What's New in Review Board

Power Pack 5.1 adds support for the upcoming Review Board 5 release, while maintaining compatibility with Review Board 3 and 4.

We are releasing Review Board 5 beta 1 very soon. If you're planning to beta test this release, and are using Power Pack today, we recommend preparing by upgrading to Power Pack 5.1.

This release also contains a fix for diffing PDFs on Python 3 installations.

For complete details, see the release notes.

What is Power Pack?

Power Pack is an add-on to Review Board that provides:

• PDF document review and diffing, allowing you to review documents, schematics, designs, contracts, and code all in one place.
• Report generation, giving you insight into code review practices in your organization.
• Integrations with enterprise services including AWS CodeCommit, Azure DevOps/TFS, Bitbucket Server, Cliosoft SOS, GitHub Enterprise, HCL VersionVault and IBM Rational ClearCase.

With more features in the works.

Licenses are affordable and can cover as many or as few users as needed in your team. Download a 60-day trial license to get started.

Review Bot 3.1 adds support for the upcoming Review Board 5 release, while maintaining compatibility with Review Board 3 and 4.

We are releasing Review Board 5 beta 1 very soon. If you're planning to beta test this release, and are using Review Bot today, we recommend preparing by upgrading to 3.1.

This release also contains a small fix for changing the configured broker URL, to avoid retaining connections to older brokers.

For complete details, see the release notes.

To get started, download Review Bot or read the documentation.

Docker images are also available to help you get going quickly.

We have three new releases out today, all focusing on better compatibility and bug fixes.

Review Board 4.0.7

We've fixed issues all throughout the product, covering:

• Compatibility fixes for ClearCase, GitLab, reCAPTCHA, and third-party extensions
• Text editing improvements to better help you write code in comments
• Better scaling for deployments with many Review Board servers and with thousands of repositories
• Fixes for edge cases when rendering diffs

Our Docker images have also been updated to include support for Power Pack and Review Bot 3.

See the release notes for more on Review Board 4.0.7.

RBTools 3.1.1

This release fixes some regressions from the 3.1 release in rbt land and rbt patch.

It also improves support for IBM ClearCase and HCL VersionVault repositories, which is available through Power Pack.

See the release notes for more on RBTools 3.1.1.

Power Pack 5.0.1

This releases focuses on improving the support for IBM ClearCase and HCL VersionVault. Bugs for diff generation has been fixed and support for UCM workflows have been improved. If you're using legacy ClearCase support in Review Board, we recommend upgrading to the modern version in Power Pack for features like multi-VOB repositories, better compatibility, and official support.

We've also fixed issues running the Database Import/Export functionality in some environments. If you're using our Docker images, import-db and export-db should now work fine.

Power Pack supports additional repositories like Cliosoft SOS and GitHub Enterprise, PDF document review and diffing, Reports for your teams and organizations, and more.

See the release notes for more on Power Pack 5.0.1, or download a 60-day trial license to get started!

Cliosoft SOS is an enterprise source code management solution widely used for hardware and software design and development. It's built to allow teams across the globe to collaborate on large hardware-focused projects.

We’ve partnered with Cliosoft to bring support for SOS to Review Board. You can now connect your SOS projects to Review Board as repositories, post code from local workareas using RBTools, and review them using Review Board’s collection of code review capabilities. This includes issue tracking for comments, moved code detection, multi-line commenting, interdiffs, file attachment review, and more.

SOS support is available as of today’s releases of Power Pack 5 (our licensed add-ons for Review Board) and RBTools 3.1 (our developer command line tools).

Along with SOS support, Power Pack provides PDF document review/diffing, team collaboration reports, database import/export, scalability enhancements, and support for several additional source code management solutions.

Compatible Releases

SOS support requires the following minimum versions on the Review Board server:

• SOS 7.20
• Review Board 4.0.6
• Power Pack 5

And on developer machines:

• SOS 7.20
• RBTools 3.1

Licensing

Power Pack is a licensed product. Licenses can be purchased by credit card or Purchase Order, and can cover as many or as few Review Board users as needed for SOS.

You can get started with a 60-day trial license.

Please note that this is separate from your SOS license.

Learn More

See our SOS workflow guide to learn how to post changes to Review Board, and our repository setup guide to learn how to connect Review Board to SOS.

To learn more about today’s releases of Power Pack 5 and RBTools 3.1, see the Power Pack release notes and RBTools release notes.

The all-new Review Bot 3 brings enhancements to every area of the product. New Docker images to ease installation, new code review tools to spot problems in more languages, a new Secret Scanner that looks for leaked credentials or API tokens, and a new worker experience. Plus many, many bug fixes.

Docker Images

Review Bot is now easier to install than ever, thanks to our new official Docker images.

You can create your own Review Bot worker image with the specific tools you need by using beanbag/reviewbot-base, or you can use one or more of the following pre-built images for reviewing:

• reviewbot-c: C/C++ and Objective-C/C++
• reviewbot-go: Go
• reviewbot-java: Java
• reviewbot-javascript: JavaScript
• reviewbot-python: Python
• reviewbot-ruby: Ruby
• reviewbot-rust: Rust
• reviewbot-shell: Shell Scripts
• reviewbot-fbinfer: Multiple languages through FBInfer
• reviewbot-pmd: Multiple languages through PMD

Our Review Board Docker image has been updated to include the extension for Review Bot 3.

