We recently opened up to you all about the future of Review Board and the challenges of creating and sustaining an ethical business built around an Open Source product and keeping its development funded in a difficult market.

It hasn’t always been easy, but your responses reminded us why we do this. The outpouring of support, encouragement, and thoughtful feedback left us deeply appreciative and inspired. We’re grateful to have such a passionate and dedicated community behind us — our users are truly the heart of Review Board’s success, and we want to keep building for you.

This year, Review Board celebrates its 18th birthday, marking nearly two decades of helping developers create and collaborate together more effectively. It’s humbling to think back to those early days when we built a tool simply because we were frustrated with e-mailing diffs back and forth for review. The days before Git took off, the days before pull requests existed. Before the market was dominated by 800 pound gorillas and AI-focused upstarts. Our attempt at a modest solution to a common pain point has grown into a tool relied on by thousands of teams around the world, helping build products people enjoy and rely on every day.

Our way of saying thanks and hoping for your business

To thank you all and to celebrate 18 years of Review Board, we’re offering an 18% discount on all new Power Pack licenses and support contracts purchased through the end of the year. Your discount will last for the full 1 year term of any license or contract.

Power Pack and support contracts are how we fund Review Board’s development and how we keep food on our tables. If you depend on Review Board today, you can help us ensure we’re around for years to come. Lock in your 18% discount by purchasing Power Pack today, or talk to us at sales@beanbaginc.com if you’d like to discuss support, Purchase Orders, or billing that meets your year-end or new-year budget cycles.

And thank you once again for helping support Review Board!

— Christian, David, and Michelle from Beanbag

It's been a while since we've talked about the future of Review Board, and we felt it was time. We have some important topics to discuss.

We Need Your Help

We love working on this product. We began developing it in 2006, back before GitHub and Pull Requests existed. Back when code review was done over e-mail, bug trackers, and whiteboards, if it was done at all. It was a painful process, and we knew we had to innovate. Commenting directly on the code, viewing interdiffs, multi-line commenting, filterable dashboards, integration with other tools—all of it was new. Many of those inventions have since become standard across the market.

That's almost 20 years of helping make code review what it is today. But that could change. The instability in the tech sector, the downsizing, the cost-cutting… It's impacted us.

Review Board is open source and will remain so. We've never required a fee to use the software. Continued development is instead funded through support contracts, Power Pack, and sponsored feature development as part of our company, Beanbag, Inc.

We'd like to share some facts you may not know:

1. Beanbag is a small company. We are three very dedicated people developing Review Board and our family of products.
2. We're self-sufficient, living off the sales we work hard to earn and keep. We're not burning through VC money or operating as a loss leader for a giant tech company.
3. Microsoft and GitHub have been doing what they’re good at: dominating the market, putting smaller companies out of business, and making it hard for the rest of us to stand out, stay funded, and innovate.
4. Review Board is used in a wide range of industries, at companies of all sizes, for software and hardware development, but…
5. Over 98% of our install base uses Review Board completely for free.

To put it simply, the future of Review Board depends on us making sales.

We have a lot planned for this product. We've been working toward some big changes, capabilities no tool on the market is even exploring, and we want to see our vision through.

We're fighting to make that happen.

But we do need your help.

If your company is using Review Board today and finds any value in it at all, we'd like to talk to you directly to find out:

1. What you get out of Review Board today.
2. What would keep you using Review Board tomorrow.
3. If there’s an opportunity to work with your company on a support contract, Power Pack license, or sponsored development. We'll work with you to meet your budgets.

If you're open to discussion, please reach out directly, and we'll schedule time to talk with you or anyone from your company.

What We're Working On

Here's just a taste of what we've been building and setting the groundwork to build:

• Microsoft Office (Word, Excel, PowerPoint) review and diffing.
• Google Docs review and diffing.
• New innovations for improving the code review process, visualizing code, and aiding in very large reviews (we're keeping some of these under wraps for now).
• Deep pull request integration with GitHub and GitLab, letting you combine the best of their services and the best of ours.
• A reworked Dashboard for better filtering and tracking of review status and workloads.
• More organizational control over access policies and custom review request approval flows.

These are just some of our plans.

Are we on the right track? Can you help us get there?

