Jump to >

Review Board 3.0.7 Release Notes

Release date: June 5, 2018

Privacy Improvements

The main focus of this release is to give administrators and users more control over how Review Board handles personal information, such as usernames, e-mail addresses, and full names, and to strengthen privacy defaults across the product. When enabled, these features help organizations that may be subject to GDPR stay in compliance.

Several new features and changes were implemented for this purpose:

  • Administrators can now configure a URL for Terms of Service and Privacy Policy documents.

    When configured, users need to consent to these before they can continue to use the server. These will also be shown during registration.

  • Administrators can also enable consent gathering and tracking.

    When enabled, features that require consent to use personally identifiable data (PII), such as Gravatars, will result in users having to make a choice to allow or deny consent before they can continue to use the server.

  • Extensions can add additional requirements for consent and check for them very simply, to help ensure privacy rights are respected by default.

  • Users can manage their consent choices at any time through the My Account page.

  • All user profile data (full names, e-mail addresses, etc.) are now considered private when viewed by an anonymous user.

    Users can still enable Private Profiles to prevent even authenticated users from seeing their profile information.

  • More locations showing full names in the UI respect the Private Profile settings.

    This includes fields for review requests and in the dashboard, infoboxes for users, avatar text, and trophy banners.

We’ll continue to improve the privacy capabilities further over time.

Learn more about how we handle privacy across our products and services.

Extensions

  • Added ConsentRequirementHook for registering privacy-aware features that require user consent.
  • Fixed a crash that could occur when shutting down extensions and integrations.

Web API

  • Fixed issues working with extra_data on resources for certain (generally older) objects in the database that may not have had it set.

Bug Fixes

Review Requests

  • Attempting to automatically close a review request when a change is pushed no longer crashes if the review request doesn’t pass validation.

Diff Viewer

  • Tracebacks are no longer shown when failing to find a file in a repository.

    Instead, a proper error message is shown.

  • Fixed crashes when attempting to load diff patch bundles when showing errors.

    If visiting an internal URL for a failed diff without providing certain information normally generated by the diff viewer, the diff’s patch bundle URL wouldn’t generate properly, and the page would crash, e-mailing the administrator. This most often happened on public servers when accessed by search engine bots.

  • Fixed a rendering issue that could happen if diff data in the database was modified by hand or corrupted.

    While unlikely to occur outside of a developer environment, data in this state could prevent the diff viewer from loading all the files in the diff.

Dashboard

  • Fixed a crash that could occur when loading the Dashboard with invalid column names.

Administration

  • Fixed crashes when displaying cache backend statistics when using some variants of memcached servers or memcached addresses without ports.
  • Fixed a crash in the user selector widget when avatars aren’t available for a user.
  • Fixed a regression in configuring bug trackers for repositories. (Bug #4679)
  • Fixed a missing space in the help text for the Enable search setting.

Gerrit

  • Fixed communication problems with newer versions of Gerrit.
  • Fixed a crash when saving the Gerrit repository form if data is provided that fails validation.

Git

  • Fixed a bad error message when failing to find files in a locally-accessible Git repository.

Contributors

  • Barret Rennie
  • Christian Hammond
  • David Trowbridge