Jump to >
New Review Board Security Releases: 1.5.7 and 1.6.3

It was brought to our attention today that Review Board 1.5.x and 1.6.x had a security vulnerability involving browser-side script injection in the diff viewer and screenshot pages. We take such things seriously, and are putting out a couple of releases to fix it. We strongly advise everyone to update, especially if you're running a public server.

Review Board 1.5.7 and 1.6.3 have been released. If you're running 1.6.x, just upgrade as normal, but if you're running 1.5.x, you need to upgrade by doing:

$ sudo easy_install -U ReviewBoard==1.5.7

Otherwise, you'll automatically upgrade to 1.6.x.

Thanks to Damian Johnson for letting us know about this vulnerability and providing a patch to fix it.

Review Board 1.6.2 released

Review Board 1.6.2 is out. It's a bug fix release that takes care of several issues people have hit. In particular, it should have a proper Apache WSGI configuration for subdirectory installs out of the box, some SCM integration fixes, browser compatibility improvements, and various other things.

We also have a couple bits of new API for those who want to automate review group creation, or archive deprecated repositories.Check out the release notes for the full list.