• Get Review Board
  • What's New
  • Products
  • Review Board Code review, image review, and document review
  • Documentation
  • Release Notes
  • Power Pack Enterprise integrations, reports, and enhanced document review
  • Try for 60 Days
  • Purchase
  • RBCommons Review Board as a Service, hosted by us
  • Pricing
  • RBTools Command line tools and Python API for Review Board
  • Documentation
  • Release Notes
  • Review Bot Automated code review, connecting tools you already use
  • Documentation
  • Release Notes
  • RB Gateway Manage Git and Mercurial repositories in your network
  • Documentation
  • Release Notes
  • Learn and Explore
  • What is Code Review?
  • Documentation
  • Frequently Asked Questions
  • Support Options
  • Third-Party Integrations
  • Demo
  • What's New in Review Board

    Project Updates Releases Security Updates — Subscribe Twitter Facebook
    Review Board 5.0.2: API Token Expirations, Trojan Source Options, Bug Fixes
    February 7, 2023

    Review Board 5.0.2 adds new time-based expiration controls for API tokens, improves your control over Trojan Source detection, adds new API features, and fixes several bugs.

    Time-Based Expiration for API Tokens

    In Review Board 5.0, we introduced new, stronger API tokens that could expire and be validated through automated tools.

    Tokens can now be set to expire at a specific time. This is useful when creating short-lived tokens or ones that need to expire at, say, midnight on a given date.

    The expiration dates/times for existing tokens can also be changed after token creation. They can even be set in the past to force a token to be expired.

    Trojan Source Detection Options

    Review Board 5 brought the ability to scan uploaded diffs for possible Trojan Source attacks. Since these are based on Unicode characters from a variety of languages, they can result in false-positives when working with character sets such as Cyrillic or Greek.

    Now, Trojan Source detection can be toggled off entirely in Admin UI -> Diff Viewer Settings. Or you can leave it on and mark some character sets as safe.

    Changes to URI Templates in the API

    URI templates provide quick and easy access to various API resources, allowing a client to determine the appropriate URL simply by accessing the root resource and looking up the desired template name.

    In Review Board 5, we had some new resources that conflicted with other ones. This may have impacted some in-house integrations or when using the RBTools API.

    We’ve now fixed this to use the original names. The conflicting URI template names have been deprecated, and we’ve introduced a whole new set of future-proofed URI template names.

    If you're a developer using our API, please see the full list of new, existing, and deprecated URI templates.

    Plus...

    • Review UI support for more JSON and YAML mimetypes
    • Better defaults on new site installs for maximum diff sizes and lines for syntax highlighting
    • Extension capabilities for defining custom ACLs for accessing diffs
    • Usability fixes in the diff viewer and in configuration forms
    • Crash fixes
    • And more.

    All the details can be found in the release notes.

    To learn more about upgrading your server, see our upgrade instructions. You can also use our official Docker images.

    If you need assistance with your server, we can help under a support contract.

    Review Board 5.0.1: API Token Improvements, Bug Fixes
    November 2, 2022

    Today's release of Review Board 5.0.1 improves the new API tokens introduced in 5.0 and fixes a handful of bugs.

    Improvements to API Tokens

    In Review Board 5.0, we introduced new, stronger API tokens that could expire and be validated through automated tools.

    To help transition to newer tokens, your My Account page will now highlight any API tokens using the older format automatically. Future releases of RBTools will also suggest upgrading your token if using the older format.

    A Handful of Bug Fixes

    We've fixed a handful of bugs in this release, including:

    • Inconsistent URI templates in the root resource API, depending on the version of Python being used.
    • Better errors when accessing a repository backed by an extension that failed to load.
    • Fixes for error messages when failing to authenticate with GitLab.
    • Small usability fixes in the Review Dialog and Log In page.

    All the details can be found in the release notes.

    We've also documented a known third-party issue in the release notes with using Single Sign-On with the new Python 3.11 release. If you're already using 3.11 in production, please take a look for instructions on working around this issue.

    RBTools 4: Support for macOS Ventura
    October 24, 2022

    RBTools 4 brings support for Apple Diff, introduced in the all-new macOS Ventura, along with some other new features, performance improvements, and benefits for script authors.

    Apple Diff in macOS Ventura

    macOS Ventura replaced GNU Diff with its own Apple Diff.

