Jump to >
Review Board 1.6.21 and 1.7.17 released

We have a couple new releases of Review Board tonight. These both fix a couple security vulnerabilities discovered last night, and from this alone, we strongly recommend upgrading immediately.

The new 1.7.17 release also provides better GitHub integration, Local Site permissions, Extension improvements, and various bug fixes throughout the product.

Those using GitHub will have an easier time setting up new repositories (no more having to configure SSH keys!), and if anything goes wrong in the setup process, Review Board will do a better job of telling you what may be wrong.

If you're using the Local Sites feature, there's some improvements for you as well. Administrators of Local Sites will now have the ability to edit, close and reopen review requests, as well as post under another user's name, just like full-on administrators. These permissions are limited to Local Sites, of course.

We've also fixed some bugs around extensions. Enabling, disabling or changing an extension's settings will now cause the browser to re-fetch pages, instead of using old cached versions. Furthermore, extension customization now works with subdirectory installs.

The improvements in 1.7.17 are covered in more detail in the release notes.

If you're using the new Review Board Power Pack extension, or are looking to try it out, we recommend you update to 1.7.17. There are some fixes in this release that improve the interactivity with Power Pack.

If you're upgrading to 1.6.21, be sure to specify the version on the command line:

$ sudo easy_install ReviewBoard==1.6.21

Release notes:

Review Board Power Pack Release Candidate

Updated 30-October-2013, 12:05PM PST: Fixed the minimum Review Board version required. You'll need 1.7.14 or higher.

We're pleased to announce a release candidate for the Review Board Power Pack. While previous beta releases have been limited to people who signed up for our beta program, his release candidate is public, and anyone who is using Review Board is welcome to try it out.

The Review Board Power Pack is a set of advanced features to help you get even more out of your peer review system. If you'd like to check out what's included, see the Power Pack page.

Installing and activating the Power Pack

If you're running a previous beta of the Power Pack, you should have received an email with detailed instructions on how to upgrade. If you're a new user, use the following instructions.

To get started, make sure you have Review Board 1.7.14 or newer installed. Then install the Review Board Power Pack by running:

easy_install -f http://downloads.beanbaginc.com/powerpack/ -U ReviewBoardPowerPack

Once that's installed, reload your web server, then browse to your administration interface and click "Extensions." You should see a single extension. Click "Enable" to activate it.

Once the extension is activated, you need to install a license. We've created a trial license which will keep things going until January 1, 2014. You can download this license at http://downloads.beanbaginc.com/powerpack/powerpack-trial.lic

Once you have the license file, click "Configure" on the extension. You should see a field where you can upload the license file to your Review Board server. Once you do this and save, you should see a trial license installed, and the Power Pack features will be enabled.

Using the Power Pack

Any PDF files that are attached to a review request (with "Upload File") will then have a "Review" button which will take you to a document viewer. To add comments, simple drag across a region of a page like you would with an image attachment.

To add GitHub enterprise repositories, go to the "Add Repository" section in the admin interface. You should now see a new hosting service called "GitHub Enterprise". Configuration works just like GitHub.com, but you'll put your GitHub Enterprise server name in the form.

Setting up multiple front-end servers is a complex task, and we're working on some documentation about it. In the meantime, if you're planning on using the Power Pack for this, get in touch and we'll help you out.

We'd like to hear your feedback, good and bad. If there are any features that would be important to your organization, please let us know that too.

For any questions or comments, you can reach us at any time at support@beanbaginc.com.

Review Board 1.6.20 and 1.7.16 released

Every once in a while, things just don't work the way they should. And with that, I bring you two new Review Board releases.

This fixes three main issues. First, the recent work on the API caused a breakage in the Review Group Users resource when looking up a user that was a member of more than one group. While this doesn't affect usage of Review Board itself, it does affect those who need that part of the API for their scripts.

Second, due to a regression in a tool we use for packaging, the Python 2.6 builds for Review Board 1.7.15 shipped with broken JavaScript files. We've reverted the version to the last known stable version.

Third, pagination in the dashboard was broken in 1.7.15. This was fixed last night with a new build of Djblets, and now this release depends on that newer version.

Along with these three fixes, 1.7.16 gained a couple new extension hooks for extension authors to play with, which add the ability to place menu items in the top-most bar, alongside the User and Support links. You can see this in action with the Review Board Chat extension.

Release notes for 1.6.20 and 1.7.16 are available.

New security releases: Review Board 1.6.19 and 1.7.15

Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of private review requests would show up on some pages (though the review requests themselves were not accessible).

These issues do not affect most of the installations out there, but we strongly recommend upgrading anyway. There are no known cases of anyone exploiting these bugs, and in fact we discovered these internally while building new tools to test for security vulnerabilities in our codebase.

There are also some other bug fixes, and important changes needed for extensions that provide their own REST APIs.

See the 1.6.19 and 1.7.15 release notes for more details on these releases.

The Awesome UCOSP Winter 2013 Review Board Team

We're up in Toronto today for the final day of the UCOSP Winter 2013 Sprint. Through UCOSP, we get to meet and work with bright and enthusiastic students pursuing careers in the software industry for a whole semester. Our students work on Review Board, building cool projects and getting a feel for what it's like in the industry. It's pretty awesome.

