Review Board 2.5.15 is out

Today's release of Review Board 2.5.15 is a small bug fix release taking care of a problem that came up in last week's release of 2.5.14, along with fixing an annoyance some users have hit when loading diffs in the diff viewer.

In last week's release, we made some changes to the Quick Search field and API for security purposes. One of the changes resulted in a crash that could occur using the API, breaking the Quick Search field in the process. If you were bit by this in 2.5.14, an upgrade should fix this for good.

We also fixed a bug in the diff viewer where attempting to switch diff revisions while still loading diffs would result in a crash and a failure to load the new revision.

It's a pretty small release. As always, release notes are available.

New Review Board 2.0.30 and 2.5.14 security/bug fix releases

We have two new releases for you today, both fixing a couple of undisclosed security bugs, along with providing other bug fixes and feature enhancements.

Security fixes

We discovered an information leak in one of our APIs, allowing a request to be crafted that would reveal some details of review requests otherwise intended to be private. This affects you if you use invite-only review groups or private repositories for access control.

We were also informed of a XSS vulnerability allowing a particular URL to be crafted that would execute JavaScript on your user's behalf.

Both of these issues have been fixed, and additional unit tests have been added to ensure these never regress. We recommend that everyone upgrade to this release at their earliest convenience.

If you locate a security problem in Review Board, please contact, or file a bug and choosing "Security issue".

New Markdown table support

Review Board 2.5.14 introduces support for GitHub-Flavored Markdown tables. You can now provide tabular data in review request descriptions or in comments.

Commit IDs are now searchable

If you're running Review Board 2.5.14 and have search enabled, you'll now be able to search for review requests based on their commit ID, which is useful if you're using Git or Bitbucket.

This will require a full re-index after upgrade.

And a handful of other fixes in 2.5.14

  • Keyboard navigation in the diff viewer should no longer get stuck or fail to navigate to file headers.
  • A regression in extension building/packaging when using LessCSS and UglifyJS has been fixed.
  • Failure to load files from a repository when viewing diffs no longer results in huge entries in the log files.
  • Sending test e-mails should now properly report any errors that come up when communicating with the mail server.
  • The styling for buttons on Firefox should now be more consistent.

See the 2.0.30 and 2.5.14 release notes for more information on the release, along with upgrade instructions.