Thanks for your time,
Christian Hammond and David Trowbridge
Creators of Review Board

Administrators who also review code: This release is for you.

Mercurial users: You, too.

Administrators, Review and Rejoice!

We never had the best experience for administrators who need to review code. When looking at a review request with a draft in progress, the administrator would see some information from the draft, some from the published review request. Commenting didn't work until the draft was published. It was... subpar.

We've completely reworked this experience.

Now, if you're reviewing code, you'll get the same experience as everyone else. You'll see only what's published. If there's a draft, or you need to make changes, you can switch over to a draft mode and see what the user's working on.

Stronger Mercurial Support

Managing your repositories with Mercurial? We've done a lot this release to make your workflows work better:

• Multi-commit review requests are better supported. A lot of corner cases from Mercurial's design have been worked around and fixed.
• Commits introducing binary files can now be uploaded, and those files reviewed in the diff viewer.

We have more Mercurial goodness coming in the next major release of RBTools.

Plus...

• Wider compatibility for downloaded Git and Mercurial diffs.
• Compatibility fixes for the latest Perforce for Python releases.
• Fixes for sending e-mails when DMARC DNS records aren't in a standard format.
• Various improvements throughout the review request UI.

All the details can be found in the release notes.

Let's get started!

To learn more about upgrading your server, see our upgrade instructions.

You can also use our official Docker images.

Review Board development is funded by Support and Power Pack

If you're using Review Board today, we'd like to see how we can work together. We offer:

• Full-service support contracts to help your IT department keep things running smoothly.
• Power Pack Document Review, Reports, new integrations, and more, with a free 60 day trial.

These help us continue to fund and grow Review Board development.

Dark Mode has arrived in Power Pack!

You can now review documents and analyze reports in the late hours of the night (when you should probably be sleeping) without bright light searing your eyes.

This is a free upgrade for all Power Pack users, and requires Review Board 7.0.1 or higher.

Power Pack 5.3 also comes with:

• An important security fix for viewing PDFs (pdf.js CVE-2024-4765).
• Automatic scroll lock when viewing diffs of documents.
• Better compatibility with Review Board 7.

For the complete list of changes and installation instructions, see the release notes.

What else does Power Pack do?

• PDF document review and diffing, allowing you to review documents, schematics, designs, contracts, and code all in one place.
• Report generation, giving you insight into code review practices in your organization.
• Advanced server management for scalability, database management, and splitting/merging installs.
• Eenterprise source code management systems, including AWS CodeCommit, Azure DevOps/TFS, Bitbucket Server, Keysight SOS, GitHub Enterprise, and ClearCase.

Review Board development is funded by Power Pack

You can try Power Pack free for 60 days or purchase a license for your Review Board server.

Review Board 7.0.1 fixes some important compatibility issues, and makes further improvements to the UI, building upon what we started in Review Board 7.

Let's dig in.

RBTools 5 Compatibility Fixes

In Review Board 7.0, posting changes against Git or ClearCase repositories using RBTools 5 could sometimes result in an error. This depended entirely on your RBTools and Review Board configuration and affected users who didn't specify an explicit repository in .reviewboardrc on a server without Power Pack.

This was due to a bug in our API combined with an oversight in RBTools 5. We recommend updating to 7.0.1 as soon as possible to avoid any issues posting changes for review.

Document Review Fixes

For users leveraging Review Board 7 with Power Pack for Document Review, you can once again move and resize your draft comments on documents. This had regressed in 7.0 but is now fixed.

UI Improvements

We've been working on further updates to Review Board 7's UI:

• Improved font sizes in the page header.
• Fixed a few button interactions (enabling/disabling extensions or deleting items from the database in the Administration UI).
• Introduced a whole new condition rule editor for configuring integrations.

Plus...

• Better stability when your cache server goes down.
• Asana integration fixes.
• Wider compatibility for building extensions with or without static media.
• Fixes for crashes when viewing some interdiffs.
• New API and extension improvements as part of the Review Board Platform.

All the details can be found in the release notes.

Let's get started!

To learn more about upgrading your server, see our upgrade instructions. You can also use our official Docker images.

If you need assistance with your server, we can help under a support contract.

