We are very excited to announce the release of Review Board 2.0. This is our largest release ever, with lots of new features for end users and administrators, over 70 bugs fixed, usability and performance improvements throughout the product, and significant enhancements to our web API and extension framework.

There's way too much to talk about for this post. We'll simply go over some of the changes we've made to help the day-to-day life of software developers. The release notes will cover the rest.

The diff viewer is more powerful

So much of your time in Review Board is spent looking at diffs. We decided to make that time more pleasant.

We moved to a nicer look-and-feel with better readability, redesigned the revision/interdiff selector, added smarter moved line support and cleaner interdiffs, revamped the file listing (which introduces icons showing the complexity of changes), and introduced all-new indicators for showing indentation-only changes.

Review requests are prettier

The layout of review requests have been improved. The Description and Testing Done have been moved up, with the other fields moved to the right-hand side. This puts the most important information right in front of you, taking up less screen real-estate in the process.

We made it easier to see changes made to a review request. Newly uploaded diffs are shown with their file listings and change complexity icons. Text field changes are shown as unified diffs. Newly uploaded file attachments are shown as thumbnails. Et cetera.

"Ship-It!" is more meaningful

You'll now only see a "Ship-It!" in the Dashboard if all open issues have been addressed. Otherwise, you'll see an open issue count, letting everyone know that there's still work to be done.

If a reviewer opens issues and says "Ship It!" in the same review, the "Ship It!" won't be shown until the last open issue is closed.

Posting changes is easier

We've completely revamped the New Review Request page to make it easier to get changes into Review Board. In particular, it's easy to post existing commits from a branch on your repository without using RBTools, with just a couple clicks.

If you are using RBTools 0.6 or higher, you should find it's even faster to post your changes! There's also a few goodies in 0.6 for posting a commit's ID, and posting in Markdown format. Speaking of...

There's Markdown everywhere!

You can now use Markdown-formatted text in any text box, including the Description/Testing Done fields and in reviews or replies. This is particularly handy if you want to show off code samples, embed images, or list something in bullet point form.

What else...

• Built-in review for text-based file attachments.
• Search is now really easy to set up.
• An all-new My Account page, for selecting groups and updating your profile.
• A better-organized Dashboard, with support for bulk-closing review requests.
• Experimental Web Hooks for closing review requests when pushing related commits.
• High-DPI icons.
• Faster load times with fewer reloads.
• Many, many more improvements.

We didn't even get into the huge number of improvements to the web API and extensions, and all the performance and usability issues we addressed.

We want to thank everyone who helped make this release happen. Our contributors, beta testers, packagers, and of course, all the users and administrators out there who have provided great feedback and ideas over the years.

See the release notes for the full list of what's in 2.0. For any questions or concerns, please reach out to us on our community support list.

We’ve been working hard on fixing the bugs found by our beta testers, fine-tuning all the new extension support, and getting a few more experimental Web Hooks in place for more hosting services.

All around, it’s a good release. In fact, we were looking to call this the final 2.0, but we have a few fixes we want just a bit more testing on first.

Some of the key highlights of this release include:

• Fixes for upgrading from a pre-1.7 release
• Better protection from broken extensions
• Some new extension abilities for blocking publishing of review requests
• Condensing diffs no longer eats all available memory
• Lots of bugs squashed

The release notes have the full details, as well as installation instructions.

Our hope is to release the final 2.0 this month. A big thanks to all of our beta testers for providing such great feedback!

The Django project just announced a new set of security releases. We're putting out a matching Review Board 1.7.25 release that pulls these in, plus fixes for Active Directory and some documentation.

We recommend that everybody running 1.7.x updates to 1.7.25. If you're not ready to upgrade Review Board yet, you can instead upgrade to the new Django release by running:

$ sudo easy_install Django==1.4.11

If you're running the Review Board 2.0 RCs, you can instead upgrade Django by running:

$ sudo easy_install Django==1.6.3

The final Review Board 2.0 release will include these fixes.

See the release notes for the complete list of fixes.

Review Board 1.7.24 is out!

What? Another release already? Yes, unfortunately a couple problems were found in last night's 1.7.23 release, and we wanted to get the fixes out to you ASAP.