See our documentation on using or customizing the Review Bot docker images.

Secret Scanning

Review Bot can now check all published diffs for any accidental passwords, API tokens, or other credentials included in the code. This is a red flag to the author of the change to quickly reset those credentials

This is built into the Review Bot worker. No special tools are required. See the Secret Scanner documentation for information on what kinds of credentials Review Bot looks for, and let us know if you have any you’d like us to add.

Improved Code Review Tools

Review Bot 3 includes new tools for reviewing Go, Rust, Ruby, and Bash/Dash/KSH/SH shell script code. It also now includes support for Facebook’s FBInfer tool.

For more information, see our documentation on:

• CargoTool
• FBInfer
• Go Fmt
• Go Tool
• RuboCop
• RustFmt
• ShellCheck

Most existing tools have also been improved, with better reporting capabilities, new configuration options, and better compatibility.

A New Worker Experience

We’ve completely reworked the Review Bot worker, adding new configuration options, a more useful startup and diagnostics screen, and a streamlined command line.

Configuration improvements include:

• Authentication cookie paths, tool executable paths, and Java classpaths are all customizable.
• The location of the Review Bot configuration can now be set on each worker.
• The list of full-access repositories or Review Board servers can now be managed in JSON files you control.

During startup, if anything is missing or any full-access repositories are misconfigured, Review Bot will now let you know.

All changes are backwards-compatible.

Lots of Bug Fixes

Compatibility issues with tools and corner cases with applying patches have all been fixed.

We’ve addressed many headaches with getting things configured, providing better guidance when things go wrong.

Race conditions between workers on full-access repositories are no more.

Performance has also been improved throughout the product.

Ready To Upgrade?

Upgrading is easy, and we have an upgrade guide to get you going.

If you’re new to Review Bot, the new Docker images make it easier than ever to get started.

See the Review Bot documentation for installation and usage instructions, and for the complete list of supported tools.

If you want to know what else is in 3.0, check out the release notes.

We have a few exciting announcements today!

Power Pack 4 and RBTools 3 are now available. There’s a few big features to cover, and we’d like to start with VersionVault and ClearCase.

HCL VersionVault and IBM ClearCase

HCL VersionVault and IBM Rational ClearCase are enterprise source code management products, built for distributed teams that need to collaborate on very large projects.

Power Pack 4 ships support for both VersionVault and ClearCase repositories, allowing your teams across the world to collaborate on code reviews and document reviews.

To get started:

1. Install Review Board 4.0.5 (or newer)
2. Install Power Pack 4 on the Review Board server
3. Download a Power Pack trial license or purchase a license
4. Configure your repositories (each can map to one or more VOBs)
5. Have your developers install the RBTools 3 command line tools to post changes for review

You can then post code for review using rbt post, and review it right from your Review Board server.

Power Pack is a licensed add-on to Review Board. You can buy a license for as many or as few users as needed. A user must be licensed to post changes for review, but anybody can review posted changes.

Please note, this replaces the old, legacy community-driven ClearCase implementation found in Review Board. You’ll want to select “VersionVault / ClearCase” when setting up your new repositories.

For more information, see the documentation on:

• Configuring VersionVault/ClearCase Repositories
• Posting VersionVault/ClearCase Changes

Database Import/Export

There are times when you may want to take the content from one Review Board server and move it to another. The simplest way to do this is just to copy the database, but there are some times when that will not suffice:

• You want to export only a subset of the content (for example, if part of a business is being spun-out or acquired).
• You want to combine two separate Review Board instances into one.
• You want to change database backend types (for example, moving from MySQL to Postgres).

Power Pack 4’s new import/export feature makes it easy to handle these kinds of scenarios by exporting a full or partial Review Board server into a database-agnostic bundle, which can then be imported into a new or existing server.

Power Pack 4 must be installed to perform the export or the import, but at this time, a license is not required to use the feature.

See the Import/Export documentation for instructions.

RBTools 3

Along with support for VersionVault and ClearCase, the all-new RBTools 3 has some new capabilities to help you build your own solutions around Review Board.

JSON Output

All commands now accept a --json argument, which will cause the command to output a JSON document showing if the command was successful or listing any errors.

Many commands (including rbt post, rbt land, rbt status-update, and rbt status) provide additional information, built to help you integrate RBTools into your own scripts.

See the documentation for each command for their JSON schemas.

We are still working to improve the JSON output. If you use this feature, please let us know what would be useful to you!

rbt review

The new rbt review command allows you to construct reviews, add comments, and publish or discard, right from the command line or scripts.

This is intended to help with in-house automation around Review Board. We’re still improving this command, so once again, let us know if you find it useful and want to see any improvements.

Let’s Get Started!

Ready to set up VersionVault/ClearCase? Or play with RBTools’s new JSON output or review automation? Or prepare for some data migration?

Upgrade to Power Pack 4 and RBTools 3 to take advantage of all these new features.

