The Django project just released an important security update that affects all Review Board 1.7.x servers, particularly public ones. It allows an attacker to perform a Denial-of-Service attack on the server through the authentication mechanism.
We recommend that everybody running a Review Board 1.7.x release immediately updates to Django 1.4.8. We will be putting out new releases of Review Board today, as well.
Please see the Django security announcement for more information.
Until now, we've been running two separate beta programs for PDF Review and "Review Board Enterprise". We've decided to merge these together into a single product that we're calling the "Review Board Power Pack."
The major features of the combined package are:
In addition to merging together the features of our two previous beta packages, there are some improvements and bug fixes for PDF Review in this release:
If you already signed up for the beta, you should have an email explaining how to install it (or upgrade from the first beta). If you haven’t signed up, but would like to participate, please fill out our sign-up form and we’ll be in touch.
Once we have a final release, these features will be available on RBCommons.com for our larger tiers.
Review Board 1.7.13 is released, and brings with it support for Beanstalk and Bitbucket Git.
Beanstalk is a code hosting and development service with support for Git and Subversion. It integrates with a variety of services and offers easy deployment to servers.
We had support for Bitbucket with Mercurial, but due to some missing API, we couldn't integrate with Git. That's been solved in 1.7.13, if you also use RBTools 0.5.2.
There's also a handful of other fixes and improvements in this release.
While you're upgrading, we recommend making some additional changes to your Apache configuration. See the updates on our guide to securing file attachments.
See the release notes for more information on what's in 1.7.13.
RBTools 0.5.2 is released, with a handful of new features and some nice fixes.
First off, along with the upcoming Review Board 1.7.13 release, you'll be able to post changes to Beanstalk and Bitbucket Git repositories. This should be helpful to a lot of you looking to use these services.
We've also made the tools a bit more friendly. The --help argument is back for all tools, and can be placed before or after the rbt sub-command (for example, rbt --help post or rbt post --help).
There's a new rbt get tool for scripts that want to talk more directly to our API, or those who want to experiment with the API without writing a script.
On top of all that, there's git-p4 support, improved Subversion support, and more.
See the release notes for the full list.
We're happy to announce a couple new releases of Review Board tonight.
Both 1.6.18 and 1.7.12 focus on further security lockdowns and fixes. We've had some great testing and reports from a couple of our very security-savvy users, and we'll be continuing to put out new releases as they find more.
Those running public installs should update, and should also read our guide on securing file attachments.
None of the issues found have been seen in the wild. We've also been in contact with administrators of some of the larger public Review Board installations about our findings. If you run a public install and would like to be kept informed of any new security updates, please let us know.
Now, that's not all that 1.7.12 brings. We also have some new improvements for extension writers that are helpful to those writing larger extensions. This is all in preparation for some major improvements coming in 1.8. There's also a few bug fixes, such as a much-requested fix to the "Show Whitespace Changes" toggle.
Review Board 1.7.11 is released. It's a small release that just fixes a visual issue with the drop-down menus on IE9, and a compatibility issue with Python 2.5.
If you're primarily using non-IE browsers, and using something newer than Python 2.5, you don't need to upgrade to 1.7.11.
For those using Python 2.5, we recommend planning an upgrade to Python 2.7 soon. Review Board 1.8 will stop supporting Python 2.5, and 2.7 is your best bet for longer-term compatibility.
Release notes are available.
We have a pair of releases today for users of Review Board 1.6.x and 1.7.x. Both contain important security updates, and we recommend updating immediately.
This security vulnerability allows attackers to execute JavaScript under certain conditions. There are no known vulnerabilities in the wild. The latest 1.6.x and 1.7.x releases are susceptible to the flaw. We have released 1.6.x and 1.7.x updates. We recommend that all users upgrade their install to a modern release, particularly if you are running a version prior to 1.6.
Along with the security updates, Review Board 1.7.10 provides some new bug fixes, API enhancements (for comments and screenshots), and UI refinement.
Some of our wonderful early adopters found a couple bugs in 1.7.8 and some missing API for the new Depends On feature. We decided to get these out before everyone else upgraded.
Thanks early adopters!
Review Board 1.7.9 has an installation fix for some MySQL configurations, new API for Depends On and Blocks fields on review requests, and fixes to the recommended cgit URL for Git repositories.
Release notes are available.
Review Board 1.7.8 is out, and it's chock full of goodies.
Review requests have two new fields: Blocks and Depends On. Developers can mark that a review request depends on another review request, helping reviewers prioritize what to review first. This goes both ways. A review request depending on another will be shown as being blocked on the other.
We've increased performance across the board. Every page's load times should be reduced. Upload times for diffs will, in many cases, also be reduced, as we won't hammer your repository as hard. This will also help with those using GitHub who may worry about API limits. The dashboard's reloading is smoother and less prone to problems when the connection or server goes down.
Clicking "Get Support" now goes to an all-new support page with some helpful links. If you have a support contract with us, the support page will give you an easy way to contact us with a problem.
You can even change the page that "Get Support" points to, which is handy if you have your own support page in your company.
That's not all. There's several improvements to the extension framework, improved logging for error resolution, and several bug fixes.
See the release notes for the full list of changes.
RBTools 0.5.1 is out, with many important bug fixes, some new features, and improvements to our API.
We've addressed the bulk of the problems people hit with the new commands in RBTools 0.5.0. In particular, several crashes with Perforce, Subversion and Bazaar have been addressed.
Most of the RBTools commands now have a --repository-type option, which can be used to specify the type of repository, instead of RBTools having to guess. This can also be set in .reviewboardrc by setting the REPOSITORY_TYPE setting. Setting this will dramatically speed up creating and updating review requests, and prevent problems with nested repositories.
You can use post-review --list-repo-types or rbt list-repo-types to see the valid values for this new setting.
To upgrade your copy of RBTools, just run:
easy_install -U RBTools
See the release notes for the full list of changes.
