Jump to >
New Review Board 2.0.25 and 2.5.7 releases

We have a couple of new Review Board releases for you today, including the biggest 2.5.x release yet.

Review Board 2.5.7 brings new administrative features, improvements to e-mail sending (including DMARC compatibility) and content, extension unit testing, usability enhancements, and over 40 bug fixes.

Review Board 2.0.25 brings many of those same bug fixes, along with the new extension unit testing support, for users who have not yet upgraded to 2.5.

Let's take a look at some of the major new changes in these releases.

More reliable e-mail

  • E-mail has been evolving in recent years, with new starts forming to help combat spam and fraudulent e-mails. Some of these standards, like the Sender Policy Framework and DMARC, can prevent Review Board from reliably sending e-mail on behalf of users.

    In Review Board 2.5.7, we've added compatibility with these standards, ensuring that all Review Board e-mails will safely reach their destination.

  • We've also added a handy new link in the Review Request Updated e-mails in Review Board 2.5.7 for showing the changes made since the previous diff. That's one less click to view an interdiff.

Easier administration

Review Board 2.5.7 adds a few new features to help administer users and settings on your install:

  • It's now easier to manage users belonging to review groups, default reviewer rules, repository access lists, and other places in the administration UI. We've introduced a new widget for managing lists of users, which scales well and simplifies locating and adding new users.

  • You can now safely grant users fine-grained access to the administration UI without giving them access to global Review Board settings. Simply set them as a "staff" user instead of "superuser."

Both 2.5.7 and 2.0.25 have made it easier to work with repository credentials and authentication servers:

  • Hosting service credentials for repositories can now be edited simply by clicking "Edit Credentials" by the desired account on the repository page. This should make things a lot easier in the event of a password or token change on a service.

  • Authentication forms for LDAP, Active Directory, and more have been organized, making it a lot easier to get going for the first time.

Extension unit testing

When writing extensions for your server, you want to make sure you can catch any breakages or changes in functionality when preparing to upgrade to the next version of Review Board. We've made it easy to write and run unit tests for your extension, using the new rbext command. Now you can make sure your extension works as expected before doing your next big server upgrade.

Lots of bug fixes

We've fixed quite a lot of bugs in these releases. We have fixes for CVS, Bitbucket, GitLab, webhooks, the API, e-mail contents, file attachment display and review, Power Pack compatibility, post-commit review, custom Markdown text fields, dashboard columns, and much more.

You can see the 2.0.25 and 2.5.7 release notes for the whole list of changes, along with upgrade instructions.

Happy 10th Birthday, Review Board!

Happy Birthday!

10 years ago, David Trowbridge and I (Christian Hammond) began talking about the problems and annoyances with code review, and how it could be better. Code review at the time was (usually) a very tedious process where you'd e-mail diff files around and reply to them, and while there were a couple of tools on the market, they were expensive and cumbersome.

So on September 27, 2006, ten years ago today, we landed our first commit.

r1 | chipx86 | 2006-09-27 00:25:53 -0700 (Wed, 27 Sep 2006) | 2 lines

    Add the reviewboard.

Where we were back then

Back in 2006, there was no GitHub or Bitbucket. Git was just around a year old. Subversion and Google Code were the tools choice of most open source projects. Many companies performed code reviews on whiteboards or projectors.

And people still e-mailed diffs around.

We just knew things could be better, so we began writing Review Board. We didn't know if it'd be a short-lived toy project, our new excuse for staying up all night coding, or if it could truly be more. It started off as just an experiment in improving how code review could be made better, could evolve, to make lives easier for developers.

The experiment was a success.

Pre-1.0 Dashboard

(We've come a long way since.)

Where we are today

Fast forward 10 years (!) and we have a product that we're proud to call our day job, a product that thousands of companies depend on every day. Hundreds of thousands of developers.

Over the years we've learned what works and what doesn't. We've greatly enhanced our code review capabilities, added support for many more types of code hosting services, wrote a powerful and comprehensive extension infrastructure and API, and helped change the world of code review for the better.

Our core team has expanded. We've put out 142 releases of Review Board alone (that's over 14 a year!), built a Review Board SaaS (RBCommons), added new enterprise-level features through Power Pack, and established support contracts with companies to help them through the good times and bad.

There are many code review tools on the market these days, and we're so glad to see that most developers no longer have to live in the dark ages of e-mailing diffs and projecting code up on walls. Throughout it all, Review Board has remained a strong, powerful, and beloved tool for so many, and we couldn't be happier.

