What's New in Review Board

Power Pack 3.0.6 introduces support for Microsoft Azure DevOps, and fixes compatibility issues with Python 3 and Review Board 4.

Azure DevOps

Microsoft Azure DevOps is the successor to Team Foundation Server. Power Pack 3.0.6 now supports authenticating and communicating with Azure DevOps, using our existing Team Foundation Server integration.

Personal Access Tokens can now be used to communicate with Azure DevOps or with recent versions of Team Foundation Server that are set to require them.

Compatibility Fixes

Power Pack is now compatible with the most recent versions of Python 3, fixing some crashes during startup.

Review Board 4 support has also improved. Issues with licensed user management on this release have been resolved, and styling has improved in the Power Pack configuration page, helping it fit better with the rest of the UI.

If you haven't upgraded lately...

In recent releases, we've added compatibility with Review Board 4.0 release and improved Reports and PDF compatibility. We have more features on the way, including new support for new source code management solutions and cross-database import/export.

Now's a great time to upgrade, or to start using Power Pack for the first time.

Learn more about Power Pack or upgrade your copy today!

Today's release of Review Board 4.0.4 introduces support for Amazon SES as an e-mail service, improves code highlighting in text areas, cron support for our Docker image, and fixes a handful of bugs.

Amazon SES

Amazon SES is a widely-used e-mail service for users of Amazon Web Services. While Review Board could communicate with it before, it wasn't compatible with SES's method of threading e-mails.

Review Board now adds direct support for SES and its e-mail threading. It will automatically detect SES and enable the correct behavior. If you're using SES today, there's nothing you need to do.

Code Highlighting

We've updated CodeMirror, which we use for text fields, from 5.48.4 to 5.62. This adds improved syntax highlighting for:

• CSS
• JSX
• Markdown
• Pascal
• Python format strings
• SQL
• Shell scripts
• TypeScript
• XML

If you've run into code highlighting problems in the past, give it a try now!

Cron for Docker

Our Docker image now supports using crontabs to run automated tasks, such as search indexing. This is done by pointing the REVIEWBOARD_CRONTAB environment variable at a cron file to load.

See the documentation for usage instructions.

Bug Fixes

That's not all. We've fixed several new bugs and regression from previous releases, including:

• Packaging fixes for Python 2.7
• Scrolling through commits in the New Review Request page
• Downloading diffs for Mercurial
• Status Updates loading issues for automated code review
• Subversion diff parsing

And more. See the release notes for the full list of changes.

RBTools 2.0.1 introduces two new features:

• Support for Breezy, a modern fork of Bazaar
• Ability to download and write patches to local files using rbt patch --write

We'll be adding support for Breezy to Review Board in an upcoming release.

Along with these improvements, there's a fix for rbt land on Mercurial, and the removal of some harmless but noisy warnings when running on Python 3 with warnings enabled.

See the release notes for the complete list of changes.

Review Board 4.0.3 fixes an assortment of bugs throughout the product, some of which are specific to running on Python 3. The highlights include:

• Sending e-mails with long Unicode subjects
• Posting messages to Slack and Mattermost
• Triggering builds on Jenkins
• Looking up files from GitWeb or HgWeb
• Scrolling in the comment dialog
• Filtering repositories and loading commits in the New Review Request page
• Adding groups as reviewers when Depends On is set
• Displaying validation errors when configuring repositories or WebHooks

For the full list of changes, see the release notes.

Today's releases of Review Board 3.0.24 and 4.0.2 fix a handful of bugs and one security issue, and introduces support for defining safe URL protocols for Markdown text.

Security Fix for Markdown Review UI

Attackers could post a Markdown document for review that contained bad links that, when clicked, could invoke JavaScript code. We fixed a similar issue in 3.0.21, but this is specific to the Markdown Review UI.

Though this is a pretty small attack vector, we do strongly recommend that everyone upgrades as a precaution.

Custom URL Protocols

Administrators can now set a list of URL protocols (like eclipse://. ftp://, gopher://, etc.) they consider safe for their environment by modifying conf/settings_local.py: These will then be preserved when building links. For example:

ALLOWED_MARKDOWN_URL_PROTOCOLS = ['eclipse', 'ftp', 'gopher']

Bug Fixes

There are also fixes for:

• Marking session and CSRF cookies as secure
• Handling Subversion diffs with (nonexistent) revisions
• Markdown rendering of e-mail addresses
• Connecting to GitLab (in Review Board 4.0.2)

See the 3.0.24 release notes and 4.0.2 release notes for the full lists of changes.

Note: If you're upgrading to 3.0.24, please follow the installation instructions in the release notes so you don't end up on 4.0.2.

Review Board 4.0.1 is a small bug fix release that fixes a few regressions and add some new polish.

Highlights:

• WebHooks once again dispatch correctly in all configurations.
• rb-site manage no longer breaks with custom commands in the $sitedir/commands/ directory.
• All administration database browser pages now load without problems.
• Extra whitespace in inline Markdown code literals is now preserved.
• Code highlighting in Markdown is now more consistent between edit and render modes.

For the full list of changes, see the release notes.

We've been working toward Review Board 4.0 for some time now, and we're happy to announce that it's finally here!

