Review Board 2.0.30 Release Notes¶
Release date: August 1, 2017
This release fixes two security vulnerabilities, found in-house and by partners.
The Quick Search API allowed information on otherwise-inaccessible review requests to be returned in the results. This affected setups using private repositories or invite-only review groups.
If you’re not making use of these access controls, this bug won’t impact you, but for those that do, we recommend upgrading to stay secure.
We recommend that everyone upgrade at their earliest convenience in order to stay secure.
Reporting Security Vulnerabilities¶
Security vulnerabilities can be reported by filing a bug and choosing Security issue or by e-mailing firstname.lastname@example.org. Patches can be sent by posting a review request to https://reviews.reviewboard.org and choosing only the “security” review group. These methods ensure security vulnerabilities are sent safely and confidentially to the Review Board team.
To upgrade to Review Board 2.0.30, run:
pip install ReviewBoard==2.0.30
- Barret Rennie
- Christian Hammond