Review Board 3.0.21 and 4.0 RC 2 are out. These releases fix a security vulnerability, along with other bug fixes.
3.0.21 also introduces Docker support.
The attacker would need to be someone who already has legitimate access to your server, and can perform reviews or otherwise access your code.
We recommend that everyone (especially those running public servers) upgrades to address this vulnerability, though the seriousness of the issue will vary from company to company.
Review Board 3.0.21 ships with new Docker support, helping you set up and deploy servers quickly without need to manually install anything.
This is still young. If you hit any issues, please report them to us.
Going forward, all Review Board 3.x and higher releases will include Docker images.
Compatibility and Bug Fixes
Both releases fix installation issues on Python 2.7, along with a handful of bug fixes and improvements.