/CoreInformationLowBetter file organizationUnconfirmed
110.08.201810.08.2018 Task Description

Save public files inside public or public_html directories, and non-public files outside of those directories;

config file

vendor directory

setup logic


This goes onto another question/point - why are you deleting files from the vendor directory? It happens during composer install, and again after installation? Those files will just get put back if the user ever runs composer install again...

2479Backend/CoreInformationLowUser table seems really complexUnconfirmed
110.08.201810.08.2018 Task Description

why not store all the user preferences in preferences or user_prefernces? Then users can just be simple username, email, password?

2477Backend/CoreInformationLowold style MySQL extension is abandoned ..Unconfirmed
110.08.201810.08.2018 Task Description

the old php mysql extension is long ago reached its demise, why bother supporting it?

I also see in the database connector that your supporting MySQL/PDO - why not settle on that? If the queries aren’t MySQL specific, it becomes easier to support other DB’s, etc.

2476Backend/CoreInformationLowGuzzle/Guzzle is abandoned, should use library that's s...Unconfirmed
110.08.201810.08.2018 Task Description

(Working on a network monitoring system that really needs a ticketing system, saw this and since I speak PHP, thought it would be a good place to start... I just installed and am sharing my notes, do with them what you will!)

2466Backend/CoreInformationLowHow to run under httpsUnconfirmed
1303.06.201802.12.2018 Task Description

I have changed the htaccess.dist into .htaccess and modified to force https.
However, despite having https activated on my site I cannot get Flyspray running, it’s waiting forever.When I abort I get a page without makeup. I have all other applications like cms and wiki running under https, so it is something I have not done in the flyspray configs obviously (as this site is running https too). But could you give me a hint?

I installed flyspray in a subdirectory, if that is something to know about...

regards, Albert

2459User InterfaceFeature RequestLowAttachments on/off and max size setting in Admin Toolbo...Unconfirmed
116.02.201803.03.2018 Task Description

It would be great if the Admin Toolbox had an attachments section with an on/off switch, a max size setting, and it would print out all the reasons why it can’t set it to your desired value.

This would help in situations like  FS#2458 , it would be more clear if there is a setting to turn on/off attachments instead of turning them on and off by setting the rights if the attachments folder.

This way if the attachments setting is On, the GUI could also print an error “Attachments folder must be writable” when it detects that the writable attribute does not match the desired setting.

2456User InterfaceBug ReportHighMissing GUI controlsUnconfirmed
509.02.201810.02.2018 Task Description

After updating from “1.0-rc6” to “1.0-rc7 dev” there is missing controls menu on writer. Look attachment.
How to solve this?

Is there any settings to enable this or I’m missing something...

2454Backend/CoreBug ReportLowPHP warning in admin edit user areaNew
15.01.201815.01.2018 Task Description

Since PHP7.2 shows a warning in admin area ?do=admin&area=users&user_id=1234567890, when user_id is set, but no alternative user_name parameter.

Probably related to scripts/admin.php

$id = Flyspray::UserNameToId(Req::val('user_name'));
if (!$id) {
  $id = Req::val('user_id');
2453Backend/CoreBug ReportMediumvalidate category before storing a new taskNew
0% Task Description

Currently the category_id is not checked if the value is legal for the project when a new task is created.

  • must be unsigned int
  • must be an active category_id of the project or global category.
  • setting a category_id must be allowed - see project settings.

If invalid category_id is sent, deny creating task and show error message and show filled form again.

If no category_id is sent (or empty string) and category select is enabled:

  • either choose a default category


  • implement feature request FS#2451 and show that user should select a category.
2451Backend/CoreFeature RequestLowMod: blank Category - user must chose before pressing A...Confirmed
208.12.201714.12.2017 Task Description

Hello Peter,

I am interested in making the following mod:

When posting a new task, category should be blank by default, in order for the user that opens a new task to select that specific category.
If he doesn’t select any task, when pressing Add this task button, FlySpray should display an error message saying that the Category hasn’t been specified.

Do you think this mod can be made with the current version?
If so, do you mind if you help me a bit with the things that need to be modified?


2449Backend/CoreBug ReportLowUnexepted exception on smtp gmail sendUnconfirmed
729.10.201710.01.2018 Task Description

On creating task we got error on event which must send e-mail via “google mail”.

I hoped that in rc6 this will be solved but not. This error was the same on rc4.

2448Backend/CoreBug ReportLowerror message in eventlog reportsUnconfirmed
226.10.201729.10.2017 Task Description

The last version of Flyspray is simply amazing! it works like a charm :)

This is a small bug report in the eventlog page, that shows this message:

Notice: unserialize(): Error at offset 237 of 808 bytes in /home/elivebugs/ on line 88 Notice: unserialize(): Error at offset 229 of 796 bytes in /home/elivebugs/ on line 88

There’s a small screenshot:

Thank you!

