What's New in Review Board

Review Board 5.0.6 is a bug fix release, featuring:

• MySQL installation fixes
• Review Group API improvements
• Several bug fixes

Let's take a look.

MySQL Installation Fixes

The recent versions of mysqlclient fail to install on many Linux distributions, and this makes for a frustrating Review Board installation experience.

Now, when installing the ReviewBoard[mysql] package, we now cap this to the 2.1.x series, which installs the same way as prior versions.

You can learn more about this issue on the mysqlclient GitHub, and in our MySQL installation instructions. We'll continue to track development around this issue, and update our documentation and requirements if the situation changes.

Review Group API Improvements

The Review Group API now supports querying for:

• Hidden accessible review groups
• Review groups based on the invite_only flag
• Hidden invite-only review groups when using the special reviews.can_view_invite_only_groups user permission

Plus...

• Improvements for the upgrade process
• Fixes for file attachment diffs
• Fixes for updating file attachments with new revisions
• Showing hidden review groups and repositories for Default Reviewers, integration conditions, and more

All the details can be found in the release notes.

To learn more about upgrading your server, see our upgrade instructions. You can also use our official Docker images.

If you need assistance with your server, we can help under a support contract.

Beta 3 is here, with a more polished Review Board look and feel, a toolbar to help format your Markdown text and attach images, a better experience for the new Review Banner, and numerous fixes and improvements throughout the product.

If you're discovering 6.0 for the first time, look at our announcements for 6.0 beta 1 and 6.0 beta 2 to learn about the new features, like the Review Banner, improved diff navigation, and all the new extension capabilities that can help tailor Review Board for your team.

A more pleasing experience

We’ve refined Review Board’s look, making small adjustments throughout the product to help it feel lighter, with easier-to-read diffs and more apparent controls.

This is the beginnings of a larger effort that we’ll be continuing through Review Board 7 to help modernize the UI and give users more control over how Review Board looks on their system.

Format Markdown and upload images with just a click

We’ve made it easier to work with Markdown text anywhere you see a text field. The new Markdown formatting toolbar helps you format your reviews, comments, and review requests using Markdown.

Toggle between bold, italic, strike-through, and code literals. Create lists, link to URLs, and then go beyond text by uploading and embedding images.

Guiding you to better reviews

We’ve added useful tips and tricks for helping compose your reviews, right at the top of the Review Dialog.

In addition, the new Review Banner is now available any time you see a review request, regardless of whether it’s in draft form, published, or closed. You can also publish all reviews and review requests with one click.

Plus…

• Usability improvements for working with text fields
• Performance improvements for publishing drafts
• New APIs and extension capabilities
• Better repository validation for Git and Subversion
• And lots of bug fixes!

See the release notes for the full list of changes and installation/upgrade instructions.

Next release will be RC1, our release candidate. We’d love to get some more testing, and have a handy Docker image you can try to get started. Your feedback will help us make 6.0 a rock-solid release.

Review Board 6 beta 2 builds upon the new review and extension functionality in Review Board 6 beta 1 to bring better diff navigation, self-review of draft diffs and files, improved SAML support, and even more extension options.

Better Diff Navigation

When viewing diffs, the file you’re currently looking at is now shown in the Review Banner at the top of the page. This helps you keep track of where you are in the review process.

You can also use this to quickly jump to any other file in the diff.

Use the colored dots to get a sense of the inserted, deleted, and replaced sections of the file, and to quickly jump to them.

Self-Review of Drafts

It’s now easier than ever to leave notes on your diffs for others, or to practice effective self-review.

Before publishing your change, you can now comment on your draft diffs and files, helping give other reviewers a heads up about how the code works or what problems you’ve already spotted that they can ignore.

Simply comment like normal, and then click Publish All to publish your draft change and comments all at the same time.

Improved SAML Single Sign-On

Review Board 5 introduced Single Sign-On with SAML, and Review Board 6 is giving you more options to better integrate with your Identity Provider.

Now, administrators can better link up user accounts by configuring the NameID format and user attribute names to match what your Identity Provider expects.

New Extension Features

We’ve added two new extension hooks to help you customize your Review Board and to build new features:

• HideActionHook helps Python extensions hide built-in actions (like “Ship It!”), making it easier to replace them with your own custom actions.
• FileAttachmentThumbnailContainerHook gives JavaScript extensions the ability to add new items to the file attachment thumbnail menu.

We’ve also added support for using pytest to unit test your extensions with rbext test. Simply run rbext test --pytest. This will become the default in Review Board 7.

Plus…

• Multiple tabs/windows showing the same review request will reload when publishing or discarding a review in one.
• We’ve made several usability improvements to the new Review Banner and the Review Dialog.
• We’ve improved API performance across the board with better caching logic.

