Updated May 5th: We've followed this up with 3.0.23 to fix another regression impacting users who hadn't yet upgraded to 3.0.21.
This release fixes regressions in Markdown rendering, introduced by the security fix in 3.0.21.
The following Markdown features have been restored:
:thumbsup:)Any broken Markdown introduced on 3.0.21 will render correctly after upgrading.
See the release notes for more details.
Review Board 3.0.21 and 4.0 RC 2 are out. These releases fix a security vulnerability, along with other bug fixes.
3.0.21 also introduces Docker support.
Both releases fix a XSS vulnerability in Markdown rendering, which could allow an attacker to craft a link that executes arbitrary JavaScript code when clicked.
The attacker would need to be someone who already has legitimate access to your server, and can perform reviews or otherwise access your code.
We recommend that everyone (especially those running public servers) upgrades to address this vulnerability, though the seriousness of the issue will vary from company to company.
Review Board 3.0.21 ships with new Docker support, helping you set up and deploy servers quickly without need to manually install anything.
This is still young. If you hit any issues, please report them to us.
Going forward, all Review Board 3.x and higher releases will include Docker images.
Both releases fix installation issues on Python 2.7, along with a handful of bug fixes and improvements.
See the 3.0.21 release notes and 4.0 RC 2 release notes for the full lists of changes.
Today's release of Review Bot 2.0.1 offers compatibility improvements for Python 3 and the upcoming Review Board 4.0.
If you're planning to upgrade to Review Board 4.0 upon release, we recommend upgrading to Review Bot 2.0.1 today.
Review Bot is an automated code review tool that connects to Review Board, interfacing with many different code linting tools:
We're preparing a much larger 3.0 release with all-new tools, configuration options, and official Docker support. We expect this to be available in the next few months.
For now, see the release notes for the details on 2.0.1, or download Review Bot today.
Development is coming to a close with today's release of the first Release Candidate for 4.0.
If you're planning an upgrade to 4.0 upon release, please give 4.0 RC 1 and report any feedback you find.
Review Board 4.0 RC 1 ships along with a Docker image, making it easy to get set up quickly and to scale out as your needs grow.
Going forward, every new release of Review Board will ship with Docker images. We're also building them for Review Bot.
See our documentation to get started.
We've refined the rb-site install experience, offering better guidance all throughout.
New options have been added for automated installs, including specifying the site's SECRET_KEY, allowed hostnames for accessing the server, and even custom settings_local.py templates.
rb-site manage --help now shows all the most common management commands used with Review Board.
The rbext tool has been updated with new options to make it easy to test your extensions.
The new --extension option takes the extension class name and sets up a full test environment around it. Combined with the new --app option for adding additional Django apps, testing extensions has never been easier.
rb-site manage resolve-check no longer needs to be called after setting up a new site.The full details, along with installation/upgrade instructions, are in the release notes.
Please report any issues (or successes!) you hit with either Review Board 4.0 RC 1 or the new Docker image. If all goes well, we'll be releasing 4.0 very soon.
We have two new releases of Review Board out today.
This is a compatibility and bug fix release, focused mainly on ensuring Review Board 3.x continues to install cleanly on Python 2.7 environments.
There's also database-related performance improvements aimed toward large installations, and visual bug fixes on Firefox.
For the full list of improvements, see the 3.0.20 release notes.
Thanks to everyone who tested 4.0 beta 1 and reported feedback. We've fixed the major issues, and hope you're ready for round 2!
Beta 2 brings:
rb-site, including better help, new options to help with automated installs, and providing custom settings templates.Plus a handful of other fixes and improvements.
For installation/upgrade instructions, and the full list of changes, see the 4.0 beta 2 release notes.
Review Board 4.0 is nearly ready to ship, after much development and testing. With the addition of multi-commit review requests for Git and Mercurial, Discord and Jenkins CI integration, and review and administrative capabilities, this is a release that we're very proud of.
We're opening this up to beta testers before we ship the final 4.0, and would like your feedback.
Let's look at the highlights.
Git and Mercurial users can now create review requests covering multiple commits at once. Reviewers can review each commit individually, all commits squashed together, or a portion of the commits squashed together.
RBTools 2.0 or higher is required to post or land multi-commit review requests.
Prefer Discord over Slack? Jenkins over CircleCI?
Your review request updates and discussions can now be posted to Discord to keep your group informed. Jenkins can take on building and testing your code, posting feedback to your review request.
More integrations are on their way for 4.0.
We've rebuilt the administration UI from the ground up. It's mobile-friendly, cleaner, with far better management of integrations and extensions.
Planning some maintenance? You can now put the server into read-only mode. People can still browse review requests and code, but they won't be able to change anything until your maintenance is complete.
Review Board 4.0 beta 1 can be installed on Python 3.6 through 3.9. Or on 2.7, if you're not ready to make the upgrade.
We've also upgraded to Django 1.11. This will matter if you have in-house extensions, as much has changed. Fortunately, we've helped with some porting information, which you'll find in the release notes.
It's a big release, and we've covered it all in the release notes, along with installation/upgrade instructions. Please upgrade only on a test installation for now, and not on your production server.
Give it a try and let us know what you think or if you hit any problems.
