Review Board 4.0.5: Diff ACLs, DiffX, Installation Improvements

Review Board 4.0.5 introduces new experimental features for defining custom ACLs for diffs, integrating with our proposed DiffX file format, and eases installation on Python 2.7 and 3.10.

Diff ACLs

Through the new FileDiffACLHook, extensions can check whether a user is allowed to see the contents of particular files before a diff is rendered.

You can connect this to in-house access control lists you've already defined, such as Perforce's p4 protect (there's an example for this in the documentation).

Right now, Diff ACLs are experimental, and must be specifically enabled on your server. We're excited to find out how you might use this feature, and will be making it standard in Review Board 5.


Surprisingly, there isn't much in common between most diff formats. Every source code management solution has had to invent its own variation of the format, and with this comes problems.

We've been working on addressing this through a proposed standard format called DiffX. This introduces standard parsing rules, multi-commit diffs, custom metadata, and is backwards-compatible with existing diffs

Review Board now includes built-in DiffX support. Right now, this is opt-in, but we'll be using it with some upcoming SCMs solutions we're integrating with. In the future, we plan to make DiffX available universally.

Compatibility Improvements

We've fixed a handful of issues with installing, upgrading, and using Review Board:

  • Some Python 2.7 dependencies have been tweaked to ease installation without running into dependency issues.

  • Python 3.10 support has been added. We're having to work around issues in third-party modules we depend on, so let us know if you hit any issues.

  • Newer versions of mysqlclient on Python 3 are now supported. No need to downgrade.

  • Fixed issues that could trigger failed upgrades from very old Review Board databases (you will need to manually upgrade django_evolution to 2.1.3 or higher).

  • Fixed a Markdown rendering issue on Python 3.


  • Improved TLS support in Active directory.
  • Fixed displaying the Change field on review requests.
  • Internal preparations for Review Board 5, coming soon!

We're aiming to get Review Board 5 in beta form in the next couple of months. This will largely be an architectural upgrade, switching us to Django 3.2 LTS and Python 3.7+. We'll have an announcement when this is ready to test.

In the meantime, see the release notes for the full list of changes in Review Board 4.0.5.

Review Board and log4j2

The big tech news this week has been CVE-2021-44228, the vulnerability in Log4j2, a widely-used logging library for Java.

We've received a lot of questions as to whether Review Board is impacted.

The answer is no. Review Board is not impacted by the Log4j2 vulnerability. It's written in Python and JavaScript, and we do not make use of Java or Log4j2 anywhere in our stack.

However, Review Board may talk to other services in your network that use Log4j2, which themselves may be impacted. We recommend thoroughly auditing your infrastructure at this time.

This is a pretty rough issue, and we want to acknowledge and praise the hard work and long hours so many people are putting in to address this issue, both inside and outside the Log4j2 project. If your company depends on Log4j2, or any other critical open source components, consider reaching out to those projects to see how you can help give back.

Power Pack 3.0.6: Azure DevOps and Compatibility Fixes

Power Pack 3.0.6 introduces support for Microsoft Azure DevOps, and fixes compatibility issues with Python 3 and Review Board 4.

Azure DevOps

Microsoft Azure DevOps is the successor to Team Foundation Server. Power Pack 3.0.6 now supports authenticating and communicating with Azure DevOps, using our existing Team Foundation Server integration.

Personal Access Tokens can now be used to communicate with Azure DevOps or with recent versions of Team Foundation Server that are set to require them.

Compatibility Fixes

Power Pack is now compatible with the most recent versions of Python 3, fixing some crashes during startup.

Review Board 4 support has also improved. Issues with licensed user management on this release have been resolved, and styling has improved in the Power Pack configuration page, helping it fit better with the rest of the UI.

If you haven't upgraded lately...

In recent releases, we've added compatibility with Review Board 4.0 release and improved Reports and PDF compatibility. We have more features on the way, including new support for new source code management solutions and cross-database import/export.

Now's a great time to upgrade, or to start using Power Pack for the first time.

Learn more about Power Pack or upgrade your copy today!

Review Board 4.0.4: Amazon SES, Bug Fixes, and More

Today's release of Review Board 4.0.4 introduces support for Amazon SES as an e-mail service, improves code highlighting in text areas, cron support for our Docker image, and fixes a handful of bugs.