    We now support Apple Diff as an alternative to GNU Diff. The correct diff tool is detected automatically, and compatible diffs will be uploaded to any version of Review Board.

    If you use macOS Ventura, you will need to upgrade to RBTools 4 to continue working with most source code management systems.

    Better Startup and Diff Generation

    We've reworked the RBTools startup process to be faster and to catch errors (missing tools or repositories) sooner, with improved error messages.

    Diff generation has been completely redone for Apple Diff support. In the process, we've improved performance, fixed edge cases, and overall improved compatibility.

    Updated Python Compatibility

    RBTools 4 drops support for Python 2.7 and 3.6. It now supports Python 3.7 through 3.11.

    This will allow us to bring new features to RBTools faster. If you still need Python 2.7 or 3.6 support, you will need RBTools 3.x.

    The RBTools for Windows installer has been updated to ship Python 3.10.8. This requires Windows 8 or higher.

    Scripting Improvements

    For developers using the RBTools Python API, we've made a lot of changes:

    • Python type annotations have been added to parts of the API, helping your IDE guarantee type safety
    • SCMClient setup has changed to enable dependency checks
    • A new rbtools.diffs module has been added to help with diff generation and parsing
    • Process execution has been reworked for easier usage and safer results
    • Deprecated a lot of old functionality, which may require updates in your scripts

    Plus...

    • Fixes for applying patches on Subversion, Mercurial, and Team Foundation Server
    • Smarter scanning of source code repositories when posting changes
    • Better support for Bazaar/Breezy

    See the release notes for the full list of changes, including changes affecting script authors.

    To learn more about RBTools, see the RBTools downloads page and RBTools 4 documentation.

    Announcing Review Board 5
    October 4, 2022

    The next generation of Review Board is here.

    Review Board 5 introduces an assortment of new enhancements to keep your server, your source code, and your users more secure, through Single Sign-On, Trojan Source Detection, and enhanced API tokens.

    Stale Ship It! indicators in the dashboard help your users see which review requests need another round of reviews.

    New global review and comment APIs help you perform queries across all accessible reviews and comments published on the server.

    Review Board 5 is built using the latest LTS releases of Python 3 and Django 3.2, helping you keep your server secure and maintained for years to come, and offering your in-house extensions all new capabilities.

    Let's go on a tour of Review Board 5.

    Single Sign-On

    Review Board 5 integrates with SAML-based Single Sign-On systems, such as Auth0, OneLogin, and Okta.

    This works alongside existing authentication services, including LDAP and Active Directory, giving you many options to manage how your users sign into Review Board.

    Screenshot of a Log In form with Single Sign-On

    Trojan Source Detection

    Trojan Source attacks allow an attacker to craft malicious code that executes one way but looks another way through clever use of Unicode characters.

    The diff viewer now looks for trojan source code, warning if found, and helping reviewers see how the malicious code was crafted.

    Screenshot of a Trojan Source attack warning

    Enhanced API Tokens

    API Tokens are the recommended way to connect RBTools, your scripts, and your services to Review Board.

    We've increased the strength and features of API tokens, enabling:

    • Token expiration, to help you limit use and transition to newer tokens
    • Revocation, enabling administrators to lock down access in the event of a security breach
    • Last use tracking, so you know if a token is safe to remove
    • Secret scanning, to help catch tokens leaked during review (we'll be enabling this in an upcoming release of Review Bot).

    Screenshot of the new API token features, including new token format, expiration, and last use timestamp

    Stale Ship It! Indicators

    Ever get a Ship It! on a change, post a new update, and then have to bug people to give your change another look?

    The dashboard now shows when the Ship It! on your review request is stale, and your change needs a re-review. The green "Ship It!" indicator will turn from a fresh green to a dull grey, hinting that there's more to do.

    Screenshot of the dashboard with stale Ship It! indicators.

    Plus...

    • New APIs for looking up and filtering all reviews and comments on the server
    • Support for Elasticsearch 5.x and 7.x
    • New integrations with the Matrix secure team chat service
    • Ability to customize which syntax highlighter to use for which file types
    • Many performance improvements, bug fixes, and compatibility updates

    See the release notes for the full list of changes in Review Board 5.

    Ready to upgrade?

    First, back up your database and site directory, and test an upgrade on a test server running Python 3.7-3.11 (we recommend 3.9 or 3.10 at this time).

