Review Board 3.0.21 and 4.0 RC 2: Security Fixes, Bug Fixes, and Docker

Review Board 3.0.21 and 4.0 RC 2 are out. These releases fix a security vulnerability, along with other bug fixes.

3.0.21 also introduces Docker support.

Security Fix

Both releases fix a XSS vulnerability in Markdown rendering, which could allow an attacker to craft a link that executes arbitrary JavaScript code when clicked.

The attacker would need to be someone who already has legitimate access to your server, and can perform reviews or otherwise access your code.

We recommend that everyone (especially those running public servers) upgrades to address this vulnerability, though the seriousness of the issue will vary from company to company.

Docker Support

Review Board 3.0.21 ships with new Docker support, helping you set up and deploy servers quickly without need to manually install anything.

This is still young. If you hit any issues, please report them to us.

Going forward, all Review Board 3.x and higher releases will include Docker images.

Compatibility and Bug Fixes

Both releases fix installation issues on Python 2.7, along with a handful of bug fixes and improvements.

See the 3.0.21 release notes and 4.0 RC 2 release notes for the full lists of changes.