2447Backend/CoreFeature RequestMediumAllow notifications when a new task is createdUnconfirmed
226.10.201729.10.2017 Task Description

The only (only!) feature that I have missing in Flyspray is an option to receive email notifications when a new task is created

I think that this could be in the profile of the user, and/or in the main configurations as “send a notification to the -group- (admins?) when a new task is created”

Thanks a lot! flyspray r00lz after all these years, never failed, no bugs, no hacks, fast and efficient! :)

A Happy user.

2444Installer and UpgraderInformationLowcomposer hits memory limitsNew
04.10.201704.10.2017 Task Description

Quick anwser: enable swap partition on your server.

Tried upgrading a rc4-dev to rc5-dev/rc6/flyspray-master on a virtual server with 500MB RAM and php5.6.30 on the commandline (debian)

After file upgrade, I wanted also update the vendor stuff according to composer.json changes.

But surprisingly this failed:

php composer.phar update

and also after

php composer.phar selfupdate

to version Composer version 1.5.2 2017-09-11 the memory limit bug exists:

The following exception is caused by a lack of memory or swap, or not having swap configured
Check for details

PHP Warning:  proc_open(): fork failed - Cannot allocate memory in phar:///var/www/***/composer.phar/vendor/symfony/console/Application.php on line 979

Warning: proc_open(): fork failed - Cannot allocate memory in phar:///var/www/***/composer.phar/vendor/symfony/console/Application.php on line 979

  proc_open(): fork failed - Cannot allocate memory

Also doing a more fresh vendor install like

rm composer.lock
rm vendor/*
(keeps the .htaccess there)
php composer.phar install

300 MB not enough for a handful of php package installations? wtf, but didn’t dig deeper..

I temporarly solved the problem by making a swap partition on this vServer like suggested at

/bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=1024
/sbin/mkswap /var/swap.1
chmod 600 /var/swap.1
/sbin/swapon /var/swap.1
             total       used       free     shared    buffers     cached
Mem:        506300     374920     131380      30628      21904     143872
-/+ buffers/cache:     209144     297156
Swap:      1048572          0    1048572

This is just documentation and is for the people who prefer a Flyspray development version from

Full Flyspray release download files do not needs to fiddle with composer.

Maybe an entry for the FAQ

2441Backend/CoreBug ReportMediumrefactor dokuwiki image tagsNew
15.09.201715.09.2017 Task Description
I’ve tried inserting an image in the intro message but it doesn’t show. Is there something broken in the file? Seems unlikley because it’s so old but can’t work out why nothing shows.

I had to disable some parts last year within dokuwiki quickly due sever reported security issues in that area.

As tradeoff embedding images currently don’t work within dokuwiki textareas in Flyspray.

As I too wish that feature reappear working for my projects, this is on my personal list. But requires focused free time because must be made secure.

Maybe instead of using fetch.php of dokuwiki, we can use Flypsray’s ?getfile=id , which also checks permissions.
But must check also securly file types and maybe resize images to fit into the desired page (thumbnails).

2440Backend/CoreFeature RequestLowOption to disable tag featureNew
15.09.201715.09.2017 Task Description

There is a wish on the Flyspray mailing list:

Is there a way of hiding the TAGS input field from the Add New Task form?

If it is just hiding on that form, there are several options to achieve this (from simple to complex)

A) Hide by CSS

Add that rule to themes/CleanFS/theme.css CSS file:


B) Hide by CSS (better)

Add a rule to a custom_*.css, for instance themes/CleanFS/custom_mytheme.css


and choose custom_mytheme.css in your project settings.

D) Edit themes/CleanFS/templates/newtask.tpl directly

and remove the whole div-tag with id=”edit_tags” (all between ‘<div id=”edit_tags>”’ and its closing ‘</div>’ (not recommended)

E) Use a custom template

  1. Create a folder in themes/, for instances themes/mynotagtheme/
  2. Only copy themes/CleanFS/templates/newtask.tpl to themes/mynotagtheme/templates/newtask.tpl
  3. Make the changes to that newtask.tpl like in B) (custom theme not overwritten by Flyspray Updates if you keep or backup your themes/mynotagtheme/ folders, but requires review if something has changed within themes/CleanFS/templates/newtask.tpl between version updates)
  4. Choose your mynotagtheme as project theme. All other files fall back to default themes/CleanFS/

(not tested, but thats the way it should work with current Flyspray 1.0-rc5)

D) Nag or caress someone

to finish tag feature for Flyspray with options/permissions to turn it off per project or project group or something like that.

