What's New in Review Board

I know what you're thinking. "Another Review Board release? Didn't we just have one this week?"

We did, and it was pretty great, but not perfect. A regression with repository configuration slipped in and broke things, and we didn't want you to wait any longer for a fix.

We've also been busy fixing other bugs this week, and felt it was as good a time as any to get those into your hands. So here they are.

Fixes for repository settings

Some bad logic broke repository configuration, causing options to show up that shouldn't and others to not show up when they should. It was confusing, both for administrators and for Review Board when trying to sort out what was set.

Bitbucket Server was showing up as a hosting service option twice if Power Pack was enabled. It was pretty excited to even be considered.

Fixes for search settings

Trying to enable Elasticsearch support without having the right module installed was causing a not-so-friendly error. Now it causes a very friendly error, telling you exactly to do to install compatible Elasticsearch support.

It should also help clear up the confusion around versions. We require Elasticsearch 2.x (5.x or higher won't work) because the search framework we use is capped at that. That's... not ideal, and we're considering options here.

Fixes for API token policies

Crafting a custom API token policy and hitting Save now properly switches the displayed policy type to "Custom" instead of "Full Access."

While a reload would have fixed that, that was pretty misleading, and led to more problems than it solved (which was none — no problems were solved by that bug).

Fixes for some other things

• The field used to select available avatar backends should no longer appear blank at times
• Using the submit-as option when posting review requests no longer shows (harmless but annoying) errors when Active Directory is enabled
• Logging extension media installation errors no longer triggers its own errors

As always, see the release notes for the full list of changes.

Today's Review Board release is full of new features, integrations, and improved hosting service support. Let's dive right in.

Link to your Asana and Trello tasks

You can now enable Asana and Trello integrations, adding new fields to your review request for linking up any Asana and Trello tasks your review request relates to.

This works similarly to the Bugs field right now, and opens the doors for tighter integration later.

Post updates to Mattermost and I Done This

Review Board can now post updates about review requests and reviews to Mattermost channels, keeping your team up-to-date. This brings all the benefits that Slack users enjoy, while keeping all updates within your own network.

Updates can also be posted to I Done This, which helps team members build up daily and weekly status reports as they work.

Review code stored on Gerrit

If your company uses Gerrit for hosting, but teams want the code review benefits of Review Board, we have you covered. Review Board can now link up to your Git repositories hosted on Gerrit, letting you post changes for review the same way you would on other services.

This does require the use of a special plugin to enhance Gerrit's API, so see the installation instructions to get started.

Better compatibility with GitLab

We've rewritten our GitLab support to take advantage of the benefits of their latest API. Nested groups and large numbers of repositories are now supported, and edge cases have been addressed. Overall, your GitLab experience should be better now and going forward.

Supporting self-signed SSL certs

If you're using a self-hosted service like GitLab, GitHub Enterprise, Bitbucket Server, or Gerrit, you can now use self-signed SSL certificates without workarounds. You'll be prompted to confirm the certificate when adding the repository, and then you're set.

And lots more

• Custom file-based filters in the diff viewer
• A command for creating new extensions
• New extension template hook points for the review request box
• Many bug fixes, logging additions, and compatibility improvements

For the full list of changes, see the release notes

Django released a new set of security releases that protect against swamping a server when passing certain strings to a few different functions used for building URLs and truncating content. See their announcement for the details on the fixes.

We maintain security-hardened builds of Django 1.6.x, the version series we use for Review Board 2.0 through 3.0. We've put out a new Django 1.6.11.7 release that contains these fixes.

To upgrade to this release, run:

$ pip install -U https://downloads.reviewboard.org/releases/Django/1.6/Django-1.6.11.7.tar.gz

Or:

$ easy_install -U http://downloads.reviewboard.org/releases/Django/1.6/Django-1.6.11.7.tar.gz

You can always keep up on the latest Review Board security announcements by subscribing to our Official Announcements mailing list, joining our Subreddit, or following us on Twitter.