This is a big release with a lot of user-facing, behind-the-scenes, and administrative changes. Let's dig into the highlights.

Multi-Commit Review Requests

When working with Git or Mercurial, review requests now track each and every commit that went into the change.

This provides reviewers with the freedom to review code in the way that makes the most sense to them. They can review each commit individually or select a range of commits to see and review at once.

Review requests can be landed to a repository or applied locally in either a squashed (single commit) form, or preserving each individual commit.

Support for Python 3

Review Board 4.0 is the first version to support Python 3. As of now, Python 3.6 through 3.9 can be used.

Python 2.7 is still supported. However, we will be dropping support in Review Board 5.0, so we recommend that people prepare an upgrade to Python 3 soon.

If you're an extension author, please be aware that you may need to update your extensions for both Python 3 and Django 1.11 compatibility. See the release notes for more information.

Jenkins Integration

The Jenkins integration can run automated tests and builds any time a new review request is posted or updated.

To get set up, follow the documentation and make sure you set up the Review Board plugin for Jenkins.

Discord Integration

The new Discord integration will post activity and discussions on review requests to your Discord channel. Teams using Discord can now stay informed on what's out for review, and what feedback's coming in.

Dashboard Overview Tab

The new "Overview" tab on the dashboard will show you all the review requests you have out for review, along with all the review requests that are in your review queue.

Publish Review And Archive

There's a new "Publish review and archive the review request" option available when reviewing a change. Click this to publish your review and then hide it from your dashboard until you get a reply.

Read-only Mode

Preparing for some downtime? Administrators can now place their Review Board server in read-only mode. This will prevent people from uploading new review requests, reviewing code, or changing their profiles, while you take care of your maintenance tasks.

New Administration UI

We've completely rewritten the administration UI to give you a better experience. It's mobile-friendly, with simpler navigation, a cleaner administrative dashboard, and screen reader support.

Smoother Installation and Management

It's now easier than ever to install optional dependencies for Review Board. We've added several special packages that will help install the right versions of the right dependencies:

• ReviewBoard[ldap]
• ReviewBoard[mercurial]
• ReviewBoard[mysql]
• ReviewBoard[swift]
• ReviewBoard[p4]
• ReviewBoard[postgres]
• ReviewBoard[subvertpy]
• ReviewBoard[s3]

Site installation and management has also been revamped, making it easier and faster to create new Review Board sites and to run common management tasks (like search index updates).

Plus...

• Live video thumbnails for video file attachments
• Improved support for screen readers (more improvements to come)
• New extension and API capabilities
• New automation options for site creation and management

Ready to upgrade?

First, make sure you have a backup of your database and site directory, and have tested an upgrade on a test server.

Please be aware that an upgrade can take time. You should also make sure your extensions have been updated to work with Review Board 4.0.

Then follow the upgrade instructions.

To learn more about Review Board 4.0, please read the release notes.

Power Pack 3.0.5 is a small bug fix release that addresses an important issue with PDFs.

PDF Rendering Fixes

Depending on the Review Board setup, a crucial file used to process PDFs would sometimes fail to load. This would result in a blank thumbnail or an empty PDF review UI.

We've tracked down this corner case and fixed it once and for all (hopefully). If you encounter any issues with PDFs, please reach out to us for support. Power Pack licenses entitle you to free support for any and all Power Pack features.

If you haven't upgraded lately...

In recent releases, we've added compatibility with the upcoming Review Board 4.0 release, fixed CSV export for Reports, and improved PDF compatibility.

Now's a great time to upgrade, or to start using Power Pack for the first time.

We're working on Power Pack 4.0, with new authentication features and database import/export. We should have more to show in a few months.

Learn more about Power Pack or upgrade your copy today!

Updated May 5th: We've followed this up with 3.0.23 to fix another regression impacting users who hadn't yet upgraded to 3.0.21.

This release fixes regressions in Markdown rendering, introduced by the security fix in 3.0.21.

The following Markdown features have been restored:

• Syntax-highlighting for code blocks
• Tables
• Emoji short codes (such as :thumbsup:)

Any broken Markdown introduced on 3.0.21 will render correctly after upgrading.

See the release notes for more details.

Review Board 3.0.21 and 4.0 RC 2 are out. These releases fix a security vulnerability, along with other bug fixes.

3.0.21 also introduces Docker support.

Security Fix

Both releases fix a XSS vulnerability in Markdown rendering, which could allow an attacker to craft a link that executes arbitrary JavaScript code when clicked.

The attacker would need to be someone who already has legitimate access to your server, and can perform reviews or otherwise access your code.

We recommend that everyone (especially those running public servers) upgrades to address this vulnerability, though the seriousness of the issue will vary from company to company.

Docker Support

Review Board 3.0.21 ships with new Docker support, helping you set up and deploy servers quickly without need to manually install anything.

This is still young. If you hit any issues, please report them to us.

Going forward, all Review Board 3.x and higher releases will include Docker images.

Compatibility and Bug Fixes

Both releases fix installation issues on Python 2.7, along with a handful of bug fixes and improvements.

See the 3.0.21 release notes and 4.0 RC 2 release notes for the full lists of changes.