What's New in Review Board

Today's release is the second in a series of releases built to improve the speed of the product, reducing the database work required in most pages and in the API. That's not all, though. We've fixed a few bugs, including an API regression from 2.0.12, and added a few new user-facing and administrative features.

More Fine-Tuning

We've further reduced the database work required by Review Board, particularly when it comes to loading and saving user-specific data, something we do on nearly every HTTP request.

Behind the scenes, we've made several improvements to our API testing infrastructure that will help us make the API more lean in future releases.

The Follow Menu

We've added a new menu to the top-right of Review Board that helps users find the Review Board News feed, Twitter, Facebook page, Subreddit, and YouTube channel. This is intended to help users follow the latest Review Board and RBTools updates and to read, watch, or discuss both code review tips and Review Board in general.

Improved E-Mail Support

If you're dealing with "this e-mail is suspicious" warnings in your e-mail client, you're running into problems with how Review Board sends e-mail on behalf of users.

While this can generally be corrected through proper domain records, you can now change how Review Board generates e-mails through a new option in the E-Mail Settings page.

Plus Some Other Improvements

• We've fixed a regression in the review request draft API that caused unwanted groups to appear when emptying the field.

• Those using custom X.509-based authentication schemes can now specify a custom username field without forking any code.

• Search results now contain inactive users and closed review requests.

• Condition fields for integrations no longer show any archived/hidden repositories or hidden groups, resulting in less noise when setting things up on older installations.

See the release notes for all the changes in 3.0.13.

The new major release of Power Pack 3.0 brings the ability to diff PDF documents, comparing how the text of the document changes between revisions, and makes it easier to manage your license subscriptions.

Viewing Differences in PDFs

This can drastically cut down on the time needed to read through documents as the author takes in suggested edits from reviewers. Just like a code diff, any text changes made in a document are shown inline in the PDF, color-coded for easier viewing.

A handy new sidebar view catalogues all the changes made throughout the document, so there's no need to carefully scrutinize as you scroll.

If you do need to scroll, a new "Lock scroll" checkbox gives you control over whether the documents should scroll in sync, or scroll individually.

In order to enable diffing support for PDFs, you will need a PDF document that contains text information embedded in the document (such as when printing to PDF or using OCR on a scanned document). It's also important to update the existing PDF file attachment with the new document, instead of creating a brand new upload.

Easier License Management

We've revamped the Power Pack configuration page to better show the status and health of your license, how quickly the expiration date is coming up or whether you're hitting your user cap.

The new "Manage your license" button takes you straight to our license portal where you can renew your license, convert to a yearly subscription, add additional users, and more.

Power Pack now checks for updates to your license automatically when viewing the Power Pack configuration page, and will install any new license it finds. You no longer need to download and install new license files from the license portal yourself.

Plus the Usual Bug Fixes

We've sorted out some crashes and visual glitches in reports, as well as a compatibility problem with AWS CodeCommit. The full list of changes are in the release notes.

Get started today with a 30 day trial license. After 30 days, enjoy a complimentary license for up to 2 users forever, or purchase a license for the rest of your organization.

Today’s release of Review Board is the first in a series of releases focusing on performance. We’re going through the product with a fine-toothed comb, looking for places where we can make things faster so your servers can be happier and your developers more productive — or vice-versa.

Working Toward a Faster Review Board

Review Board 3.0.12 reduces the amount of database work required when updating or publishing review request drafts, loading extensions, processing integrations, and working with the API in general.

It also lays the groundwork for further improvements coming in 3.0.13 and beyond, helping ensure faster database reads and writes across the product.

And don't worry — no database upgrades are required for this release.

Improving the API

We've reworked two of the APIs to help customers building their Review Board integrations. The review request draft API now handles concurrent updates to the same draft from multiple clients far better than before, preventing fields from being overwritten unintentionally.

The repository API has also been rewritten, making it easier to archive repositories, adding better validation, and getting things ready for creating and updating repositories backed by hosting services (coming soon).

Plus a Few Other Fixes

We've also fixed a crash that could occur when sorting non-sortable Dashboard columns in the URL, the length of archived repository names, and over-zealous access restrictions in the Diff Context API.

See the release notes for more details on everything that's in 3.0.12.

Today's release of Review Board 3.0.11 features a security fix in the API, compatibility with modern Bitbucket WebHooks, and other improvements. We've also put out an accompanying 2.5.18 security release, for those who haven't yet upgraded to 3.0.

Diff Validation Security Fix

The Diff Validation API allowed for private repositories to be specified when validating a new diff. This did not leak any file contents whatsoever, but could expose whether a particular file at a revision did or did not exist, or whether an uploaded patch could be applied against those files.