Our users have been truly great. One company 3D printed Sparkly and Fish Trophies for us. Someone once wrote a poem for us ("Ode to Review Board"). We've been invited to give talks at big tech companies. We've mentored over 100 students as part of UCOSP and Open Academy, using Review Board development to help them prepare for their careers as software engineers.

3D Fish Trophy!

It's been an amazing ride, and we're nowhere close to done.

Where we're going

We have several very exciting features in the works to bring your code quality to a new level. Our focus right now is on Review Board 3.0, which is bringing:

  • A new and improved (but still familiar!) review experience
  • Support for integrating with third-party services (like Slack, Asana, and more), allowing for as many distinct integration configurations as you need
  • Built-in support for showing and handling feedback from automated code review services
  • Improved search results and on-the-fly indexing, with support for Elasticsearch
  • OAuth2 provider support
  • Custom avatar services
  • And much, much, much more

Automated Review

It's going to be a fantastic release. RBCommons users will get to see some of this soon!

In parallel, we've also been working on features for Review Board 4.0. The big highlight (and the feature being worked on now) is DVCS support, featuring some really useful takes on multi-commit review. We have some other great features planned, but aren't ready to announce them yet.

We've had an amazing 10 years, watching our little experiment grow and make a difference to customers around the world. We can't wait to see what the next 10 years have in store.

Happy birthday, Review Board!

New Django Security Releases

Django released a new set of security releases today, designed to fix a vulnerability in the cookie parsing code when combined with usage of Google Analytics that could allow an attacker to bypass CSRF protection. (See their announcement for more details.)

We maintain security-hardened builds of Django 1.6.x, the version series we use for Review Board 2.0 through 2.5. We have put out a Django 1.6.11.4 release containing these security fixes.

To upgrade to this release, run:

$ pip install -U https://downloads.reviewboard.org/releases/Django/1.6/Django-1.6.11.4.tar.gz

Or:

$ easy_install -U https://downloads.reviewboard.org/releases/Django/1.6/Django-1.6.11.4.tar.gz

This particular vulnerability is unlikely to affect most of our users (at least as documented in Django's release notes), but we still recommend upgrading, to be safe.

You can always keep up on the latest Review Board security announcements by subscribing to Official Announcements mailing list.

Review Board and the HTTPoxy Vulnerability

HTTPoxy is an old, but recently-discussed security vulnerability affecting CGI-backed web applications (and certain client-side libraries). It allows an attacker to send a Proxy HTTP header to a vulnerable web server, and have that translate into a HTTP_PROXY environment variable, which may then be used to specify an HTTP Proxy server for use by HTTP requests initiated from the server. This happens because CGI-based web applications are provided the client's HTTP headers as environment variables, converted to uppercase and prefixed with HTTP_. This is normally not a problem, but

Effectively, HTTPoxy allows an attacker to Man-in-the-Middle HTTP requests made by the web application, intercepting traffic or returning bad data.

Don't worry, Review Board is safe!

Review Board is not vulnerable to HTTPoxy, as it doesn't use CGI. Most Review Board installs use WSGI, and some older installs use mod_python or FastCGI. None of these implementations are vulnerable (despite the "CGI" in the name "FastCGI").

We'd still recommend fine-tuning your server's settings to work around the HTTPoxy vulnerability, as a precaution, particularly if you're running anything else on the server. See the HTTPoxy Mitigation instructions for further details.

Power Pack 1.4.2 is out, with Visual Studio Team Services and more!

Today's release of Power Pack brings a brand new feature: Support for Visual Studio Team Services.

Formerly known as Visual Studio Online, this service provided by Microsoft allows you and your team to easily set up and work with Team Foundation Server repositories. Now, using Power Pack, you can add your repositories to Review Board and take advantage of all of our enhanced code review capabilities. See the documentation for more information on getting set up.

Visual Studio Team Services Configuration

We've also improved the UI for PDF Review. Previously, the PDF Review UI would appear as its own independent box, separate from the rest of the review request page (including the header with the "Close," "Review," etc. actions). Now, when using Review Board 2.0 or higher, it will fit in more naturally with the rest of the page.

PDF Review UI

There are also a handful of other bug fixes for TFS-Git, anonymous users, and more. See the release notes for more information.

We messed up, so here's Review Board 2.5.6.1!

Review Board 2.5.6 shipped in a bit of a broken state, due to a packaging error that wasn't caught by our automated tests. This led to JavaScript failures on certain pages, like the New Review Request page.

Review Board 2.5.6.1 is out now and fixes the error. If 2.5.6 broke you, just install 2.5.6.1 and you'll be back up and running.