This fixes a crash with adding new repositories, and with displaying the Manual Updates page (triggered when Review Board detects a problem that must be fixed by hand).

The very brief release notes are available.

Review Board 1.7.23 is out. It’s a fairly typical bug fix release, with one addition that helps to address Heartbleed.

Heartbleed is the name for a widespread SSL security vulnerability found in OpenSSL and announced to the world on April 7th that can allow attackers to, in some cases, access private data in memory. It’s not specific to Review Board (and, in fact, the vulnerability lies outside of Review Board). Most Linux distributions are now providing patched OpenSSL packages, and the general recommendation is to re-issue your SSL certificates.

GitHub is recommending that users change their passwords and reset their authorization tokens. Review Board uses these tokens to communicate with your repositories on GitHub.

In 1.7.23, we’re providing a new management command for resetting your associated GitHub authorization tokens. You’ll need to know the password (and two-factor auth token, if enabled) for each linked account that you want to update.

To reset your tokens, install 1.7.23 and run:

$ rb-site manage /path/to/site reset-github-tokens

If you’re running an installation accessible over the Internet, you may want to have your users reset their passwords as well, to be safe.

Along with this, we have some authorization fixes for GitLab, and a few small bug fixes.

See the release notes for more information.

Oh man, do we have a great release for you today.

RBTools 0.6 has just been released, and it's a big one. We spent a lot of time simplifying the process for posting and updating review requests, and we think it's going to make life a lot easier for just about everyone.

Posting using Git or Mercurial used to require dealing with --parent and --revision-range, along with our custom revision syntax. Now all you have to do is pass native revisions or revision ranges to rbt post, like so:

$ rbt post HEAD
$ rbt post main-branch..feature-branch
$ rbt post 123:126

Compare this to the old way of doing things:

$ rbt post --parent=HEAD^
$ rbt post --revision-range=main-branch:feature-branch
$ rbt post --revision-range=123:126

We've also improved how "guessing" descriptions and summaries from commits work. In previous versions, you needed to run rbt post -g to enable guessing, but in 0.6, it's now automatic for new review requests. This means less typing and less work to do.

That behavior can also be changed through new GUESS_FIELDS settings in .reviewboardrc. This is covered more in the documentation.

A few other goodies:

• Feature and performance improvements for Mercurial
• Shelf support for Perforce
• Git repository hook scripts for auto-closing review requests and requiring approval for pushes
• Support for Markdown commit descriptions in Review Board 2.0
• Recording commit IDs in Review Board 2.0
• Many new configuration options

And more.

A couple important notes. We've removed support for the old post-review tool. Running post-review will now tell you to use rbt post instead.

We've also removed support for Python 2.4. You will now need 2.5 or higher. We strongly recommend that everybody upgrades to Python 2.7.

See the release notes for the complete list of changes.

Review Board 2.0 RC 2 is out, everybody! Thanks to all the great feedback from our beta testers, we were able to identify and fix the few remaining issues keeping us from a solid 2.0 release.

There's a bunch of fixes for little things here and there. Some polish, some performance enhancements, and a couple usability improvements. All in all, the release is feeling pretty stable, and we're feeling confident that the final 2.0 is just around the corner.

We also included a couple experimental feature additions from this semester's batch of students:

• The dashboard widgets in the administration UI can now be reordered through drag-and-drop, allowing you to see the widgets that are most important to you at a glance.
• We've added an experimental WebHook for those using GitHub. This hook will close any review requests referenced in a pushed commit, filling in the revision and branch where the commit landed. This requires a publicly-accessible Review Board install.

Along with this, we've made some nice improvements to rb-site. It has a new streamlined installation experience, as well as new management commands for working with installed extensions.

There's a few other goodies we've thrown in as well. See our release notes for all the details.

We're in the home stretch now with our release of Review Board 2.0 RC 1.

Our fist release candidate was focused on squashing bugs, improving performance, and tweaking the usability of the product, in preparation for the final 2.0 release.

We've fine-tuned the diff viewer, cutting the time of some operations in half. We've also reduced the startup and response time for installations using extensions.

36 bugs were fixed since beta 3. These cover site installation, administration, the diff viewer, the new My Account page, and much more.

For extension writers, we've added a new hook for custom authentication backends, as well as a few more goodies to help keep your extension code tight and clean.