Amazon SES

Amazon SES is a widely-used e-mail service for users of Amazon Web Services. While Review Board could communicate with it before, it wasn't compatible with SES's method of threading e-mails.

Review Board now adds direct support for SES and its e-mail threading. It will automatically detect SES and enable the correct behavior. If you're using SES today, there's nothing you need to do.

Code Highlighting

We've updated CodeMirror, which we use for text fields, from 5.48.4 to 5.62. This adds improved syntax highlighting for:

  • CSS
  • JSX
  • Markdown
  • Pascal
  • Python format strings
  • SQL
  • Shell scripts
  • TypeScript
  • XML

If you've run into code highlighting problems in the past, give it a try now!

Cron for Docker

Our Docker image now supports using crontabs to run automated tasks, such as search indexing. This is done by pointing the REVIEWBOARD_CRONTAB environment variable at a cron file to load.

See the documentation for usage instructions.

Bug Fixes

That's not all. We've fixed several new bugs and regression from previous releases, including:

  • Packaging fixes for Python 2.7
  • Scrolling through commits in the New Review Request page
  • Downloading diffs for Mercurial
  • Status Updates loading issues for automated code review
  • Subversion diff parsing

And more. See the release notes for the full list of changes.

RBTools 2.0.1: Breezy and Patchy

RBTools 2.0.1 introduces two new features:

  • Support for Breezy, a modern fork of Bazaar
  • Ability to download and write patches to local files using rbt patch --write

We'll be adding support for Breezy to Review Board in an upcoming release.

Along with these improvements, there's a fix for rbt land on Mercurial, and the removal of some harmless but noisy warnings when running on Python 3 with warnings enabled.

See the release notes for the complete list of changes.

Review Board 4.0.3: Bug Fixes Galore

Review Board 4.0.3 fixes an assortment of bugs throughout the product, some of which are specific to running on Python 3. The highlights include:

  • Sending e-mails with long Unicode subjects
  • Posting messages to Slack and Mattermost
  • Triggering builds on Jenkins
  • Looking up files from GitWeb or HgWeb
  • Scrolling in the comment dialog
  • Filtering repositories and loading commits in the New Review Request page
  • Adding groups as reviewers when Depends On is set
  • Displaying validation errors when configuring repositories or WebHooks

For the full list of changes, see the release notes.

Review Board 4.0.2 and 3.0.24: Security and Bug Fixes

Today's releases of Review Board 3.0.24 and 4.0.2 fix a handful of bugs and one security issue, and introduces support for defining safe URL protocols for Markdown text.

Security Fix for Markdown Review UI

Attackers could post a Markdown document for review that contained bad links that, when clicked, could invoke JavaScript code. We fixed a similar issue in 3.0.21, but this is specific to the Markdown Review UI.

Though this is a pretty small attack vector, we do strongly recommend that everyone upgrades as a precaution.

Custom URL Protocols

Administrators can now set a list of URL protocols (like eclipse://. ftp://, gopher://, etc.) they consider safe for their environment by modifying conf/ These will then be preserved when building links. For example:

ALLOWED_MARKDOWN_URL_PROTOCOLS = ['eclipse', 'ftp', 'gopher']

Bug Fixes

There are also fixes for:

  • Marking session and CSRF cookies as secure
  • Handling Subversion diffs with (nonexistent) revisions
  • Markdown rendering of e-mail addresses
  • Connecting to GitLab (in Review Board 4.0.2)

See the 3.0.24 release notes and 4.0.2 release notes for the full lists of changes.

Note: If you're upgrading to 3.0.24, please follow the installation instructions in the release notes so you don't end up on 4.0.2.

Review Board 4.0.1: Bug Fixes for WebHooks, Admin, Markdown

Review Board 4.0.1 is a small bug fix release that fixes a few regressions and add some new polish.


  • WebHooks once again dispatch correctly in all configurations.
  • rb-site manage no longer breaks with custom commands in the $sitedir/commands/ directory.
  • All administration database browser pages now load without problems.
  • Extra whitespace in inline Markdown code literals is now preserved.
  • Code highlighting in Markdown is now more consistent between edit and render modes.

