Today, put out two new security releases of Djblets, our utility library for Review Board. These are versions 0.7.30 and 0.8.3, and fix a couple XSS vulnerabilities that were discovered in our Gravatar support and JSON serialization code.
We are strongly recommending that everyone upgrade to these releases, particularly if you're running a public Review Board server.
If you're running Review Board 2.0.x, you can upgrade by typing:
sudo easy_install -u Djblets
If you're running Review Board 1.7.x, you will need to upgrade by typing:
sudo easy_install Djblets==0.7.30
The Djblets 0.7.30 release has only been tested with Review Board 1.7.25. If you're on an older version, we recommend upgrading Review Board as well, to ensure better compatibility, and to benefit from the additional fixes in that release.
See the 0.7.30 release notes and 0.8.3 release notes for more information.