What's New in Review Board

We unfortunately had to pull this week's 4.0.8 and 4.0.9 releases, due to a packaging issue that broke the diff viewer.

Today's release of 4.0.10 is a replacement for these releases, and will restore working functionality.

What Happened?

We use a fantastic tool called Babel to help us write modern JavaScript. It converts our JavaScript to something compatible with the majority of the browser market share.

Since our 4.0.7 release, an older mobile browser dropped below a certain market share. This was the last browser that held back our usage of some modern JavaScript. When this happened, it uncovered a bug where some of our code was expecting the rewritten form, and broke with the modern form.

This is our first time encountering such a rare breakage, but it's an interesting one, and we're evaluating how to avoid this in the future and to improve our automated testing.

Updating to Review Board 4.0.10

If you're on any prior release, including 4.0.9, you can upgrade as normal. Our official Docker images have also been updated for 4.0.10.

If you missed the 4.0.8 or 4.0.9 releases, we've included all of the improvements in the Review Board 4.0.10 release notes.

We have two new releases to present today, improving compatibility and fixing an assortment of bugs.

Review Board 4.0.9

This is a small bug and compatibility fix release, focusing on:

• Compatibility issues with a new release of Python-Markdown and in general with Python 3.10.
• A regression with changing between Source and Rendered tabs in the Markdown review UI
• An uncommon problem with closing/resolving issues when a single review request contains comments of multiple types with the same ID.

See the release notes.

We've also updated the official Docker images to provide Review Bot 3.1.1 and Power Pack 5.1.

Review Bot 3.1.1

This release improves compatibility with the following tools:

• JSHint
• Cargo

As well as fixing installation issues on Python 3.6.

Our official Docker images have been updated for this release.

See the release notes

We are pleased to announce the first beta for the next major version of Review Board!

Our team has been hard at work on this release, and with your help, we hope to ship the final 5.0 release soon.

If you’re interested in beta testing, please keep reading.

What’s New in 5.0?

Built for Modern Environments

Review Board now requires Python 3.7 or higher, and uses Django 3.2 LTS.

Many of our dependencies have been updated to require the latest versions available.

If you’re upgrading an old installation, this would be a good opportunity to deploy a new server or switch to our Docker images (use beanbag/reviewboard:5.0b1). Once released, we’ll continue to support older versions through support contracts.

Single Sign-On

We’re building support for SAML 2.0-based Single Sign-On (SSO) directly in Review Board. With SSO, you can use a provider such as Auth0, OneLogin, or Okta to provision and authenticate users.

This works alongside any existing authentication setup you may already have, such as LDAP or Active Directory.

When enabled, users will need to configure API Tokens for use with RBTools, rather than using their SSO credentials.

We’re still testing this with various SAML providers. If you’re interested in this feature, please let us know which providers you use today, and whether you encounter any problems with the beta.

Trojan Source Attack Detection

Review Board now looks for Trojan Source attacks in code posted for review. These attacks use special Unicode characters to make code appear one way, but execute another way, and can be injected intentionally (by a malicious developer) or accidentally (by copying and pasting malicious code from another website).

The diff viewer will now show a notice if any suspicious code is detected for a file, and will show you the suspicious characters. Reviewers can then choose to see how the code would normally appear, getting a sense of the attack.

Elasticsearch 5.x and 7.x

Review Board now supports using Elasticsearch 5.x and 7.x as search backends, as well as the previously-supported 1.x and 2.x releases.

Please note, we depend on a third-party project called Django Haystack for our Elasticsearch support. At this time, neither Elasticsearch 8.x nor OpenSearch are supported by Haystack.

See the release notes for information on how to configure your version of Elasticsearch.

Global Review and Comment APIs

These new APIs allow you to make queries against all reviews or all comments in Review Board.

This can, for instance, be used to list all reviews made by a given user in the past month, or all issues that remain open.

Performance Improvements

We’re making substantial changes to how Review Board works internally, in an effort to improve performance for large installs.

Beta 1 begins this work by simplifying many of the queries used in the database, making the dashboard and several APIs substantially faster.

