We have two new security releases for you today, both fixing security issues reported to us by security researcher Dylan Ayrey. There's also a few bug fixes for GitLab and Subversion, and some improvements for the Administration UI's Security Checklist.
If a text field contains a plain-text
We now generate Apache configuration files that add a
Content-Disposition: attachmentheader to all media files, forcing them to download. If you're not using a standard Apache setup, you may need to modify your configuration to add this header.
You can visit the Security Checklist to make sure this header is being set.
GitLab and Subversion Fixes
Review Board 2.0.31 and 2.5.16 include fixes for working with changes on GitLab. Both fix issues viewing diffs against files containing Unicode characters, and 2.5.16 includes a fix for creating/modifying repositories for self-hosted GitLab servers.
2.5.16 also includes a fix for the New Review Request page when there are problems talking to Subversion repositories. Errors are now reported, instead of the page reporting a generic "Internal Server Error."