Review Board 1.6.21 Release Notes¶

Release date: November 5, 2013

Security Fixes¶

Fixed XSS vulnerabilities for the Branch field and uploaded file captions. (CVE-2013-4519)

It was possible to construct captions for uploaded files and construct a Branch field where the content would be interpreted as HTML.

Thanks to Frederik Braun at Mozilla for reporting this.

Contributors¶

Christian Hammond
Frederik Braun