We're expanding our automated testing to ensure this particular problem won't happen again. Sorry for the trouble, and thanks for using Review Board!

Review Board 2.0.24 and 2.5.6 are released!

We have a couple of new releases for you today, mostly focused on bug and compatibility fixes.

Both releases have important fixes for GitLab and compatibility fixes for Subversion 1.9 diffs, both of which we've received numerous bug reports about.

Review Board 2.5.6 also has an important dependency update for django-haystack. If you recently installed Review Board 2.5.x on a new server and had issues creating a site, this should take care of it.

Review Board 2.0.24 now has the improved support for Codebase HQ, which we previously introduced in Review Board 2.5.5. This allows you to work with Subversion and Mercurial repositories hosted there.

Both releases contain several other bug fixes that are worth getting. See the release notes for more information:

Also remember that if you're upgrading to 2.0.24, you need to follow the instructions in the release notes to ensure you're getting the right version.

Review Board 2.5.5 released

We have a new release for you all today that introduces a couple of new features and fixes some important bugs. In particular, if you're a PostgreSQL user and are running an earlier 2.5.x release, you'll want to upgrade today.

Here are some of the highlights:

Improved Codebase HQ support

We've enhanced our support for repositories hosted on Codebase, adding on Mercurial and Subversion support, along with improving support for Git. If you use Codebase already, you'll be prompted to supply new credentials the next time you create or edit a repository.

PostgreSQL diff condensing improvements

A critical defect was found in the condensediffs command when being run against a PostgreSQL database that could cause data loss. This was introduced in 2.5. We haven't received any reports to date about data loss, but have witnessed it in-house. If you're using 2.5.x on PostgreSQL, please update immediately.

Usability regression fixes

There's also a fix for a usability regression introduced in a previous release for the Review Groups configuration page. The user membership selector was replaced with a text field containing internal database IDs for users. This was based on an attempt to work around a performance defect on very large servers. We've reverted back to the user selector for this release, and will be introducing a new selector that increases usability and fixes performance problems in a future 2.5.x release.

If this was a problem for you, and you are not bitten by the PostgreSQL bug, you may want to stay on 2.5.4 for now.

E-mails for API tokens

In order to enhance security and help with audit trails, we've introduced e-mail notifications when creating, deleting, or modifying API tokens. If someone manages to gain access to your account and create an API token, or tricks you into creating one in some way, you'll be notified.

There's also a handful of other fixes. See the release notes for all the details.

Power Pack 1.4.1 for Review Board is out

We've just released Power Pack 1.4.1 for Review Board. Power Pack provides PDF document review and management reporting capabilities, along with support for GitHub Enterprise, Microsoft Team Foundation Server, and improved multi-server scalability.

Team Foundation Server Improvements

This release focuses on improving support for Microsoft Team Foundation Server:

  • Added support for browsing child branches in the New Review Request page.
  • Added support for branch/copy operations (requires RBTools 0.7.6 or newer).
  • Fixed showing information on new files added in a diff.
  • Fixed problems in some configurations when looking up files, which caused diffs to break for some users.

Installation with pip

Power Pack can also now be installed using pip (8.1 or higher recommended) by typing:

pip install -U ReviewBoardPowerPack

Get it today!

Power Pack 1.4.1 is out now! You can read our release notes for the full details, or install or upgrade at any time.

After your trial, if you're ready to buy, head over to our purchase page. We'll help you get a license that's right for you.

Hitting a problem? Have a feature you want to see included? Let us know!

RBTools 0.7.6 is released!

Today's all-new release of RBTools 0.7.6 comes with over a dozen improvements, from Mercurial and Perforce fixes to new Team Foundation Server capabilities to automation enhancements.

We've fixed some character set compatibility bugs with Team Foundation Server. There's also new support for posting branched/copied files for review (this requires the upcoming Power Pack 1.4.1 or higher), excluding files using --exclude, and specifying a custom path to tf.exe.

Perforce users should see more stability in edge cases, like posting deleted symbolic links for review or when dealing with Unicode mismatches between review requests and changesets.

Mercurial users can now safely use relative, negative, or short revisions when specifying commits to post for review.

We've improved RBTools's behavior when running in a non-interactive console, allowed rbt api-get to be used outside of a source tree, and made it easier to work with paginated responses in the Python API.

Performance has been improved when looking up repositories on ClearCase and Subversion.

These are just some of the improvements made in RBTools 0.7.6. For the complete list, see the release notes.

To upgrade RBTools, visit the downloads page.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 pages