Review Board 1.6.17 Release Notes¶
Release date: June 22, 2013
Fixed an XSS vulnerability where users could trigger script errors under certain conditions in auto-complete widgets.
There are no known vulnerabilities in the wild, but we recommend upgrading immediately.
Thanks to Craig Young at Tripwire for reporting this to us.
- Fixed an HTTP 500 when updating a comment in the web API without also updating the issue status.
- Christian Hammond
- David Trowbridge