Many software development methodologies highlight the importance of writing simple, concise and well organized code. While a lot of thought has been put into coding practices, there hasn't been much attention put towards the way in which we present code for review.

Developers might post one big review request (or pull request) that encompasses an entire feature for review. This approach can be problematic for several reasons:

1. Large review requests can be overwhelming for reviewers, leading to slower review times and more waiting on the review requester's end.

2. Having a bunch of changes crammed into one high-level review request puts a heavy cognitive load on the reviewer. They have to understand a substantial amount of new information at once, which can lead to missed issues and lower quality reviews.

A more effective approach is to use Stacked Changes (or Stacked Diffs), a methodology that breaks down complex changes into a series of small, dependent units. Instead of posting one large change for review, you post multiple small ones that stack on top of each other as you progress through your project.

Each change, no matter how minor, has its own review request with a clear description, testing done, and purpose. This makes it easy for others to understand and digest your project, and lets you keep working while waiting for reviews.

Other benefits of stacking include:

1. Easier to review: Reviewers are looking at manageable pieces of code, making it easier to spot issues and provide meaningful feedback.
2. Faster reviews: You post a change as soon as its ready and start working on the next, which means no time being blocked while waiting for reviews and no need to context switch to another project while waiting.
3. Helps you write better code: Stacking forces you to organize your code into clear and distinct pieces, ensuring that each change is logical and self-contained.
4. Reduces integration problems: Incremental changes are less likely to introduce significant conflicts or integration issues, making it easier to maintain a stable codebase.
5. Improves traceability: Each change is documented and reviewed separately, providing a clear history of what was changed and why, and who reviewed it, which is invaluable for debugging and future maintenance.

Posting and Reviewing Stacked Changes with Review Board

When working on Review Board here at Beanbag, we prefer developing in Stacked Changes. Here's a walk-through of our typical workflow using Git.

1. Create a branch for the first change in the stack

It's best to use one branch to represent one change in the stack. Each branch will have its own review request. We also like to have only one commit per branch to keep things extra simple. But, you're free to create as many commits as you want in one branch, and they will all be shown in the single review request.

Let's create the branch off of main, make some changes, and commit them.

$ git checkout -b my-branch-1 main
$ <make changes>
$ git commit -a

Your tree now looks like this:

o 81abb90 [my-branch-1]
|
o 81a0a95 [main] [origin/main]
|
.

2. Post the first change for review

We want to post the change for review as soon as its ready, so that it has ample time to be reviewed while you start working on your next change. It's as simple as:

$ rbt post
Review request #1001 posted.

https://reviewboard.example.com/r/1001/
https://reviewboard.example.com/r/1001/diff/

This will create a review request showing the diff between my-branch-1 and main.

3. Create subsequent branches in the stack

Let's create a branch for your next change, which will be stacked on top of the first change. And this time, you decide to have two commits in the branch.

$ git checkout -b my-branch-2
$ <make changes>
$ git commit -a
$ <make other changes>
$ git commit -a

Now there are two changes in the stack and your tree looks like this:

o 167ba59 [my-branch-2]
|
o a987ee1
|
o 81abb90 [my-branch-1]
|
o 81a0a95 [main] [origin/main]
|
.

You can continue stacking branches like this as needed, always creating the new branch off of the last one.

4. Post stacked changes for review

It's time to post the second change in the stack for review:

$ rbt post --depends-on 1001 my-branch-1..HEAD
Review request #1002 posted.

https://reviewboard.example.com/r/1002/
https://reviewboard.example.com/r/1002/diff/

Passing my-branch-1..HEAD, or more generally [previous-branch-in-stack]..HEAD, ensures that only the diff between the previous change in the stack and the current change gets posted to the review request. If we didn't include this, the diff would represent all of the changes between main and my-branch-2.

If there's only one commit in your branch, you can run rbt post HEAD to achieve the same thing. Or if we didn't have my-branch-2 currently checked out, we could have run rbt post my-branch-1..my-branch-2.

Passing --depends-on 1001 marks this review request as dependent on change 1001, which was the first one in the stack. When your teammates go to review this change, they'll see that they should review that change first. They'll also be able to see whether that change has been completed already.

Likewise, on the review request for the first change, they'll see that it blocks the second change, meaning that when it comes time to land the changes and push them to main, this one should land before the second one.