This is only an issue for servers making use of private repositories, and it does not apply to Local Site access control. Still, we recommend that everyone updates to this release.

Modern Bitbucket WebHooks

Bitbucket removed support for their legacy WebHooks, which broke Review Board's ability to auto-close review requests when commits are pushed.

The 3.0.11 release adds compatibility with the newer WebHooks. Follow the instructions to re-add any hooks you had set before in Bitbucket.

Other Fixes and Improvements

• Repository names can now be up to 255 characters long, giving you enough room to generate names based on URLs or some other identifier
• Errors finding the GitLab API version (usually caused by domain resolution or SSL certificate trust issues) now contain enough information to help you locate the real problem
• Fixed crashes with sending WebHook payloads when certain data types were involved

See the Review Board 3.0.11 and 2.5.18 release notes for the full list of changes.

Security fixes

Review Board 3.0.10 addresses a security vulnerability found in-house that could allow for malicious JavaScript from a user profile to execute when rendering avatars. This bug was originally introduced in 3.0.7 and does not affect any prior releases.

Although there are no known exploits found in the wild, we do recommend that everyone upgrades to this release.

Plus several bug fixes, including

• A regression introduced in 3.0.9 with sending WebHooks
• An upgrade bug that could occur when upgrading to 3.0.x for the first time
• Conflicts between extensions when installing or upgrading multiple ones at a time
• URLs not always linking in comments and text fields

And other improvements

• The New Review Request page confirms that you want to post commits for review, in case you click the wrong thing
• Review request e-mails now show the branch information

That's not all. Check out the release notes for the rest of the changes.

Today's release of Review Board 3.0.9 brings on a handful of bug fixes for extensions, diffs, review requests, Perforce, Subversion, JIRA, Review Bot, and more. Plus, better active user tracking (for support contracts and licenses) and new condition rules.

Let's take a look.

Welcome back, Review Bot

A recent release of Review Bot unveiled some bugs in our extension handling. When installing for the first time, Review Board could crash loading the metadata. Shouldn't be a problem anymore, and thanks everyone for your patience on this.

Activity tracking has improved

We now store information on when users last used Review Board, helping administrators get a better idea of their active user base. Particularly helpful when signing up for support or purchasing a Power Pack license.

Subversion, Perforce, and JIRA are happier

Subversion repositories that allowed anonymous access were broken when using Subvertpy as a backend

Tracked down an odd bug with Perforce involving access-restricted Perforce clients named "none" blocking new review requests from being posted.

If JIRA was configured wrong, your logs could be full of crash details when failing to access a ticket. Now we handle that much more gracefully.

Extension authors, too

The Review Bot bug wasn't limited to just Review Bot. Any extensions with Unicode characters in the description could break, but not anymore.

We've also identified an issue that could break some custom authentication backends, and another that could prevent custom date/time fields from saving reliably.

We polished visuals

We've fixed up some alignment annoyances with move detection flags in the diff viewer. Moved lines of code no longer appear ever-so-slightly indented.

The Dashboard had some lingering hover styles for date fields that were pretty sloppy. We got rid of them.

Notifications for updates on a review request could also show the wrong timestamp in cases, or the wrong user if an administrator changed a review request. Edge cases, but they're taken care of.

Made integrations more flexible

We've added new options for choosing when Slack and other integrations do their thing. You can now define rules based on who has participated in discussions on a review request, or who is listed as a target reviewer.

And there's some other stuff

Fixes for the API, better safeguards for webhooks, and new helpful instructions for Beanstalk.

See the release notes for the full list of changes.

Today's release of Review Bot, our automated code review extension for Review Board, introduces a few new features and fixes several compatibility issues and other bugs. Most of these wouldn't have happened without our wonderful community of contributors and early adopters. Thank you!

Let's look at the highlights.

Full-Repository Review for Mercurial

Some tools (such as the Clang Static Analyzer) need a full checkout of the repository in order to perform a full review. These now work with Mercurial repositories in addition to Git.

Cppcheck Language Selection

Cppcheck can now be forced to check source files as either C or C++ code. This is helpful for codebases that treat .h files as C++. By default, it will continue to auto-detect the file type based on the extension.

Compatibility Fixes

Review Bot now authenticates properly with Review Board 3.0.8.

Dependency conflicts involving pyflakes, pycodestyle, or flake8 when installing the Review Bot Worker have been resolved. Not everyone hit these, but it was common on newer installs due to changes in newer versions of these packages.

And More

We've smoothed out communication between the Review Bot extension and worker services, added better error handling when saving a configuration form without all required data, removed unwanted temporary files, and fixed error reporting in flake8 and cpplint.

For the full list of changes, see the release notes.