    An upgrade can take time, so plan accordingly. If you use extensions, make sure they've been updated to work with Review Board 5.

    If your deployment fails, or you need assistance with your upgrade, we can help under a support contract.

    To learn more about upgrading your server, see our upgrade instructions. You can also use our official Docker images.

    RBTools 3.1.2 and Power Pack 5.1.1 Released
    October 3, 2022

    Today, we're bringing two new releases of RBTools and Power Pack, focusing on stability and feature improvements.

    RBTools 3.1.2 Highlights

    • Now supports the upcoming Python 3.11.
    • Added back directory change information to diffs for ClearCase and VersionVault, and fixed problems posting symlinks.
    • Fixed several issues generating Perforce diffs, especially on Python 3.
    • Fixed applied patches on Subversion.

    To learn more about this release, see the RBTools 3.1.2 release notes.

    Power Pack 5.1.1 Highlights

    • Added support for showing changes to directories when using ClearCase or VersionVault
    • Fixed broken repository configuration forms when selecting Cliosoft SOS on Review Board 4.0.3 or older.

    This upgrade is available for all existing Power Pack users.

    To learn more about this release, see the Power Pack 5.1.1 release notes.

    Review Board 4.0.11: New APIs, New Repository Support, Bug Fixes
    September 29, 2022

    Today's release of Review Board 4.0.11 introduces new APIs for managing access control lists, new repository support needed for upcoming Cliosoft SOS improvements, and fixes a handful of bugs.

    Repository Access Control List APIs

    Repositories can be locked down to a specific set of users and groups, and now these ACLs can be managed programmatically via new Repository Group ACL and Repository User ACL APIs.

    We introduced this in 5.0 Beta 2, and are now bringing this to 4.0.11.

    Repository Improvements

    We've made changes behind-the-scenes to support new repository features, which will first be used for upcoming support for communicating with Cliosoft SOS over SSH. That will be coming soon to Power Pack.

    Bug Fixes and Improvements

    We've made several stability and performance improvements to:

    • SSH-based repository communication
    • Mercurial support
    • Site installation
    • API rate limiting

    For the complete details, see the release notes.

    Upgrading to Review Board 4.0.11

    To upgrade to 4.0.11, we recommend specifying the exact version you want to install. For example:

    sudo pip install -U ReviewBoard==4.0.11
    

    This will be important once Review Board 5 is released.

    Our official Docker images have also been updated for 4.0.11.

    Review Board 5.0 RC 1
    September 20, 2022

    Today, we’re releasing what we expect to be the final pre-release of Review Board 5.0.

    Review Board 5.0 features:

    • Single Sign-On using SAML
    • Elasticsearch 1.x-7.x support
    • Trojan source code detection
    • Stronger API tokens, with expiration, invalidation, last usage tracking, and secret scanning
    • Stale Ship It! indicators in the Dashboard
    • New APIs for querying comments and reviews across all review requests
    • Built on top of Django 3.2, supporting Python 3.7-3.11, bringing better performance, bug/security fixes, and new extension capabilities

    This release candidate introduces:

    • Better Ship It! indicators in the Dashboard, showing if new updates have been made since the last Ship It!
    • New controls for setting the expiration dates of API tokens
    • Several bug fixes

    We expect to release the final 5.0 within weeks.

    Want to help us test?

    We’re close to the release, but we could still use your help! We want this to be a solid release, and your feedback can help us get there.

    We have installation information in the release notes, or you can use the beanbag/reviewboard:5.0rc1 Docker image. See our Docker instructions for information on setting up an environment.

    Please make sure you have a dedicated testing server and database. Do not test this release candidate in production!

    Stay tuned for the final 5.0 release, coming soon!

    Review Board 5 Beta 2
    August 17, 2022

    Last month, we announced the release of Review Board 5 beta 1, a feature-packed beta introducing SAML Single Sign-On, Trojan Source attack detection, new APIs, and more.

    Today, we're following up with another beta, this time introducing:

    Enhanced API Tokens

    We're increasing the security of API tokens, and giving both users and administrators more control over their lifecycle.

    • Expiration: API tokens can now be set to expire after a period of time, helping with testing or compliance with internal best practices. Once expired, a token will no longer be accepted. (Currently, expiration can only be set via the API, but the next beta will offer UI for this.)