5. Address feedback from reviews

By now you might have some reviews on your first change. Let's make some changes to the commit on my-branch-1 based on review feedback, and post a new diff to the review request:

$ git checkout my-branch-1
$ <address feedback>
$ git commit -a --amend
$ rbt post -u -p -m "Fixed a broken link."
Review request #1001 posted.

https://reviewboard.example.com/r/1001/
https://reviewboard.example.com/r/1001/diff/

• -u updates the existing review request (or you could pass -r 1001)
• -p publishes the review request
• -m fills out the change description for the update

Instead of amending the original commit, you could also have created any number of new commits.

Sometimes, the requested changes can be quite complex and could cause a lot of merge headaches when updating the next branches in the stack. In that case, its easier to create a new branch at the end of the stack and make your changes starting from there. In your review request description and replies to reviews, you can link to the review request of the new branch. This helps keep a history of how a project evolves, as new requirements and conditions are discovered.

6. Rebase and update stacked changes

We've made updates to the first change in the stack, so now we have to pull these updates into the rest of the changes in the stack. Let's rebase my-branch-2 onto my-branch-1:

$ git checkout my-branch-2
$ git rebase my-branch-1

While rebasing you may need to deal with some merge conflicts. With Stacked Diffs, you tend to rebase more frequently, but since the changes are small and focused, the merge conflicts are easier to manage compared to rebasing a large branch with a lot of different moving parts in it.

If you have more branches in the stack, you'll have to checkout each branch and repeat the process of rebasing onto the previous one. This can be tedious, so we created a handy script for a git rebase-chain command that lets you rebase a whole stack of branches in one command. For example, if we had some updates in main that we wanted to pull into our stack, you can run:

$ git rebase-chain main my-branch-1 my-branch-2

As of Git 2.38, you can also use the --update-refs option to rebase the whole stack. For example, if we now have 5 stacked branches, and you want to pull the update from my-branch-1 into the 4 other branches, you just need to checkout the last branch in the stack and run the rebase:

$ git checkout my-branch-5
$ git rebase my-branch-1 --update-refs

7. Land your changes

After a few iterations of reviews and updates, you finally get your Ship Its and are ready to land your stack:

$ git checkout main
$ rbt land --dest=main my-branch-1
$ rbt land --dest=main my-branch-2
$ git push

Each branch will be verified for approval before their commits are merged onto main. The old branches will be deleted after they've landed. rbt land has a lot of options you can play with.

And that's the workflow for developing in Stacked Changes using Review Board!

If you're not a Git user, Review Board integrates with many other version control systems, including Perforce, Mercurial, Azure DevOps, and Cliosoft SOS. Check out our workflow guides to see how you can follow a similar workflow using your version control system of choice.

TL;DR

Using Stacked Changes with Review Board offers a structured and efficient way to manage code reviews, particularly for complex projects.

By breaking down large changes into smaller, manageable pieces, the review process becomes more streamlined and effective. This makes it easier for you to work through your project and for reviewers to understand your code and provide feedback. Whether you're using Git or another version control system, you can post Stacked Changes to Review Board and easily see the relation between changes in a stack.

In the future we plan on improving our support for Stacked Changes, such as automatically assigning the dependent and blocking review requests when posting a change, and some more intuitive UI for following a stack during review.

Stay up to date on our latest changes through our mailing lists.

If you like to work in Stacked Changes and have ideas for features you want or better ways to support your workflow, let us know by sending us an email or hopping in to our Discord server.

They say it’s darkest just before the dawn. And whether that’s when you’re most productive, or in the middle of a warm, sunny day, Review Board 7 will help you see the code, documents, images, and reviews in an all-new light.

Review Board 7 introduces Dark Mode, all-new support for reviewing images directly in the Diff Viewer, Microsoft Teams integration, mobile-friendly diff review, and lots more.

And we’re not just releasing Review Board 7 today. We’re also releasing RBTools 5 and Review Bot 4, which help unleash the full power of Review Board 7’s new features.

Dark Mode

There's nothing worse than staying up late to review code and feeling blinded by your screen. With Dark Mode in Review Board 7, you can reduce eye strain and work comfortably no matter the time of day. This sleek new look not only helps in low-light environments but also adds a modern, stylish touch to your code reviews.