We’ll have even more improvements in beta 2.

Plus…

• You can now forward review requests and discussions to the Matrix chat service.
• You can set the syntax highlighter you want for different file types in the diff viewer.
• Extension authors can now benefit from the features available in Django 3.2, new registration abilities for custom SCMs, and async/await operations in our JavaScript API.
• Many bugs were fixed (the major ones are listed in the release notes).

See the 5.0 beta 1 release notes for the full list of changes.

Want to Help Us Test?

We’d love to have your help! We have installation information in the release notes.

Please make sure you have a dedicated testing server and database. Do not test this beta in production!

You can use the beanbag/reviewboard:5.0b1 Docker image as well. See our Docker instructions for information on setting up an environment.

Power Pack 5.1 adds support for the upcoming Review Board 5 release, while maintaining compatibility with Review Board 3 and 4.

We are releasing Review Board 5 beta 1 very soon. If you're planning to beta test this release, and are using Power Pack today, we recommend preparing by upgrading to Power Pack 5.1.

This release also contains a fix for diffing PDFs on Python 3 installations.

For complete details, see the release notes.

What is Power Pack?

Power Pack is an add-on to Review Board that provides:

• PDF document review and diffing, allowing you to review documents, schematics, designs, contracts, and code all in one place.
• Report generation, giving you insight into code review practices in your organization.
• Integrations with enterprise services including AWS CodeCommit, Azure DevOps/TFS, Bitbucket Server, Cliosoft SOS, GitHub Enterprise, HCL VersionVault and IBM Rational ClearCase.

With more features in the works.

Licenses are affordable and can cover as many or as few users as needed in your team. Download a 60-day trial license to get started.

Review Bot 3.1 adds support for the upcoming Review Board 5 release, while maintaining compatibility with Review Board 3 and 4.

We are releasing Review Board 5 beta 1 very soon. If you're planning to beta test this release, and are using Review Bot today, we recommend preparing by upgrading to 3.1.

This release also contains a small fix for changing the configured broker URL, to avoid retaining connections to older brokers.

For complete details, see the release notes.

To get started, download Review Bot or read the documentation.

Docker images are also available to help you get going quickly.

We have three new releases out today, all focusing on better compatibility and bug fixes.

Review Board 4.0.7

We've fixed issues all throughout the product, covering:

• Compatibility fixes for ClearCase, GitLab, reCAPTCHA, and third-party extensions
• Text editing improvements to better help you write code in comments
• Better scaling for deployments with many Review Board servers and with thousands of repositories
• Fixes for edge cases when rendering diffs

Our Docker images have also been updated to include support for Power Pack and Review Bot 3.

See the release notes for more on Review Board 4.0.7.

RBTools 3.1.1

This release fixes some regressions from the 3.1 release in rbt land and rbt patch.

It also improves support for IBM ClearCase and HCL VersionVault repositories, which is available through Power Pack.

See the release notes for more on RBTools 3.1.1.

Power Pack 5.0.1

This releases focuses on improving the support for IBM ClearCase and HCL VersionVault. Bugs for diff generation has been fixed and support for UCM workflows have been improved. If you're using legacy ClearCase support in Review Board, we recommend upgrading to the modern version in Power Pack for features like multi-VOB repositories, better compatibility, and official support.

We've also fixed issues running the Database Import/Export functionality in some environments. If you're using our Docker images, import-db and export-db should now work fine.

Power Pack supports additional repositories like Cliosoft SOS and GitHub Enterprise, PDF document review and diffing, Reports for your teams and organizations, and more.

See the release notes for more on Power Pack 5.0.1, or download a 60-day trial license to get started!

Cliosoft SOS is an enterprise source code management solution widely used for hardware and software design and development. It's built to allow teams across the globe to collaborate on large hardware-focused projects.

We’ve partnered with Cliosoft to bring support for SOS to Review Board. You can now connect your SOS projects to Review Board as repositories, post code from local workareas using RBTools, and review them using Review Board’s collection of code review capabilities. This includes issue tracking for comments, moved code detection, multi-line commenting, interdiffs, file attachment review, and more.