To see the full list of changes, see the Power Pack 4 release notes and RBTools 3 release notes.

Today's release of Review Board 4.0.6 fixes bugs throughout the product, improving areas such as interdiffs, mobile styling, and Python 3 compatibility.

It also introduces new diff parsing capabilities and API enhancements, which will be used by the upcoming Review Bot 3 release.

Diff Improvements

Diff parsing now tracks symlink target and UNIX file mode changes for Git,
Mercurial, and DiffX diffs.

These, along with binary file information, are now exposed in the API, allowing
your in-house scripts and webhooks to better work with changes posted to Review
Board.

We've also fixed the display of indentation-only changes when viewing
interdiffs, the display of symlink changes in Git-style Mercurial diffs, and
downloading patch error bundles on Python 3, and

Bug Fixes

We've fixed some issues upgrading from very old versions of Review Board to
4.0.6+.

Parsing of Bitbucket API error payloads on Python 3 now works for all error
types.

If using Review Bot, you can now once again view the in-database state for
tools.

Some UI issues in mobile styling and in the issue summary table have been
fixed.

Upgrade today!

Builds are now available for Python 2 and 3, and our official
Docker images have been updated.

Check out the release notes
for the full list of changes.

Review Board 4.0.5 introduces new experimental features for defining custom ACLs for diffs, integrating with our proposed DiffX file format, and eases installation on Python 2.7 and 3.10.

Diff ACLs

Through the new FileDiffACLHook, extensions can check whether a user is allowed to see the contents of particular files before a diff is rendered.

You can connect this to in-house access control lists you've already defined, such as Perforce's p4 protect (there's an example for this in the documentation).

Right now, Diff ACLs are experimental, and must be specifically enabled on your server. We're excited to find out how you might use this feature, and will be making it standard in Review Board 5.

DiffX

Surprisingly, there isn't much in common between most diff formats. Every source code management solution has had to invent its own variation of the format, and with this comes problems.

We've been working on addressing this through a proposed standard format called DiffX. This introduces standard parsing rules, multi-commit diffs, custom metadata, and is backwards-compatible with existing diffs

Review Board now includes built-in DiffX support. Right now, this is opt-in, but we'll be using it with some upcoming SCMs solutions we're integrating with. In the future, we plan to make DiffX available universally.

Compatibility Improvements

We've fixed a handful of issues with installing, upgrading, and using Review Board:

• Some Python 2.7 dependencies have been tweaked to ease installation without running into dependency issues.

• Python 3.10 support has been added. We're having to work around issues in third-party modules we depend on, so let us know if you hit any issues.

• Newer versions of mysqlclient on Python 3 are now supported. No need to downgrade.

• Fixed issues that could trigger failed upgrades from very old Review Board databases (you will need to manually upgrade django_evolution to 2.1.3 or higher).

• Fixed a Markdown rendering issue on Python 3.

Plus...

• Improved TLS support in Active directory.
• Fixed displaying the Change field on review requests.
• Internal preparations for Review Board 5, coming soon!

We're aiming to get Review Board 5 in beta form in the next couple of months. This will largely be an architectural upgrade, switching us to Django 3.2 LTS and Python 3.7+. We'll have an announcement when this is ready to test.

In the meantime, see the release notes for the full list of changes in Review Board 4.0.5.

The big tech news this week has been CVE-2021-44228, the vulnerability in Log4j2, a widely-used logging library for Java.

We've received a lot of questions as to whether Review Board is impacted.

The answer is no. Review Board is not impacted by the Log4j2 vulnerability. It's written in Python and JavaScript, and we do not make use of Java or Log4j2 anywhere in our stack.

However, Review Board may talk to other services in your network that use Log4j2, which themselves may be impacted. We recommend thoroughly auditing your infrastructure at this time.

This is a pretty rough issue, and we want to acknowledge and praise the hard work and long hours so many people are putting in to address this issue, both inside and outside the Log4j2 project. If your company depends on Log4j2, or any other critical open source components, consider reaching out to those projects to see how you can help give back.

Power Pack 3.0.6 introduces support for Microsoft Azure DevOps, and fixes compatibility issues with Python 3 and Review Board 4.

Azure DevOps

Microsoft Azure DevOps is the successor to Team Foundation Server. Power Pack 3.0.6 now supports authenticating and communicating with Azure DevOps, using our existing Team Foundation Server integration.

Personal Access Tokens can now be used to communicate with Azure DevOps or with recent versions of Team Foundation Server that are set to require them.

Compatibility Fixes

Power Pack is now compatible with the most recent versions of Python 3, fixing some crashes during startup.

Review Board 4 support has also improved. Issues with licensed user management on this release have been resolved, and styling has improved in the Power Pack configuration page, helping it fit better with the rest of the UI.

If you haven't upgraded lately...

In recent releases, we've added compatibility with Review Board 4.0 release and improved Reports and PDF compatibility. We have more features on the way, including new support for new source code management solutions and cross-database import/export.

Now's a great time to upgrade, or to start using Power Pack for the first time.

Learn more about Power Pack or upgrade your copy today!