There’s more in the works for Review Board 6, including better self-signed SSL/TLS certificate management for repositories, LDAP, and Active Directory.

We expect the next beta to be the last. If you’d like to help us test, please reach out with your feedback! You can use the beta 2 Docker image to get you started. Betas are also covered under an active support contract.

See the release notes for the full list of changes.

Review Board 5.0.5 offers improvements and fixes to Single Sign-On, web-based login for the upcoming RBTools 5, improved support for installing with Python Virtual Environments (required in this year's Linux distributions), and more.

Let's dig in.

Improved Single Sign-On

We've fixed a handful of bugs in the Review Board 5's new Single Sign-On support, improving compatibility with most services.

Now, if a page requires you to log in first, you'll be taken back to that page once successfully logged in. Thanks to everyone who let us know this wasn't working right.

Web-Based Login for RBTools 5

RBTools 5 is in development, and includes the ability to log in using the Review Board website. This means you can finally use your standard Single Sign-On authentication for RBTools.

We're hard at work on RBTools 5, and will be shipping it later this year. If you'd like to beta test this, please reach out to support for pre-release builds.

Python Virtual Environments

Python Virtual Environments provide a way to isolate Python applications and services from the system or other Python applications. They help you avoid various forms of installation problems, and they're required in Ubuntu 23.04, Debian Bookworm, and Fedora 39 (with other Linux distros soon to follow).

Starting in 5.0.5, Review Board can now help you install into a Virtual Environment and will automatically make use of it no matter what web server you're using.

We've updated our installation documentation to help you install and use Review Board in either Virtual Environments or in traditional setups.

Please note: If you're not using a Virtual Environment today, you don't need to switch to one unless you're planning to upgrade to this year's Linux distributions.

Plus...

• It's now easier to manage review groups and repositories when configuring an integration, such as Slack or Jenkins.
• New python and pip site management commands for running the correct versions for your environment.
• Compatibility fixes for modern Python packaging support.

All the details can be found in the release notes.

To learn more about upgrading your server, see our upgrade instructions. You can also use our official Docker images.

If you need assistance with your server, we can help under a support contract.

RBTools 4.1 is ready for Review Board 6, and comes with a host of new features improvements for working with Windows and your source code repositories. Including new integrations for Perforce setups.

Ready for Review Board 6

Review Board 6 is coming soon. We've updated RBTools 4.1 to ensure your upgrade to Review Board 6 is as smooth as possible, without dropping support for any prior versions of Review Board.

We recommend that all users upgrade to RBTools 4.1 before you deploy Review Board 6 for the best experience.

SSL Improvements

RBTools 4.1 simplifies SSL management by including up-to-date root SSL certificates, making it effortless to work with newer SSL certificates even on older Python installations.

When SSL issues do occur, you're not left in the dark. A complete description of the problem, along with steps to rectify it, will be displayed. This includes guidance on how to register self-signed certificates with Python, and how to update root certificates. This way, you're empowered to address SSL issues swiftly and effectively.

Enhanced Perforce Integration

RBTools 4.1 provides a new Perforce trigger script to better automate your review process.

With this trigger script, Perforce administrators can ensure that a review request has been reviewed and approved before acceptance. The default is set to a "Ship It!" status with no open issues, and extensions can customize this.

The script will also update the changeset with the URL to the review request and then close the review request upon submission. See the trigger script for instructions, and our guide on using RBTools with Perforce to learn how to use Perforce with Review Board.

A Better Experience on Windows

The Windows installer now bundles GNU Diff, eliminating the need for a separate installation and providing a more streamlined experience. We've also updated to the latest Python 3.10.11 release.

Plus...

• Improved diff generation for ClearCase and VersionVault.
• Fixes for stamping Perforce changes with a review request URL.
• Fixes for API caching issues.

See the release notes for the full list of changes, including changes affecting script authors.

To learn more about RBTools, see the RBTools downloads page and RBTools 4 documentation.

Review Bot 3.2 is a small release focusing on compatibility improvements, Secret Scanning enhancements, and improvements in automated reviews.

What is Review Bot?

Review Bot is an extension to Review Board that adds automated code reviews to your workflow. It integrates with an assortment of third-party code lint, compliance, and security checking tools to help catch problems early.

It's free, open source, and extensible, making it a great addition to your Review Board server.

New in 3.2: Compatibility Improvements

Review Board 5 and 6 compatibility has improved. Some compatibility issues with recent releases of Review Board 5 have been smoothed over, including a crash when browsing the database entries for Review Bot tools.