For the full list of changes, see the release notes.

Introducing Review Board 4.0

We've been working toward Review Board 4.0 for some time now, and we're happy to announce that it's finally here!

This is a big release with a lot of user-facing, behind-the-scenes, and administrative changes. Let's dig into the highlights.

Multi-Commit Review Requests

When working with Git or Mercurial, review requests now track each and every commit that went into the change.

This provides reviewers with the freedom to review code in the way that makes the most sense to them. They can review each commit individually or select a range of commits to see and review at once.

Review requests can be landed to a repository or applied locally in either a squashed (single commit) form, or preserving each individual commit.

Screenshot of the Review Board 4.0 commit list

Support for Python 3

Review Board 4.0 is the first version to support Python 3. As of now, Python 3.6 through 3.9 can be used.

Python 2.7 is still supported. However, we will be dropping support in Review Board 5.0, so we recommend that people prepare an upgrade to Python 3 soon.

If you're an extension author, please be aware that you may need to update your extensions for both Python 3 and Django 1.11 compatibility. See the release notes for more information.

Jenkins Integration

The Jenkins integration can run automated tests and builds any time a new review request is posted or updated.

To get set up, follow the documentation and make sure you set up the Review Board plugin for Jenkins.

Discord Integration

The new Discord integration will post activity and discussions on review requests to your Discord channel. Teams using Discord can now stay informed on what's out for review, and what feedback's coming in.

Screenshot of the new Discord integration in use

Dashboard Overview Tab

The new "Overview" tab on the dashboard will show you all the review requests you have out for review, along with all the review requests that are in your review queue.

Screenshot of the dashboard's Overview section

Publish Review And Archive

There's a new "Publish review and archive the review request" option available when reviewing a change. Click this to publish your review and then hide it from your dashboard until you get a reply.

Screenshot of the Publish Review and Archive option

Read-only Mode

Preparing for some downtime? Administrators can now place their Review Board server in read-only mode. This will prevent people from uploading new review requests, reviewing code, or changing their profiles, while you take care of your maintenance tasks.

New Administration UI

We've completely rewritten the administration UI to give you a better experience. It's mobile-friendly, with simpler navigation, a cleaner administrative dashboard, and screen reader support.

Screenshot of the Review Board 4.0 administration dashboard

Smoother Installation and Management

It's now easier than ever to install optional dependencies for Review Board. We've added several special packages that will help install the right versions of the right dependencies:

  • ReviewBoard[ldap]
  • ReviewBoard[mercurial]
  • ReviewBoard[mysql]
  • ReviewBoard[swift]
  • ReviewBoard[p4]
  • ReviewBoard[postgres]
  • ReviewBoard[subvertpy]
  • ReviewBoard[s3]

Site installation and management has also been revamped, making it easier and faster to create new Review Board sites and to run common management tasks (like search index updates).


  • Live video thumbnails for video file attachments
  • Improved support for screen readers (more improvements to come)
  • New extension and API capabilities
  • New automation options for site creation and management

Ready to upgrade?

First, make sure you have a backup of your database and site directory, and have tested an upgrade on a test server.

Please be aware that an upgrade can take time. You should also make sure your extensions have been updated to work with Review Board 4.0.

Then follow the upgrade instructions.

To learn more about Review Board 4.0, please read the release notes.

Power Pack 3.0.5: Fixes for PDF Review

Power Pack 3.0.5 is a small bug fix release that addresses an important issue with PDFs.

PDF Rendering Fixes

Depending on the Review Board setup, a crucial file used to process PDFs would sometimes fail to load. This would result in a blank thumbnail or an empty PDF review UI.

We've tracked down this corner case and fixed it once and for all (hopefully). If you encounter any issues with PDFs, please reach out to us for support. Power Pack licenses entitle you to free support for any and all Power Pack features.

If you haven't upgraded lately...

In recent releases, we've added compatibility with the upcoming Review Board 4.0 release, fixed CSV export for Reports, and improved PDF compatibility.

Now's a great time to upgrade, or to start using Power Pack for the first time.

We're working on Power Pack 4.0, with new authentication features and database import/export. We should have more to show in a few months.

Learn more about Power Pack or upgrade your copy today!

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 pages