    • Invalidation: Administrators can invalidate tokens for specific users or all users on a server, helping to lock things down in the event of a security breach.

    • Secret Scanning: Tokens are now 255 characters, and can be identified by secret scanning. We'll be updating Review Bot to help scan for leaked tokens in posted code, and will be working with other companies offering secret scanning.

    All existing tokens will continue to work, but we recommend migrating over to the new enhanced API tokens.

    Repository Access Control List APIs

    Repositories can be locked down to a specific set of users and groups, and now these ACLs can be managed programmatically via new Repository Group ACL and Repository User ACL APIs.

    We're introducing this in 5.0, but we plan to bring these same APIs to the upcoming 4.0.11 release as well.

    Help When Upgrades Go Wrong

    We work hard to ensure upgrades go smoothly, but sometimes things just go wrong.

    Now, whenever there's a problem with an upgrade, rb-site will generate a debug log file containing information you can send to your Beanbag Support contact. We can use this to more quickly help you get going again.

    If you don't have a support contract, and you're on your own supporting Review Board for your company, talk to us about how we can help lend a hand.

    Plus..

    • Mitigation against SAML Single Sign-On replay attacks
    • Updates to Single Sign-On to work with multiple Review Board server hostnames
    • Performance improvements with the Search field
    • Usability improvements in the administration UI and My Account page
    • Bug fixes throughout the product.

    See the release notes for the complete list of changes.

    Want to Help Us Test?

    We’d love to have your help! We have installation information in the release notes.

    Please make sure you have a dedicated testing server and database. Do not test this beta in production!

    You can use the beanbag/reviewboard:5.0b2 Docker image as well. See our Docker instructions for information on setting up an environment.

    Review Board 4.0.10: Diff Viewer Fixes
    July 28, 2022

    We unfortunately had to pull this week's 4.0.8 and 4.0.9 releases, due to a packaging issue that broke the diff viewer.

    Today's release of 4.0.10 is a replacement for these releases, and will restore working functionality.

    What Happened?

    We use a fantastic tool called Babel to help us write modern JavaScript. It converts our JavaScript to something compatible with the majority of the browser market share.

    Since our 4.0.7 release, an older mobile browser dropped below a certain market share. This was the last browser that held back our usage of some modern JavaScript. When this happened, it uncovered a bug where some of our code was expecting the rewritten form, and broke with the modern form.

    This is our first time encountering such a rare breakage, but it's an interesting one, and we're evaluating how to avoid this in the future and to improve our automated testing.

    Updating to Review Board 4.0.10

    If you're on any prior release, including 4.0.9, you can upgrade as normal. Our official Docker images have also been updated for 4.0.10.

    If you missed the 4.0.8 or 4.0.9 releases, we've included all of the improvements in the Review Board 4.0.10 release notes.

    Review Board 4.0.9 and Review Bot 3.1.1
    July 27, 2022

    We have two new releases to present today, improving compatibility and fixing an assortment of bugs.

    Review Board 4.0.9

    This is a small bug and compatibility fix release, focusing on:

    • Compatibility issues with a new release of Python-Markdown and in general with Python 3.10.
    • A regression with changing between Source and Rendered tabs in the Markdown review UI
    • An uncommon problem with closing/resolving issues when a single review request contains comments of multiple types with the same ID.

    See the release notes.

    We've also updated the official Docker images to provide Review Bot 3.1.1 and Power Pack 5.1.

    Review Bot 3.1.1

    This release improves compatibility with the following tools:

    • JSHint
    • Cargo

    As well as fixing installation issues on Python 3.6.

    Our official Docker images have been updated for this release.

    See the release notes

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 pages

    Keep up with the latest Review Board releases, security updates, and helpful information.

    About
    News
    Demo
    RBCommons Hosting
    Integrations
    Happy Users
    Support Options
    Documentation
    FAQ
    User Manual
    RBTools
    Administration Guide
    Power Pack
    Release Notes
    Downloads
    Review Board
    RBTools
    Djblets
    Power Pack
    Package Store
    PGP Signatures
    Contributing
    Bug Tracker
    Submit Patches
    Development Setup
    Wiki
    Follow Us
    Mailing Lists
    Reddit
    Twitter
    Mastodon
    Facebook
    YouTube

    Copyright © 2006-2023 Beanbag, Inc. All rights reserved.