You can activate Dark Mode in My Account -> Appearance. You can also have Review Board automatically match your system theme, keeping it in sync with all your other applications.

Dark Mode is currently in beta as we continue to fine-tune its look and expand its availability throughout the product. It's not available yet in the Administration UI, Reports, or Document Review, but those updates are coming soon.

Image Review in the Diff Viewer

Projects aren’t made entirely of code and text files. Images can be a crucial part of your commits, too, often containing essential design updates, new artwork, or visual elements that define your feature. While this used to require uploading these images separately as file attachments, now they can be seen directly in the Diff Viewer with the rest of your change.

To upload images as part of your change, you’ll need to use the new RBTools 5 release and a Git, Mercurial, Perforce, or Subversion repository. This will ensure new images and changes to existing images are included with your code.

Once uploaded, images can be viewed and diffed using several modes:

• Two-Up: Shows the old and the new images side-by-side.
• Color Difference: Changes in colors are shown like an X-Ray, helping you spot even the smallest changes to an image.
• Split Mode: Overlays both images, using a slider to show or hide parts of each image.
• Onion Skin: Like Split Mode, but adjusting the transparency of the new image on top of the old.

Microsoft Teams Integration

Staying on top of code reviews is now easier with our new Microsoft Teams integration. Slack and Discord users have enjoyed live notifications of review request activity for years, and now, Teams users can too.

New and updated review requests, as well as any reviews or replies, are sent directly to your Teams channels. This keeps your team informed and responsive, no matter where they are.

An unlimited number of rules can be configured, helping you keep individual channels informed based on repositories, branches, or any other criteria. You can even keep sensitive review requests out of public channels automatically.

Mobile Diff Review

Reviewing code on the go is now easier with our improved Mobile Diff Review. On small screens, the diff viewer automatically switches to a single column, presenting changes in a mobile-friendly way without the need for side-by-side comparisons. This ensures a smooth and efficient review process, even when you're away from your desk.

Plus…

• A more polished and accessible UI throughout the product.
• Improved Jenkins CI compatibility.
• Configurable timeouts for CI builds.
• Updated default settings for the Dashboards for new users.
• Better Markdown review compatibility.
• Backed by Django 4.2 LTS for long-term security and support for your server.
• Increased stability, faster performance, and many, many bug fixes.

And that’s just Review Board! We have improvements in RBTools 5 and Review Bot 4 that we haven’t even talked about yet.

To learn more, see the release notes for:

• Review Board 7
• RBTools 5
• Review Bot 4

Ready to upgrade?

For most users of Review Board 5 or 6, Review Board 7 will be a drop-in replacement with minimal downtime.

Still, make sure you have a backup of your database and site directory, and please perform a test upgrade on a test server. Then follow the upgrade instructions.

If you’re using Docker, follow our Docker instructions to deploy new containers. Review Board 7’s official Docker images are based on Ubuntu 22.04 LTS and Python 3.11.

Talk to us about Review Board Support to keep your server running smoothly and your developers happy.

Review Board 7 is coming soon. To get ready, we're putting out a series of releases that you can upgrade to today, starting with Power Pack 5.2.3.

What is Power Pack?

Power Pack is licensed add-on for Review Board, offering:

• PDF document review and diffing, allowing you to review documents, schematics, designs, contracts, and code all in one place.
• Report generation, giving you insight into code review practices in your organization.
• Advanced server management for scalability, database management, and splitting/merging installs
• Support for enterprise source code management systems, including AWS CodeCommit, Azure DevOps/TFS, Bitbucket Server, Cliosoft SOS, GitHub Enterprise, HCL VersionVault, and IBM Rational ClearCase.

You can try Power Pack free for 60 days or purchase a license for your server.

What's New in Power Pack 5.2.3

Power Pack 5.2.3 now supports Review Board 3 through 7, and makes the following improvements:

• When paid licenses expire, they'll convert to a free perpetual 2-user license.
• Installation issues with certain combinations of boto3, urllib3, and requests package dependencies have been fixed.
• Fixed an issue with draft comment visibility on PDFs.

For the complete list of changes and installation instructions, see the release notes.

