About six months ago, a certain Firefox extension made headlines by making it incredibly easy for people to intercept insecure web cookies and access private information on major web sites such as Facebook, as well as Pivotal Tracker.

In response, we made session-wide HTTPS enabled by default, but made it possible to disable it on your profile. We also left the option to force HTTPS only access for specific projects.

This partial HTTPS approach required us to use a somewhat complicated secure cookie scheme to prevent secure session hijacking (aka "sidejacking"). While this did close the door to this particular attack vector, it introduced some session instability, especially in Safari, due to intermittent dropping of secure cookies. Also, full HTTPS is generally considered to be more secure.

In next week's release, Tracker is going all HTTPS. The static front pages will remain non-HTTPS by default, but all internal pages, for example the dashboard and project pages, will now be HTTPS-only. This will make Tracker more secure, and it allows us to remove the extra cookies related to session hijacking prevention, which should help with unintentional browser session expiration.

In addition, we're improving how the "remember me" option works - it will now allow you to stay signed in for 2 weeks in multiple browsers.

Note: You will continue to be able to use the API via plain HTTP, unless the project you're accessing has the "Use HTTPS" option set.

GoodData, provider of an on-demand, cloud-based business intelligence platform, has just launched Pivotal Tracker Analytics, a brand new application to help you measure your agile development process.

You can now create custom point scales for your Pivotal Tracker projects. This is one of our most commonly requested features, especially from teams that practice, and/or use the planning poker form of estimation.

We've made a few improvements to how story tasks work in Pivotal Tracker. They're now turned on by default for all new projects, they can be added to a new story before it's saved, and you can drag them to rearrange their order.

Atlassian has just announced a number of improvements to their Pivotal Tracker importer JIRA plugin. It now imports iterations and labels, chores and tasks are turned into new JIRA issue types, imported issues link back to the corresponding Tracker stories, and more!

Read about the importer improvements in this blog post from Atlassian.

If you're using JIRA and Tracker together, make sure you also enable the built-in JIRA integration in Tracker, which allows you to import issues from JIRA into your Tracker backlog via drag and drop. We've got some improvements to this integration planned as well!

To address some of the problems we experienced recently, we're moving the Pivotal Tracker cache servers to dedicated hardware tomorrow (Wednesday) night, at 8pm Pacific Daylight Time. This move may require up to 15 minutes of downtime, but we expect improved stability as a result of the change. Please accept our apologies in advance for the inconvenience.

We've had a number of brief outages and/or periods of degraded performance in the last few weeks. I'd like to shed some light on what caused these incidents and what we're doing to prevent them in the future.

This has been a common question recently, and so I'd like to take a few minutes and explain how the 60 day free trial works in Pivotal Tracker, clarify what your options are at the end of the trial, and also revisit what public projects are again.

We've made a few usability improvements to Pivotal Tracker related to viewing and editing of stories, as well as file attachment handling.

All of the story text fields now automatically expand based on the amount of text entered, and they'll grow as you type. When you expand a story, you'll now see the entire story title in one glance, even when it's long. Text fields for story description, comments, and tasks expand as well.

Working with file attachments got a bit easier, too. It now takes fewer clicks to attach a file, and you can upload multiple files at once. In browsers that support it, you can drag files on to the story directly from your desktop. Finally, there's now a 'download' link next to each file attachment, for easier access to the original file.

These are just the first few of a number of usability improvements. Much more is on the way!

As always, we appreciate your feedback. Let us know what you think in the comments here, or by email to tracker@pivotallabs.com.

We've added a new email notification to Pivotal Tracker which will let you know when someone assigns a story to you. There are also a few new additions to the API, related to projects and iterations.