SOS support is available as of today’s releases of Power Pack 5 (our licensed add-ons for Review Board) and RBTools 3.1 (our developer command line tools).

Along with SOS support, Power Pack provides PDF document review/diffing, team collaboration reports, database import/export, scalability enhancements, and support for several additional source code management solutions.

Compatible Releases

SOS support requires the following minimum versions on the Review Board server:

• SOS 7.20
• Review Board 4.0.6
• Power Pack 5

And on developer machines:

• SOS 7.20
• RBTools 3.1

Licensing

Power Pack is a licensed product. Licenses can be purchased by credit card or Purchase Order, and can cover as many or as few Review Board users as needed for SOS.

You can get started with a 60-day trial license.

Please note that this is separate from your SOS license.

Learn More

See our SOS workflow guide to learn how to post changes to Review Board, and our repository setup guide to learn how to connect Review Board to SOS.

To learn more about today’s releases of Power Pack 5 and RBTools 3.1, see the Power Pack release notes and RBTools release notes.

The all-new Review Bot 3 brings enhancements to every area of the product. New Docker images to ease installation, new code review tools to spot problems in more languages, a new Secret Scanner that looks for leaked credentials or API tokens, and a new worker experience. Plus many, many bug fixes.

Docker Images

Review Bot is now easier to install than ever, thanks to our new official Docker images.

You can create your own Review Bot worker image with the specific tools you need by using beanbag/reviewbot-base, or you can use one or more of the following pre-built images for reviewing:

• reviewbot-c: C/C++ and Objective-C/C++
• reviewbot-go: Go
• reviewbot-java: Java
• reviewbot-javascript: JavaScript
• reviewbot-python: Python
• reviewbot-ruby: Ruby
• reviewbot-rust: Rust
• reviewbot-shell: Shell Scripts
• reviewbot-fbinfer: Multiple languages through FBInfer
• reviewbot-pmd: Multiple languages through PMD

Our Review Board Docker image has been updated to include the extension for Review Bot 3.

See our documentation on using or customizing the Review Bot docker images.

Secret Scanning

Review Bot can now check all published diffs for any accidental passwords, API tokens, or other credentials included in the code. This is a red flag to the author of the change to quickly reset those credentials

This is built into the Review Bot worker. No special tools are required. See the Secret Scanner documentation for information on what kinds of credentials Review Bot looks for, and let us know if you have any you’d like us to add.

Improved Code Review Tools

Review Bot 3 includes new tools for reviewing Go, Rust, Ruby, and Bash/Dash/KSH/SH shell script code. It also now includes support for Facebook’s FBInfer tool.

For more information, see our documentation on:

• CargoTool
• FBInfer
• Go Fmt
• Go Tool
• RuboCop
• RustFmt
• ShellCheck

Most existing tools have also been improved, with better reporting capabilities, new configuration options, and better compatibility.

A New Worker Experience

We’ve completely reworked the Review Bot worker, adding new configuration options, a more useful startup and diagnostics screen, and a streamlined command line.

Configuration improvements include:

• Authentication cookie paths, tool executable paths, and Java classpaths are all customizable.
• The location of the Review Bot configuration can now be set on each worker.
• The list of full-access repositories or Review Board servers can now be managed in JSON files you control.

During startup, if anything is missing or any full-access repositories are misconfigured, Review Bot will now let you know.

All changes are backwards-compatible.

Lots of Bug Fixes

Compatibility issues with tools and corner cases with applying patches have all been fixed.

We’ve addressed many headaches with getting things configured, providing better guidance when things go wrong.

Race conditions between workers on full-access repositories are no more.

Performance has also been improved throughout the product.

Ready To Upgrade?

Upgrading is easy, and we have an upgrade guide to get you going.

If you’re new to Review Bot, the new Docker images make it easier than ever to get started.

See the Review Bot documentation for installation and usage instructions, and for the complete list of supported tools.

If you want to know what else is in 3.0, check out the release notes.

We have a few exciting announcements today!

Power Pack 4 and RBTools 3 are now available. There’s a few big features to cover, and we’d like to start with VersionVault and ClearCase.