We’ve launched a new installer for Review Board, with support for over 50 different system environments.

With a single command, you can be up and running in minutes, on nearly any Linux system, providing a virtually hassle-free experience, whether you’re installing Review Board for the first time or moving your install to a new server.

Using the new installer

It’s as simple as running the following as root:

$ curl https://install.reviewboard.org | python3

Or, if you prefer not to use curl and have pipx installed:

$ pipx run rbinstall

The installer will check your system for the latest compatible release of Review Board. From there, you can get an overview of the commands the installer will run, and then run them.

The installer also sets up:

• Automated code review with Review Bot, which can automatically review code using a wide variety of code checking tools, saving your engineers time during review and catching important issues quickly.

• A free 2-user tier of Power Pack, providing:

  Document Review, to help review your documentation, mockups, schematics, and designs alongside your code.

  Reports/Analytics, to gain a better understanding of how well your teams are using code review to improve your products.

  Additional repository support, letting you integrate with Azure DevOps, GitHub Enterprise, ClearCase, Cliosoft SOS, and other solutions you may depend on.

Automated/Unattended installs

The installer was built with automation in mind. You can set up entire fleets by running a single command:

$ curl https://install.reviewboard.org | python3 - --noinput

Or, with pipx:

$ pipx run rbinstall --noinput

To learn more, see the Unattended Installs documentation.

Docker is another great option

If you’re looking to simplify maintenance even further, we have official Docker images available.

This is a simple option for spinning up new Review Board servers for deployment or testing, complete with Review Bot and Power Pack. No manual installation required, and kept up-to-date as we release new versions.

Fully supported

Support for the installer, Docker images, and your whole deployment are included with a Review Board support contract.

This comes with 24/7 coverage for any emergencies or assistance you need, keeping you protected and ensuring you’re never on your own when things go wrong. We’re here for any questions you have, any problems you encounter, and any guidance you need.

If your server is currently unprotected, contact us about a support contract to take care of that today.

Learn more

See our guide to the Review Board Installer to learn how to run the installer, automate installation, and prepare older Linux distributions for installation. It’ll help ensure a seamless install the next time you’re setting up Review Board.

Have any questions or feedback about the installer? We’d love to hear from you! Contact us at questions@beanbaginc.com.

Today's releases fix an important security vulnerability we've found in-house, and improve stability overall in Review Board 6.

API Security Fix

We discovered a security issue with two of our APIs while performing an in-house performance audit of our code. This allows a user with legitimate access to a Review Board server to craft a specific API request that returns diff content they wouldn't normally have permission to access (draft diffs or published diffs associated with a private repository or invite-only review group).

Users cannot exploit this bug without legitimate access to the Review Board server (or the Local Site server partition, if used).

We aren't aware of this vulnerability being used in the wild. It requires making use of an optional header when accessing these APIs, plus knowledge of internal database APIs for published diffs.

As part of fixing this security issue, we've done the following:

1. We sent patches (and custom builds as needed) to our customers with Premium Support contracts.
2. We audited the remainder of our APIs. This type of issue was not found anywhere else.
3. We improved our testing infrastructure so that this type of issue would be found automatically going forward.

We recommend that everyone upgrade to the appropriate release of Review Board.

Review Board 6 Stability

We've addressed a few regressions introduced in Review Board 6.0:

• Manually uploading diffs (either to new or existing review requests) should now work on all types of repositories.
• Batch publishing will now work when using Local Site server partitions.
• Empty reviews will no longer be posted if creating a review, leaving comments, and then deleting the comments.
• Switching between search engine backends no longer require restarting the web server.
• Logging in from the Log Out page now takes you to the dashboard, instead of logging you back out.
• Some minor UI issues in the Administration UI have been fixed.

Upgrading

If you're using our official releases, follow the upgrade instructions in the release notes below:

• Review Board 6.0.2
• Review Board 5.0.7
• Review Board 4.0.13
• Review Board 3.0.26

If you're using releases provided by your Linux distribution or a third-party, you will need to inquire with them about your upgrade options and support.

If you need assistance with your server, we can help under a support contract. This entitles you to on-going support for your server, custom builds, backported fixes, pre-release security patches, and solutions tailored for your company's needs.