This release also includes the security fixes in the 1.7.22 release, and strengthens security and access logs in other areas.

If you're planning on upgrading to Review Board 2.0 when it's out, this would be a great time to test. We're hoping to release it soon, and your feedback will go a long way to ensuring this release is solid.

The full details are in the release notes.

Review Board 1.7.22 is out. It's primarily a bug fix release, with an important security update (particularly for public installations).

An XSS vulnerability was reported that we've patched that involves the Search field. If you're running a 1.7.x release, we recommend updating to 1.7.22.

There's also a large number of bug fixes in this release. We've been working hard on going through the bug tracker and fixing up as many bugs as we can. This includes Git diff parsing fixes, compatibility improvements for Mercurial configurations, easier support for enabling HTTPS, and more.

See the release notes for the complete list of fixes.

We thought it was long past time to show off some of the excellent work our UCOSP Fall 2013 students have been doing, and introduce you all to our Open Academy Spring 2014 students.

UCOSP Fall 2013

In Fall of 2013, we had a batch of great students from across Canada: Elaine, Natasha, Edward, Behzad, and Alissa. We met up at Mozilla in Toronto and got everyone set up. From there, they flew through the semester, adding some great improvements to Review Board.

• Elaine wrote an extension for effectively using checklists for code review.

• Natasha put together an experimental project for auto-suggesting reviewers on new review requests based on the files that were modified, in order to target those people who may know the code best. We're hoping to optimize this (some database changes may be needed on our end) and get it into a future release.

• Edward rewrote our search support for 2.0 to use Haystack, which is a lot easier to set up than PyLucene.

  He also improved RBTools by adding rbt setup-repo, adding the --commit option to rbt patch, and adding the --update option to rbt post. These are all part of the latest RBTools releases.

• Behzad did a bunch of work to get our new trophy system in place. We still have some work to do to integrate it, which we're hoping to do after 2.0, but the end result will allow for new types of trophies, a trophy case to see which trophies you've collected, and extension support.

• Alissa added a new page in the Administration UI for doing a security screening of the site. It can help highlight known configuration issues on the server that need to be addressed to keep things secure. This is going into 2.0.

We put a little demo video together with our Winter team showing off all their work. Check it out!

It was a fantastic team, and we're very thankful for all the great work they've done!

Open Academy Spring 2014

We participated in Open Academy this year for the second time, and were once again privileged to have another fantastic group of students, spanning schools across the globe. This semester, we have Anselina, Bhushan, Edwin, Iines, Joonas, Mirai, Olessia, Stephanie, Tami, and Tomi working with us.

We met up at Facebook HQ in February for a fun and intense weekend of hacking. There, we got to know each other, ate some donuts, figured out projects for the semester, went bowling, and got to hacking.

(Here are some more photos of the event, taken by Tami herself!)

They're all well into their projects at this point. There's a lot of great stuff coming:

• Anselina and Bhushan are working to add official support for pre-commit and post-commit hooks for Git, Mercurial, Subversion, GitHub, and other services.

  These will be able to close out review requests when the commits are pushed, and enforce approval before pushing changes.

• Edwin is making the contextual diff fragments in reviews a bit nicer by allowing you to expand them to get a better idea of where the comments were made without having to jump into the diff viewer.

• Iines is working on making it easier to link to specific lines in the diff viewer.

• Joonas and Mirai are performing some usability research and development on improving our mobile experience.

• Olessia is expanding our support for hosting services. She's adding Review Board 2.0's post-commit support for more hosting services, and providing a lot of the base work needed to revamp the repository configuration experience.

• Stephanie is making the widgets in the Administration UI reorderable, and allowing admins to add and remove widgets. She'll also be adding extension support for custom admin widgets!

• Tami is improving the user page to be more flexible. It will be updated to let you see all the reviews made by that user.

• Tomi is adding deeper support for bug trackers. With this work, it'll be possible to update bug reports when the status of review requests change, and to show information on a bug when mousing over a bug number.

They've been making great progress so far! They also all have work going into Review Board 2.0 or RBTools 0.6. Not a bad start!

Here's a few of our students to tell you about their experience at the sprint at Facebook:

Here's to another exciting semester!