Review Board 1.7.23 Release Notes¶
Release date: April 9, 2014
On April 7th, 2014, the Heartbleed vulnerability in OpenSSL was announced to the world. This affects servers running a wide range of OpenSSL versions. Since then, companies have been hard at work upgrading their versions and re-issuing their possibly compromised SSL certificates.
GitHub recommends resetting passwords, enabling two-factor authentication, and revoking all account access tokens.
If you are using Review Board with GitHub, then you’ll want to reset your auth tokens you set up when linking repositories. Starting in this release, you can reset these tokens by typing:
$ rb-site manage /path/to/site reset-github-tokens
This will confirm every linked GitHub account, asking for the GitHub account password and two-factor auth code (if enabled). There should be very minimal downtime for this, and it can be run while the server is up.
If your server is exposed to the Internet, you may also want to instruct your users to reset their passwords. You should also re-issue your own SSL certificates for any exposed servers.
- Added a
reset-github-tokensmanagement command to reset GitHub authentication tokens.
- Improved query time of lists of review requests when one or more are private.
- Text files encoded with UTF-16le no longer cause breakages when generating thumbnails. (Bug #3282)
- Added back the “Show SSH Public Key” link for new repositories. (Bug #3262)
- Fixed a crash when showing the “A repository with this path already exists” error.
- Authorizing the same GitHub account twice should no longer result in cryptic errors or crashes.
Fixed e-mail-based authentication on older versions of GitLab.
Patch by Tomi Äijö.
- Balazs Hinel
- Christian Hammond
- David Trowbridge
- Tomi Äijö