Today's release of Review Board 1.7.26 fixes an important security vulnerability allowing attackers to craft very small JavaScript snippets in the diff viewer. If you're running 1.7.x, we recommend that you upgrade to this release immediately.

Along with that important fix, we have a new feature for you, and a small handful of bug fixes.

We adde a per-user setting that allows users to choose whether to receive e-mail from Review Board. This includes new and updated review requests, and discussions on review requests. If you're in the habit of checking the dashboard, and don't want to clutter your Inbox, this may be useful to you. Please note though that you'll still receive e-mail going to any mailing lists you're subscribed to.

There's also some bug fixes for CVS compatibility, API fixes for repository creation, encoding fixes for non-ASCII diffs, and more.

To upgrade to this release, run:

sudo easy_install ReviewBoard==1.7.26

See the release notes for more information.