Review Board 3.0.19 enables new options for Review Bot, introduces a new experimental interdiff algorithm, enhances compatibility with several types of repositories, and improves the repository creation API.
Review Bot users now have access to several new options.
Configured code checkers can now be set to run only on demand, by button click, which is useful for ones that take a very long time to run.
Failed builds can be retried, in case the failure was caused by a temporary issue.
Open issues piling up? Tools can now be set to drop all previously-opened issues they've filed the next time the tool is run, starting fresh.
Some people have hit odd edge cases with interdiffs, where some lines seemed to be missing. This was due to a problem with the old algorithm, which we've been working out.
A new algorithm is coming in Review Board 4.0. If you're plagued by interdiff issues, you can preview this by setting the following in conf/settings_local.py:
ENABLED_FEATURES = { 'diffviewer.filter_interdiffs_v2': True, }
You’ll then need to restart your web server and clear memcached. We recommend trying this on a non-production server.
The Repository API can now create repositories backed by hosting services, such as GitHub or GitLab. It's no longer limited to plain, self-hosted repositories.
This is pretty advanced, but often requested. We're working on documentation, but in the meantime, reach out if you need assistance.
And more.
The full list of changes are in the release notes.
RBTools 2.0 is out, bringing compatibility improvements and new features for all users. The biggest improvement is the support for Review Board 4.0's upcoming multi-commit review requests.
Review Board 4.0 beta 1 is coming in the next few weeks, and with RBTools 2.0, developers will be able to post a series of commits to a review request so that they can be reviewed individually or as one squashed change, depending on what the reviewer chooses to do.
Those changes can also be landed, preserving their history or squashing them back into a single commit.
To stay with the old behavior and squash the commits before posting to a review request, you can pass --squash to rbt post or rbt land (or set SQUASH_HISTORY = True or LAND_SQUASH = True, respectively, in .reviewboardrc).
This is available for both Git and Mercurial, and will require Review Board 4.0.
RBCommons users will receive multi-commit review request support in 2021.
If your Review Board server uses a self-signed certificate backed by an in-house Certificate Authority, you can now configure RBTools to recognize it through the --ca-certs, --client-key, and --client-cert options (or CA_CERTS, CLIENT_KEY, and CLIENT_CERT in .reviewboardrc).
rbt setup-repo has been redesigned to better help people configure their local repositories to connect to Review Board. It offers a more helpful guided setup, making it easier to find the right repository and generate your .reviewboardrc file.
RBTools now understands the init.defaultBranch configuration for Git, helping you transition your primary branch from master to something like main.
Compatibility issues are fixed, repository detection is faster, and custom scripts can benefit from performance improvements by connecting RBTools to the Mercurial command server.
RBTools can work with a wider mix of configurations utilizing SSL and brokers.
There's also a new reviewboard.repository_name Perforce counter that can tie a depot to a Review Board repository, which can be used if .reviewboardrc isn't an option.
See the release notes for more information, or download RBTools 2.0 today.
Power Pack 3.0.3 is built to get you ready for Review Board 4.0 and for licensing changes in Power Pack 4.0. Plus, it fixes bugs and improves compatibility across the product.
Review Board 4.0 will soon be out in beta, and you'll want to make your transition as smooth as possible.
Power Pack 3.0.3 works today with your current Review Board and with the Review Board of tomorrow.
(Not literally tomorrow. Sorry to get your hopes up.)
We're moving to a new license format, which will open the door to features we have planned for Power Pack 4.0. By upgrading now, you'll be ready for the new licenses when they're ready, giving you a head start on Power Pack 4.0.
Prepare for tomorrow by upgrading to Power Pack 3.0.3 today.
To upgrade or install for the first time, see the installation instructions.
The new Review Bot adds new automated code review tools for Python source code, and brings some major enhancements to help you get the most out of automated code review.
Plus compatibility with the upcoming release of Review Board 4.0.
If you're a Python developer trying to keep your project's documentation in check, Review Bot can help you out through the new support for doc8 and pydocstyle.
doc8 checks your ReStructuredText-based documentation (used by Sphinx or docutils) for common problems, such as syntax or whitespace issues.
pydocstyle checks the Python side of your documentation, making sure your function, class, and module docstrings are all there and don't have any issues.
Review Bot can now be configured to drop any older issues it opened before it runs any tools again. No more massive lists of open issues to close every time you post an update to your change.
This can be configured for each automated code review tool individually.
Tools can now be set to be run manually, instead of every time a new change is posted. This is especially useful for in-house tools that may take an extremely long amount of time to complete.
If any tool has failed to run for any reason, you can also re-run it with the click of a button. No need to re-upload your change.
(This requires Review Board 3.0.19 or the upcoming 4.0.)
Some tools (such as clang) require a full copy of the repository. This used to require telling each worker about each and every repository a tool may need to access.
Workers can now fetch this information directly from Review Board, if configured on the worker. This requires that the worker has access to the path configured for the repository in Review Board, and any SSH keys needed.
Custom tools can now leave general comments on a review request, not tied to any particular change or file. This is useful if the comment is more about process and policy, or about the description or testing performed, rather than code.
Review Bot is compatible with Review Board 3 and 4, and is an easy upgrade. Just follow our simple instructions.
To learn more about this release, see the release notes.