HCL VersionVault and IBM ClearCase

HCL VersionVault and IBM Rational ClearCase are enterprise source code management products, built for distributed teams that need to collaborate on very large projects.

Power Pack 4 ships support for both VersionVault and ClearCase repositories, allowing your teams across the world to collaborate on code reviews and document reviews.

To get started:

1. Install Review Board 4.0.5 (or newer)
2. Install Power Pack 4 on the Review Board server
3. Download a Power Pack trial license or purchase a license
4. Configure your repositories (each can map to one or more VOBs)
5. Have your developers install the RBTools 3 command line tools to post changes for review

You can then post code for review using rbt post, and review it right from your Review Board server.

Power Pack is a licensed add-on to Review Board. You can buy a license for as many or as few users as needed. A user must be licensed to post changes for review, but anybody can review posted changes.

Please note, this replaces the old, legacy community-driven ClearCase implementation found in Review Board. You’ll want to select “VersionVault / ClearCase” when setting up your new repositories.

For more information, see the documentation on:

• Configuring VersionVault/ClearCase Repositories
• Posting VersionVault/ClearCase Changes

Database Import/Export

There are times when you may want to take the content from one Review Board server and move it to another. The simplest way to do this is just to copy the database, but there are some times when that will not suffice:

• You want to export only a subset of the content (for example, if part of a business is being spun-out or acquired).
• You want to combine two separate Review Board instances into one.
• You want to change database backend types (for example, moving from MySQL to Postgres).

Power Pack 4’s new import/export feature makes it easy to handle these kinds of scenarios by exporting a full or partial Review Board server into a database-agnostic bundle, which can then be imported into a new or existing server.

Power Pack 4 must be installed to perform the export or the import, but at this time, a license is not required to use the feature.

See the Import/Export documentation for instructions.

RBTools 3

Along with support for VersionVault and ClearCase, the all-new RBTools 3 has some new capabilities to help you build your own solutions around Review Board.

JSON Output

All commands now accept a --json argument, which will cause the command to output a JSON document showing if the command was successful or listing any errors.

Many commands (including rbt post, rbt land, rbt status-update, and rbt status) provide additional information, built to help you integrate RBTools into your own scripts.

See the documentation for each command for their JSON schemas.

We are still working to improve the JSON output. If you use this feature, please let us know what would be useful to you!

rbt review

The new rbt review command allows you to construct reviews, add comments, and publish or discard, right from the command line or scripts.

This is intended to help with in-house automation around Review Board. We’re still improving this command, so once again, let us know if you find it useful and want to see any improvements.

Let’s Get Started!

Ready to set up VersionVault/ClearCase? Or play with RBTools’s new JSON output or review automation? Or prepare for some data migration?

Upgrade to Power Pack 4 and RBTools 3 to take advantage of all these new features.

To see the full list of changes, see the Power Pack 4 release notes and RBTools 3 release notes.

Today's release of Review Board 4.0.6 fixes bugs throughout the product, improving areas such as interdiffs, mobile styling, and Python 3 compatibility.

It also introduces new diff parsing capabilities and API enhancements, which will be used by the upcoming Review Bot 3 release.

Diff Improvements

Diff parsing now tracks symlink target and UNIX file mode changes for Git,
Mercurial, and DiffX diffs.

These, along with binary file information, are now exposed in the API, allowing
your in-house scripts and webhooks to better work with changes posted to Review
Board.

We've also fixed the display of indentation-only changes when viewing
interdiffs, the display of symlink changes in Git-style Mercurial diffs, and
downloading patch error bundles on Python 3, and

Bug Fixes

We've fixed some issues upgrading from very old versions of Review Board to
4.0.6+.

Parsing of Bitbucket API error payloads on Python 3 now works for all error
types.

If using Review Bot, you can now once again view the in-database state for
tools.

Some UI issues in mobile styling and in the issue summary table have been
fixed.

Upgrade today!

Builds are now available for Python 2 and 3, and our official
Docker images have been updated.

Check out the release notes
for the full list of changes.