This semester, we have five new students: Allisa, Behzad, Edward, Elaine, and Natasha.

Allisa got into development at age 13 when she started writing custom maps for Neverwinter Nights. Now she's making it easy to do a security check of your Review Board installation to make sure you're safe from known configuration-related vulnerabilities.

Behzad got his start writing and modifying scripts for mIRC when he was 11. For this term, he's making our hidden trophy support less hidden by giving you a nice trophy case on your user page, showing every trophy you've earned. It'll even support the development of new types of trophies, even under extensions. (One may make the association between fish slaps and fish trophies?)

Edward's background was in systems engineering, until he found .NET and fell in love with programming. That led him toward going back for a CS degree. He's now taking a role on RBTools, adding some nice improvements. This includes extending 'rb patch' to be able to commit under the contributor's name (useful for open source projects) and adding a command to guide the setup of a new source tree.

Elaine used to want to be a writer, but found she liked writing code more than stories. She's working on an extension to help out when using checklists for code review.

Natasha got into CS after her first programming class in high school, because it fed her love of puzzles and problem solving. It also goes well with her coffee addiction. Her project's goal is to automatically suggest reviewers based on who has reviewed similar code in the past.

We were also joined by a former student yesterday, Yazan, who fixed a bug for us, and just generally hung around helping out.

UCOSP is a fantastic program, and we look forward to it every semester. We're super lucky to get such great students, and I'm really excited to see how far this new team will take the project.

Special thanks to Steven MacLeod and Mike Conley, our wonderful co-mentors who help make this happen every semester; UCOSP, who provide the opportunity for us to participate and meet such great students; and Mozilla, who provided the space for the sprint.

Students in Action
Review Board 1.7.14 released

As we noted previously, there was a major Django security release announced. We're following that up with a new Review Board 1.7.14 release.

Along with updating to the latest Django release, we're also fixing a security issue in the API that affects those using access control on repositories and groups. It's possible to craft an API request that fetches reviews and some other information on review requests that shouldn't be accessible.

There's also support for Team accounts on Bitbucket, and a small handful of bug fixes.

See the release notes for more information.

Important Django security update

The Django project just released an important security update that affects all Review Board 1.7.x servers, particularly public ones. It allows an attacker to perform a Denial-of-Service attack on the server through the authentication mechanism.

We recommend that everybody running a Review Board 1.7.x release immediately updates to Django 1.4.8. We will be putting out new releases of Review Board today, as well.

Please see the Django security announcement for more information.

New Beta Release: Review Board Power Pack

Until now, we've been running two separate beta programs for PDF Review and "Review Board Enterprise". We've decided to merge these together into a single product that we're calling the "Review Board Power Pack."

The major features of the combined package are:

  • Review PDF documents that are attached to review requests, commenting directly on the text, all in the browser with no extra plug-ins.
  • GitHub Enterprise support.
  • The ability to add capacity to your Review Board server by adding additional front-end servers.

Changes in the new preview

In addition to merging together the features of our two previous beta packages, there are some improvements and bug fixes for PDF Review in this release:

  • The outline mode in the sidebar now shows the tree structure of the table of contents.
  • When a document has a table of contents, the sidebar now allows switching between either the outline mode or the pages mode.
  • Scrolling behavior when using the mouse wheel or touch-pad gestures has improved significantly, making it easier to get all the way to the bottom of the document.
  • Non-PDF documents like .docx are no longer detected as PDF.
  • When attaching a PDF file with drag-and-drop, you can now click on the thumbnail to jump to the review UI to preview the document.
  • Several issues with PDF rendering have been fixed.
  • A fair amount of visual design polish.

pdf

Getting the Power Pack

If you already signed up for the beta, you should have an email explaining how to install it (or upgrade from the first beta). If you haven’t signed up, but would like to participate, please fill out our sign-up form and we’ll be in touch.

Once we have a final release, these features will be available on RBCommons.com for our larger tiers.

Review Board 1.7.13 released

Review Board 1.7.13 is released, and brings with it support for Beanstalk and Bitbucket Git.

Beanstalk is a code hosting and development service with support for Git and Subversion. It integrates with a variety of services and offers easy deployment to servers.

We had support for Bitbucket with Mercurial, but due to some missing API, we couldn't integrate with Git. That's been solved in 1.7.13, if you also use RBTools 0.5.2.

There's also a handful of other fixes and improvements in this release.

While you're upgrading, we recommend making some additional changes to your Apache configuration. See the updates on our guide to securing file attachments.

See the release notes for more information on what's in 1.7.13.

RBTools 0.5.2 released

RBTools 0.5.2 is released, with a handful of new features and some nice fixes.

First off, along with the upcoming Review Board 1.7.13 release, you'll be able to post changes to Beanstalk and Bitbucket Git repositories. This should be helpful to a lot of you looking to use these services.

We've also made the tools a bit more friendly. The --help argument is back for all tools, and can be placed before or after the rbt sub-command (for example, rbt --help post or rbt post --help).

There's a new rbt get tool for scripts that want to talk more directly to our API, or those who want to experiment with the API without writing a script.

On top of all that, there's git-p4 support, improved Subversion support, and more.

See the release notes for the full list.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 pages