Jump to >

Review Board 2.0.16 Release Notes

Release date: June 11, 2015

Security Updates

This release fixes a security vulnerability recently reported that allows a user to craft a string that can, under the right circumstances, execute a malicious script. If you’re running 2.0.x, we highly recommend that you upgrade, particularly if your server is public on the Internet.

This was reported by Uchida.

Upgrade Notes

If your install has Search enabled, you’ll need to perform a full re-indexing of your database in order for search to function correctly again.

New Features

  • Added easier posting of existing commits for GitLab repositories on the New Review Request page.

    GitLab users can now post existing commits for review through the New Review Request page. Existing commits and branches will be shown, and clicking on a commit will post it for review. This mirrors the functionality already available to GitLab and Subversion.

    Patch by Chester Li.

  • Added support for Git diffs generated by Mercurial.

    Mercurial users can now post diffs for review that were generated through hg export --git.

    Patch by Steven MacLeod.

Performance Improvements

  • The diff viewer now loads and displays diffs much faster.

    We’ve improved browser-wide caching and rewrote our entire rendering pipeline to more quickly return cached results for rendered diffs. If a diff has already been viewed once, by anyone, it will be quicker to retrieve and display.

    Expanding and collapsing of diffs benefit greatly from this as well.

  • Improved browser-side caching of most pages and assets.

    The review request page, diff comment fragments, API, and nearly everything else fetched from the server should now make better use of browser-side caching.

    While we had this before, the caches would sometimes become invalidated too quickly to be useful, based on some internal state changes. We’ve improved how we handle the caching, and you should notice some major improvements when reloading pages.

  • Extension reloads are now performed less often, improving overall page response times.

Usability Improvements

  • Increased the saturation of the indentation markers and some syntax highlighting in diffs to improve readability. (Bug #3725)


  • Added JavaScript hooks for adding fields to the review dialog.

    The new ReviewDialogHookModel() extension hook allows an extension to place custom UI right below the Ship It label, above all the other fields. Using this, they can add extra UI that attaches custom data to a review.

  • Fixed extension reload loops when an extension modified settings during load.

  • Added new review_request_closing and review_request_reopening signals.

    Listening to these signals and raising a rb2.0:reviewboard.reviews.signals.CloseError or rb2.0:reviewboard.reviews.signals.ReopenError (respectively) will abort closing/reopening. These can be used to add additional validation before these operations are allowed.


  • Querying review requests belonging to a Local Site will now work as expected once again.

  • Validating a diff against a Subversion repository and failing to provide a basedir field in the request now returns a suitable error message as a string in a list, instead of a string or series of strings.

  • Attempting to close review requests containing drafts now results in a 225 - Publish Error saying that the draft must be published before closing.

  • Review Request Resource will now return 230 - Could not close review request and 231 - Could not reopen review request if an extension blocks closing or reopening (respectively).

  • Fixed issues with expanding fields for list resources.

Bug Fixes


  • Fixed some rare errors where PyCrypto wasn’t properly initialized, resulting in a random HTTP 500 on new threads.

  • Fixed crashes that could occur if a user was created manually through the administration UI, and not through a standard registration process. (Bug #3819)

  • Fixed some issues rendering Markdown content with Unicode on some systems. (Bug #3804)


  • Disabled auto-responses for e-mails handled by Microsoft Exchange, to avoid out-of-the-office replies, delivery reports, read receipts, and more.

Diff Viewer

  • Fixed links in the file index when a diff is split across multiple pages.

  • Fixed the display of diffs that were both renamed and modified, and contained a parent diff.

  • Viewing an interdiff no longer causes the URL to change to a non-interdiff URL.

  • Clicking an entry in the file index for a file that was copied and listed as new will now properly jump to the file. (Bug #3654)

  • Fixed a corner case when displaying interdiffs that caused some unwanted content from upstream merges to be included.

  • Fixed a corner cases when displaying interdiffs that caused the entire file to appear unchanged with a “whitespace changes only” message.

My Account Page

  • If an extension adds custom sub-pages to the My Account Page, and is then disabled and re-enabled, the forms on the sub-page will no longer be cleared.

    Patch by Wang Jun Sun.

Review Requests

  • Downloading diffs with commas in the filenames no longer fails on Chrome. (Bug #3704)

    Patch by Chester Li.

  • Fixed HTTP 500 errors when attempting to auto-close an unpublished review request from a pushed commit.

    The review request will now be published before it’s closed.


  • Fixed a spurious Unicode warning when running the condensediffs management command. (Bug #3698)

    Patch by Rohan Meringenti.

  • Fixed confusing errors involving request_info and logging when there are errors logging to the configured filename.

  • Fixed several type-related issues in the set-siteconfig and get-siteconfig management commands. (Bug #3743)

    get-siteconfig no longer crashes if fetching a non-string value.

    set-siteconfig now accepts true and false (as shown by list-siteconfig) for boolean values, and can set values to null.

  • On Firefox, the Install Key field in Support Settings can now be selected.

  • The repository name field should no longer be auto-filled by the browser.


  • Fixed File Not Found errors when posting a diff containing an incorrect file path or revision for review.


  • Improved the Git diff parser, fixing some header order assumptions that were not guaranteed to be valid.

    Patch by Steven MacLeod.

  • When configuring an HTTP(S)-based Git repository that requires authentication, the credentials supplied in the Username and Password fields are no longer ignored.

  • Fixed parsing diffs containing tabs after the filenames.


  • Fixed Subversion files being shown in the diff viewer with its base directory (i.e., trunk/myproject/) shown twice.


  • Barret Rennie

  • Chester Li

  • Christian Hammond

  • David Trowbridge

  • Rohan Meringenti

  • Steven MacLeod

  • Uchida

  • Wang Jun Sun