This would effect not only that newtask form but all places where that options should kick in (listing tags in tasklist, tasklist filters etc)

2439Backend/CoreFeature RequestLowClone a ProjectNew
15.09.201715.09.2017 Task Description

There is a request for cloning a project on Flyspray mailing list:

Would be a very welcome features to have Project Templates for repetitive workflow. Any idea if its in the pipeline?

Well, not yet.

The question is, how exactly you want that project clone.

Do you want just a rough copy of the project table entry?
Thats quite easy and can even be done without programming or writing a line of SQL just by using PHPMyAdmin (or similiar Tools for PostgreSQL) and copy a row of the project table for example.
See yellow marked project table on the right of the attached dbschema screenshot.

The other extreme is copying every project depending list table entries to new ones.
This sure requires some programming, but not too hard to add this to Flyspray. (all yellow marked tables in the attached dbschema screenshot.

I attach a rough form mockup how could this could look like.

Possible solution

  1. add a new file scripts/ folder for instance copyproject.php (check admin permission)
  2. add a template file to themes/CleanFS/templates/copyproject.tpl
  3. Set a link to that clone form page somewhere, for example on the toplevel page of a project (see screenshot)
  4. Handle the adminuser (or add a clonepermission for that project manager usergroup) submitted form careful and savely either by includes/ (or like scripts/copyproject.php to keep it seperate from core)

The link to the clone form looks then ?project=123&do=copyproject

2437Backend/CoreBug ReportCriticalSpammers are able to bypass disabled user registrationsUnconfirmed
506.08.201707.01.2019 Task Description

Spammers have found a way to bypass the block on user registration and cause entries to be inserted into the registrations table in the database. I have 30+ of them in there right now, all inserted within the last 2 days. I’ve had user registrations disabled for 2 weeks now because of an onslaught of spammers who won’t leave us alone. Flyspray has insufficient safeguards against them so when this happens I have little choice.

I don’t have any idea how, but these entries in the registrations table are resulting in emails being sent out to these accounts that are bouncing because the spammers are on domain blocklists for forging their DNS responses.

Something needs to be done about this, because if they can insert phantom entries into this database table via the code, what else could they be doing that we haven’t spotted yet?

2436Backend/CoreBug ReportLowdokuwiki renderer creates nonunique html-id for h1,h2,h...New
202.08.201702.08.2017 Task Description

The dokuwiki renderer automatic creates for each h(1-6) tag an html id attribute, but doesn’t ensure that this:

  • is not used by Flyspray templates
  • is unique across all tasks (tasklist summary/description mouseover!), id must be unique on a webpage.

Example: id=”footer” and id=”title” are used by the default CleanFS template for example.








The original intention I think is to make dokuwiki content each h-section linkable, for instance by a “table of contents” at top of a wiki content page.
This is currently not used by the dokuwiki integrated in Flyspray, but could be in future.

Possible solution

Add the task_id to the generated id h(1-6) tags, for instance “d1234_footer” “d1234_title”

d - like description

(t1234 used for tags/labels id currently)

2435Backend/CoreInformationLowMax attach a fileUnconfirmed
118.07.201718.07.2017 Task Description


Can you tell me which file to modify to increase the size of the attachments? Currently limited to 2mb. I would like to authorize 4mb

Thank you


2432Database QueriesInformationLowDelete tasks from all projects (like factory reset)Unconfirmed
208.05.201710.05.2017 Task Description

Is there any “ready” SQL query file to delete all tasks and start again ? (without deleting projects, project settings, categories, task types, tags, task statuses etc...)

2430Backend/CoreFeature RequestLowUser dependency on projectUnconfirmed
216.03.201720.03.2017 Task Description

So, there would be great option if we can set permission to users to see and post only in specific opened projects in bug tracker.

Idea is, that user has all right to all projects, but in some cases we want that user can see only projects which is allowed and also to publish new tasks to only allowed projects.

In that case tasks overiew is locked and user must be logged in to see opened tasks.

2429Backend/CoreInformationLowMy tasks URLUnconfirmed
109.03.201720.03.2017 Task Description

Hey peterdd,

I was wondering: is there a standard URL for “My tasks”? I have an internal website and I would like to create a menu with a few submenus (Add task and My tasks) that link to FlySpray. However if I place the URL for My Tasks (being logged in with my user account), and copy this link to the menu, all others that click the submenu My Tasks, are seeing the tasks that where opened by me or where I am assigned, not that user that is connected on Flyspray with his account on his PC.

So that’s why I am asking for a generic URL of My Tasks, so I can place it on this middle-site?


Showing tasks 1 - 50 of 291 Page 1 of 61 - 2 - 3 - 4 - 5 - Last >>

Available keyboard shortcuts


Task Details

Task Editing