We've also addressed issues processing results from Shellcheck and PMD.

Secret Scanning

Our support for Secret Scanning has been updated to look for the new enhanced API token format introduced in Review Board 5.

If you're reviewing infrastructure or tools that integrate with Review Board, this will help catch any API tokens you accidentally leave in a file.

Automated Review Improvements

Some tools had a tendency to leave comments spanning entire functions or classes, making it difficult to read some reviews.

Review Bot now caps all comments to 10 lines. When capped, the original line range will be listed in the comment.

That's it for this release!

For complete details on Review Bot 3.2, see the release notes.

To get started, download Review Bot and read the documentation to begin installing and configuring Review Bot.

We recommend our Docker images to help you get going quickly.

Development on Review Bot 4 will begin soon, with new automated code review tools planned. Stay tuned!

Power Pack 5.2 adds new connection options for Cliosoft SOS and improved repository support for VersionVault and ClearCase.

It also offers improved compatibility with Review Board 6 Beta 1.

What is Power Pack?

Power Pack is licensed add-on for Review Board, offering:

• PDF document review and diffing, allowing you to review documents, schematics, designs, contracts, and code all in one place.
• Report generation, giving you insight into code review practices in your organization.
• Advanced server management for scalability, database management, and splitting/merging installs
• Support for enterprise source code management systems, including AWS CodeCommit, Azure DevOps/TFS, Bitbucket Server, Cliosoft SOS, GitHub Enterprise, HCL VersionVault, and IBM Rational ClearCase.

You can try Power Pack free for 60 days or purchase a license for your server.

Let's explore what's new in 5.2.

SSH Connectivity for Cliosoft SOS

With Power Pack 5.2, Review Board can now communicate with Cliosoft SOS source code management servers over SSH. This simplifies setup, allowing you to use an existing licensed user on any remote server.

This is now the preferred method for talking to Cliosoft SOS.

Larger ClearCase/VersionVault Repositories

ClearCase/VersionVault repositories now support up to 48KB worth of VOB OIDs. This lets you connect to very large repositories with thousands of VOBs.

Review Board 6 Compatibility

Power Pack 5.2 is fully compatible with the current beta of Review Board 6 and the upcoming release (due out soon). If you're planning to upgrade to Review Board 6, we recommend preparing by upgrading to Power Pack 5.2.

For the complete list of changes and installation instructions, see the release notes.

We’re excited to announce the first beta of Review Board 6! This is a smaller release focusing on improvements to the review workflow by giving you a new starting point for creating reviews and the ability to bulk-publish drafts of reviews, replies, and review requests.

If you’re new to Review Board, it’s a free, open source, extensible web-based code review and document review tool, helping developers work together to ensure quality code on their projects, whether using Git, Mercurial, Perforce, Subversion, ClearCase, or other current or future source code management tools.

Let’s take a closer look at some of the key changes in this beta.

The New Review Banner

Since the beginning, Review Board has represented drafts of new reviews, replies, or review request changes as a green draft banner at the top of the screen. Each draft had its own banner, and each draft had to be published separately.

We’re now introducing a new unified banner, which shows everything you have in flight on a review request.

From here, you can:

• Start or edit reviews from anywhere on the page (replacing the old “Review” and “Ship It” buttons).
• File general comments pertaining to the review request as a whole (replacing the old “Add Comment” button).
• Switch between drafts, if you want to publish one independently.
• Bulk-publish all reviews, replies, and pending changes on a review request at once, resulting in fewer button clicks and e-mails.

The banner is always present on a review request. You can use the Review menu to create a brand-new blank review, file a general comment, or quickly file a Ship It! review:

There’s more coming. In beta 2, the new banner will show you your active file in a diff and let you jump to other files.

Learn more about the new review banner.

We’re opening this up to extension authors. Soon, extensions will be able to add new information and sections to the banner, giving your organization more control over your review workflow.

Also For Extension Authors

Extension authors also have a few new goodies in this release:

• We’ve reworked our actions framework, which manages the buttons that can be found on a review request, the review banner, and the page header. It’s now easier to add, replace, or remove actions and tailor the product to your needs.
• We’re adding Python Type Hints throughout our codebase, making it easier for your IDE to ensure you’re calling our internal APIs correctly.
• Client-side extensions can now be written in TypeScript and use ES6 modules. Simply declare an index.ts file in your JavaScript bundle, and use that to write any TypeScript code or import from TypeScript modules.
• You can also now use modern ES6 classes for your JavaScript/TypeScript code. We’ve introduced a new library called Spina to help create these, working as a drop-in replacement for the old Backbone.JS.

We’ll have documentation on all this before the final 6.0 is released.

