Jump to >
Review Board 1.7.25 released with security updates

The Django project just announced a new set of security releases. We're putting out a matching Review Board 1.7.25 release that pulls these in, plus fixes for Active Directory and some documentation.

We recommend that everybody running 1.7.x updates to 1.7.25. If you're not ready to upgrade Review Board yet, you can instead upgrade to the new Django release by running:

$ sudo easy_install Django==1.4.11

If you're running the Review Board 2.0 RCs, you can instead upgrade Django by running:

$ sudo easy_install Django==1.6.3

The final Review Board 2.0 release will include these fixes.

See the release notes for the complete list of fixes.

Review Board 1.7.24 released

Review Board 1.7.24 is out!

What? Another release already? Yes, unfortunately a couple problems were found in last night's 1.7.23 release, and we wanted to get the fixes out to you ASAP.

This fixes a crash with adding new repositories, and with displaying the Manual Updates page (triggered when Review Board detects a problem that must be fixed by hand).

The very brief release notes are available.

Review Board 1.7.23 and Heartbleed

Review Board 1.7.23 is out. It’s a fairly typical bug fix release, with one addition that helps to address Heartbleed.

Heartbleed is the name for a widespread SSL security vulnerability found in OpenSSL and announced to the world on April 7th that can allow attackers to, in some cases, access private data in memory. It’s not specific to Review Board (and, in fact, the vulnerability lies outside of Review Board). Most Linux distributions are now providing patched OpenSSL packages, and the general recommendation is to re-issue your SSL certificates.

GitHub is recommending that users change their passwords and reset their authorization tokens. Review Board uses these tokens to communicate with your repositories on GitHub.

In 1.7.23, we’re providing a new management command for resetting your associated GitHub authorization tokens. You’ll need to know the password (and two-factor auth token, if enabled) for each linked account that you want to update.

To reset your tokens, install 1.7.23 and run:

$ rb-site manage /path/to/site reset-github-tokens

If you’re running an installation accessible over the Internet, you may want to have your users reset their passwords as well, to be safe.

Along with this, we have some authorization fixes for GitLab, and a few small bug fixes.

See the release notes for more information.

RBTools 0.6 released

Oh man, do we have a great release for you today.

RBTools 0.6 has just been released, and it's a big one. We spent a lot of time simplifying the process for posting and updating review requests, and we think it's going to make life a lot easier for just about everyone.

Posting using Git or Mercurial used to require dealing with --parent and --revision-range, along with our custom revision syntax. Now all you have to do is pass native revisions or revision ranges to rbt post, like so:

$ rbt post HEAD
$ rbt post main-branch..feature-branch
$ rbt post 123:126

Compare this to the old way of doing things:

$ rbt post --parent=HEAD^
$ rbt post --revision-range=main-branch:feature-branch
$ rbt post --revision-range=123:126

We've also improved how "guessing" descriptions and summaries from commits work. In previous versions, you needed to run rbt post -g to enable guessing, but in 0.6, it's now automatic for new review requests. This means less typing and less work to do.

That behavior can also be changed through new GUESS_FIELDS settings in .reviewboardrc. This is covered more in the documentation.

A few other goodies:

  • Feature and performance improvements for Mercurial
  • Shelf support for Perforce
  • Git repository hook scripts for auto-closing review requests and requiring approval for pushes
  • Support for Markdown commit descriptions in Review Board 2.0
  • Recording commit IDs in Review Board 2.0
  • Many new configuration options

And more.

A couple important notes. We've removed support for the old post-review tool. Running post-review will now tell you to use rbt post instead.

We've also removed support for Python 2.4. You will now need 2.5 or higher. We strongly recommend that everybody upgrades to Python 2.7.

See the release notes for the complete list of changes.

Review Board 2.0 RC 2 released

Review Board 2.0 RC 2 is out, everybody! Thanks to all the great feedback from our beta testers, we were able to identify and fix the few remaining issues keeping us from a solid 2.0 release.

There's a bunch of fixes for little things here and there. Some polish, some performance enhancements, and a couple usability improvements. All in all, the release is feeling pretty stable, and we're feeling confident that the final 2.0 is just around the corner.

We also included a couple experimental feature additions from this semester's batch of students:

  • The dashboard widgets in the administration UI can now be reordered through drag-and-drop, allowing you to see the widgets that are most important to you at a glance.
  • We've added an experimental WebHook for those using GitHub. This hook will close any review requests referenced in a pushed commit, filling in the revision and branch where the commit landed. This requires a publicly-accessible Review Board install.

Along with this, we've made some nice improvements to rb-site. It has a new streamlined installation experience, as well as new management commands for working with installed extensions.

There's a few other goodies we've thrown in as well. See our release notes for all the details.