We are pleased to announce the first beta for the next major version of Review Board!
Our team has been hard at work on this release, and with your help, we hope to ship the final 5.0 release soon.
If you’re interested in beta testing, please keep reading.
What’s New in 5.0?
Built for Modern Environments
Review Board now requires Python 3.7 or higher, and uses Django 3.2 LTS.
Many of our dependencies have been updated to require the latest versions available.
If you’re upgrading an old installation, this would be a good opportunity to deploy a new server or switch to our Docker images (use
beanbag/reviewboard:5.0b1). Once released, we’ll continue to support older versions through support contracts.
We’re building support for SAML 2.0-based Single Sign-On (SSO) directly in Review Board. With SSO, you can use a provider such as Auth0, OneLogin, or Okta to provision and authenticate users.
This works alongside any existing authentication setup you may already have, such as LDAP or Active Directory.
When enabled, users will need to configure API Tokens for use with RBTools, rather than using their SSO credentials.
We’re still testing this with various SAML providers. If you’re interested in this feature, please let us know which providers you use today, and whether you encounter any problems with the beta.
Trojan Source Attack Detection
Review Board now looks for Trojan Source attacks in code posted for review. These attacks use special Unicode characters to make code appear one way, but execute another way, and can be injected intentionally (by a malicious developer) or accidentally (by copying and pasting malicious code from another website).
The diff viewer will now show a notice if any suspicious code is detected for a file, and will show you the suspicious characters. Reviewers can then choose to see how the code would normally appear, getting a sense of the attack.
Elasticsearch 5.x and 7.x
Review Board now supports using Elasticsearch 5.x and 7.x as search backends, as well as the previously-supported 1.x and 2.x releases.
Please note, we depend on a third-party project called Django Haystack for our Elasticsearch support. At this time, neither Elasticsearch 8.x nor OpenSearch are supported by Haystack.
See the release notes for information on how to configure your version of Elasticsearch.
Global Review and Comment APIs
These new APIs allow you to make queries against all reviews or all comments in Review Board.
This can, for instance, be used to list all reviews made by a given user in the past month, or all issues that remain open.
We’re making substantial changes to how Review Board works internally, in an effort to improve performance for large installs.
Beta 1 begins this work by simplifying many of the queries used in the database, making the dashboard and several APIs substantially faster.
We’ll have even more improvements in beta 2.
- You can now forward review requests and discussions to the Matrix chat service.
- You can set the syntax highlighter you want for different file types in the diff viewer.
- Extension authors can now benefit from the features available in Django 3.2, new registration abilities for custom SCMs, and
- Many bugs were fixed (the major ones are listed in the release notes).
See the 5.0 beta 1 release notes for the full list of changes.
Want to Help Us Test?
We’d love to have your help! We have installation information in the release notes.
Please make sure you have a dedicated testing server and database. Do not test this beta in production!
You can use the beanbag/reviewboard:5.0b1 Docker image as well. See our Docker instructions for information on setting up an environment.