Plus…

• The dashboard now defaults to the “Overview” view, which shows all your incoming and outgoing review requests.
• We’ve changed “Close -> Submitted” to “Close -> Completed,” removing some old and confusing Perforce-centric terminology.
• Numerous behind-the-scenes improvements for improving performance, architecture, and stability.

See the 6.0 beta 1 release notes for the full list of changes.

Want to Help Us Test?

We’d love to have your help! We have installation information in the release notes.

Please make sure you have a dedicated testing server and database. Do not test this beta in production!

You can use the beanbag/reviewboard:6.0b1 Docker image as well. See our Docker instructions for information on setting up an environment.

Review Board 5.0.4 is a bug fix release, focusing on improving compatibility throughout the product, addressing problems with Single Sign-On, and making critical changes to the API.

Fixes for new Apache installs

Review Board 5.0.3 auto-generated new configurations for more web servers when first installing a site, but it was missing the new templates for Apache installs.

Review Board 5.0.4 now generates much-improved Apache configurations with wide Apache support. These new configurations help with setting up SSL and configuring mod_wsgi for different modes.

Better service compatibility

We've fixed compatibility for a few services we integrate with, including:

• Review Bot 3.x, our automated code review add-on for Review Board

• Elasticsearch 7

• Single Sign-On providers

If you're using any of these, you'll want to upgrade to 5.0.4.

Important API changes

We introduced the following APIs in Review Board 5.0:

• All Reviews API

• All Diff Comments API

• All General Comments API

• All File Attachment Comments API

Due to a conflict between the names used for linking to these resources and names used for other resources in our URI templates at the top-level of our API, we've needed to rename these links. If you are using these new APIs, please see the release notes for the new names.

We try hard not to break the API, but this was the less intrusive option.

This also fixes a compatibility problem with the rbt review command.

Plus...

• Full Single Sign-On support in Docker
• Fixes in the presentation of the Trojan Source warning in the diff viewer
• Better instructions when configuring Elasticsearch
• Additional fixes throughout the product

All the details can be found in the release notes.

To learn more about upgrading your server, see our upgrade instructions. You can also use our official Docker images.

If you need assistance with your server, we can help under a support contract.

Oh, one more thing

We're releasing Review Board 6 beta 1 very soon! 6.0 will be a smaller release focused on a few improvements in the review process.

The beta will be public to everybody, but if you're interested in beta testing, we'd love to hear from you!

Today’s new releases fix a (rare) security issue when using older insecure LDAP servers. There are also installation improvements and a handful of bug fixes.

LDAP Security Fix

A security bug was found that enables a user to log in as another user when LDAP is configured. This vulnerability only exists when:

1. Using very old LDAP servers that contain a credential verification security bug; and
2. Enabling anonymous binds; and
3. Logging in as a user not present in LDAP

Under these conditions, a combination of an invalid LDAP username and a non-empty password can result in LDAP claiming the credentials are valid. If that user exists in Review Board as a local user, Review Board will see that the login was “successful” in LDAP and log the user in.

Most users should never hit this issue. So far it’s only been found in an old version of Active Directory, and only when using our “LDAP” backend instead of the recommended “Active Directory.”

We've tightened the code path and added additional checks to safeguard this on our end. All of today’s releases include the fix.

If you use LDAP, we recommend upgrading to this release, ensuring your LDAP servers are up-to-date, and disabling anonymous binds if you don't need them.

New Supported Web Servers

Review Board works well with just about any modern web server, but we’ve only ever provided sample configurations for Apache.

Now, when installing a new site, sample configurations are auto-generated for these often-requested web servers:

• Apache + mod_wsgi
• Nginx + Gunicorn
• Nginx + uWSGI

See our Web Server documentation for these sample configuration files and additional instructions.

Many Bug Fixes

We’ve stomped out several bugs in this release, including:

• Problems marking a SSH key or SSL certificate as trusted when configuring a repository
• Communicating with repositories over SSH in some setups
• Performing manual runs of automated reviews when multiple configurations for the same tool are present
• Workarounds for environment issues during installation on Ubuntu 20.04 LTS

New Documentation

We’ve also reworked much of our documentation. Some highlights include:

• Streamlined installation steps for Linux
• A guide on configuring SELinux
• Enhanced instructions for using docker-compose
• Modernized techniques for optimizing and scaling your deployment
• An overview of using automated code review

For the full list of changes, see:

• Review Board 5.0.3 release notes
• Review Board 4.0.12 release notes
• Review Board 3.0.25 release notes

To learn more about upgrading your server, see our upgrade instructions. You can also use our official Docker images.

If you need assistance with your server, we can help under a support contract.