Today’s release of RBTools fixes some of the most common issues experienced in the recent 1.0 release:

Improved Windows compatibility

This release fixes some regressions on Windows, namely a crash when prompting for a password for Review Board.

If you're continuing to hit problems on Windows, please let us know in our community support tracker so we can collect additional information on your setup.

Fixes for Empty Diff errors on Git

While RBTools 1.0 greatly improved how diffs were generated for Git repositories under many scenarios, it broke one important workflow.

Posting a branch for review after pushing that branch upstream no longer results in errors about empty diffs when a tracking branch is configured. Instead, the tracking branch is once again respected, allowing your topic branch to be posted for review in full.

See the release notes for the full list of changes.

Today's release of Review Board 3.0.8 features a few small bug fixes:

• Invisible search filters in the search results
• Crashes in the API when working with automated code review
• Deleting draft replies prematurely when deleting the reply to a review header
• Compatibility problems using Subvertpy and HTTPS-backed repositories

(See the release notes for the full list of changes.)

The big announcement today, though, is a new companion to Review Board that we'd like to introduce you to.

Meet RB Gateway

RB Gateway is a microservice used by Review Board that's built to address shortcomings in Git and Mercurial's APIs. Git, in particular, is quite limited. It doesn't provide fine-grained access to the contents of repositories, meaning that tools like Review Board typically have to depend on specific hosting services (like GitHub Enterprise or GitLab) or hacks to work.

When using RB Gateway, Review Board can access your self-hosted repositories in new ways, enabling users to browse for commits, close review requests when a commit is pushed, and more cleanly managing your repositories. It works just like other hosting services, but is simple to set up and configure on all major platforms.

This means no more GitWeb, cgit, or hgweb hacks! Just install RB Gateway, point it to your repositories, and tell Review Board about them. You're done.

RB Gateway can be installed on Linux, macOS, or Windows. Installation is easy, and we have instructions to help you get started.

For the best experience, we recommend Review Board 3.0.8 with RB Gateway. Older 2.5.x and 3.0.x releases support it, but are limited in functionality and only support Git.

RBTools has been an important part of the life of Review Board users for many years. While it started off as a single tool for posting review requests, its feature set has evolved with time, turning into an extensible set of tools and APIs for talking to Review Board.

Today, we're finally pulling RBTools out of the 0.x era with the release of RBTools 1.0.

Compatible with Python 3

Both the RBTools commands and the Python API now support Python 2.7 and 3.5+.

(Please let us know if you hit any issues on Python 3, as this is still pretty new.)

Better Repository Detection and Git Support

RBTools now does a better job determining which repository it's working with, in case there's confusion. For example, a Mercurial repository nested in a Git-managed home directory will no longer cause problems.

Git repositories in particular are now easier to work with. When generating a diff, RBTools now looks for the nearest upstream parent commit or branch, instead of requiring that users or repositories configure a specific tracking branch.

Publish Automated Reviews

Writing your own automated review solutions for Review Board 3.0 or RBCommons just became easier through the new rbt status-update command. Your scripts can use it to file a pending status update on a review request (showing that checks are being performed) and then update it to say that all is well or to report issues that need to be fixed.

This is useful for in-house continuous integration setups where you're analyzing code for errors, style issues, documentation, or any other requirements you might have.

Easily Land Complex Dependent Changes

rbt land can now land multiple review requests tied together using the Depends On field.

This works with -r to take the ID of the review request you want to land. It will figure out which review requests must land before it and in which order. For example, if review request 3 depends on 2, which depends on 1, you can run:

$ rbt land --recursive -r 3

Instead of:

$ rbt land -r 1
$ rbt land -r 2
$ rbt land -r 3

This is a precursor to the new DVCS support coming soon in Review Board 4.0.

And That's Not All

• rbt setup-completion was added to enable auto-completion of RBTools commands and arguments in Bash and ZSH shells.

• rbt alias was added to help you list and test out your custom aliases.

• rbt post --submit-as can now automate posting review request updates, and not just new review requests, on a user's behalf.

• rbt post -m and rbt publish -m let you specify a custom description of your draft's changes when publishing (equivalent to filling out the "Describe your changes" box when publishing in the browser).

• rbt post --trivial-publish and rbt publish --trivial let you publish trivial updates to a review request without sending out e-mails to everyone (when using Review Board 3.0 or RBCommons).

• rbt status now lists the review state and local branch for each review request you have up for review.

• Warnings and errors in command output is now specially highlighted to help it stand out.

• Several fixes and improvements for Git and Subversion compatibility.

• The API has been improved, supporting extra_data fields and easier pagination of resources.

And plenty of other fixes and improvements. See the release notes for the full list of changes in 1.0.

Download It Today!

RBTools is out today for Windows, Linux, and Mac. Head on over to the downloads page for installation instructions.