What's New in Review Board

On June 11, 2019, Bitbucket removed an API that Review Board required in order to upload or view diffs. This caught us by surprise, and if you use Bitbucket, you may have had a rough day. Us too.

We've worked around this in today's release, restoring full Bitbucket compatibility. We've also fixed some regressions introduced by changes to Bitbucket's webhook payloads (used to auto-close review requests).

Going forward, Review Board 3.0.15 or higher is required to use Bitbucket.

By the way, to keep track of important issues like this, follow us on Twitter.

Along with the Bitbucket fixes, we've added some polish to other parts of the product:

• Some sort of avatar will now always show up, no matter your configuration. If you've disabled all avatar services, we'll make sure the fallback avatar service is used.
• Using emojis shortcodes? You've probably noticed they've been looking... a bit strange. A CDN changed on us, so we've updated to use the new one.
• Very, very large images (high-DPI images, screenshots) shown in comments and other text fields would expand far outside their container, but no longer.
• People sometimes like to paste URLs or other text in the Depends On field for review requests, which just sort of failed with an error. Now you'll see something more helpful.
• If you've tried updating access lists for repositories lately, you may have noticed your changes weren't always saving. *ahem* We've taken care of that.
• Writing custom extensions? Adding new review request actions? Callbacks registered with RB.ReviewRequestActionHook will now do what they're supposed to do, instead of crashing.

See the release notes for everything in 3.0.15.

Improved Python 3 Support

RBTools 1.0 introduced support for Python 3, and since then many more of our users have switched over and sent us patches to improve that support. We've also improved our testing, helping us to maintain a more stable Python 3 codebase.

Two-Factor Auth for RBCommons

The support for Two-Factor Authentication in RBCommons has been completely redone to avoid login rate limit issues, missing headers, and trouble logging in.

Going forward, RBTools 1.0.2 will be the minimum version required for RBCommons accounts using Two-Factor Authentication.

Git Improvements

We've improved upon the smart tracking branch detection logic introduced in RBTools 1.0, which is designed to find the right tracking branch for your local changes. It now does a better job of finding a suitable branch if your repository doesn't have an origin remote, and gives priority to the one provided in --tracking-branch.

Support for disabling Git file rename detection has also been added, for those cases where Git is getting too aggressive and making for bad diffs. Simply pass --no-renames to rbt post or rbt diff to generate a diff without renamed files.

A Step Toward Better Error Messages

We've working to improve error messages throughout our products, to help guide people when things go wrong.

If RBTools is pointing to a bad Review Board URL, it no longer just fails with an HTTP status code or cryptic error message. RBTools will now inspect the URL to determine what may have gone wrong, and offer guidance on resolving the problem.

Error messages in our API and other commands have also been fixed. We'll be making further improvements in future releases.

Plus More

• Perforce diffs now contain information on binary files
• Aliases invoking shell commands now preserve their quotes and escape sequences
• Patches from users with private profiles enabled can now be applied to new commits without crashing

See the release notes for the full list of changes.

Today's release of Review Board 3.0.14 fixes a handful of bugs that may be plaguing you, and introduces some long-overdue UI improvements for integrations and avatars.

Fallback Avatars

Review Board now displays a default avatar when no other avatar service is available for the user.

This avoids those annoying blank avatars and ugly log messages when users have opted out of all other types of avatars.

A Better Integrations Experience

Integrations configuration has been completely redone, making it easier to see what integrations you already have and which are available to install.

RBCommons will be receiving support for integrations very soon. We're beta-testing this now, so if you're interested in trying it out, let us know!

Plus...

• A regression with using integrations bound to repositories and review groups has been fixed.
• The bubble shown on the Review Request page when there are updates doesn't sometimes list the wrong reviewer name anymore.
• Our close-on-push hooks for GitHub, Bitbucket, and other services no longer crash when encountering invalid review request IDs in commit messages.
• We've bumped up the version of Less, the language used for our CSS, from 2.6 to 3.9. Extensions can now make use of all the latest Less CSS features.
• The Users API now supports optional rendering of avatars, supporting all Review Board and in-house avatar services.

See the release notes for all the changes in this release.

Today's release is the second in a series of releases built to improve the speed of the product, reducing the database work required in most pages and in the API. That's not all, though. We've fixed a few bugs, including an API regression from 2.0.12, and added a few new user-facing and administrative features.

More Fine-Tuning

We've further reduced the database work required by Review Board, particularly when it comes to loading and saving user-specific data, something we do on nearly every HTTP request.

Behind the scenes, we've made several improvements to our API testing infrastructure that will help us make the API more lean in future releases.

The Follow Menu

We've added a new menu to the top-right of Review Board that helps users find the Review Board News feed, Twitter, Facebook page, Subreddit, and YouTube channel. This is intended to help users follow the latest Review Board and RBTools updates and to read, watch, or discuss both code review tips and Review Board in general.

Improved E-Mail Support

If you're dealing with "this e-mail is suspicious" warnings in your e-mail client, you're running into problems with how Review Board sends e-mail on behalf of users.

While this can generally be corrected through proper domain records, you can now change how Review Board generates e-mails through a new option in the E-Mail Settings page.

Plus Some Other Improvements

• We've fixed a regression in the review request draft API that caused unwanted groups to appear when emptying the field.

• Those using custom X.509-based authentication schemes can now specify a custom username field without forking any code.

• Search results now contain inactive users and closed review requests.

• Condition fields for integrations no longer show any archived/hidden repositories or hidden groups, resulting in less noise when setting things up on older installations.

See the release notes for all the changes in 3.0.13.

The new major release of Power Pack 3.0 brings the ability to diff PDF documents, comparing how the text of the document changes between revisions, and makes it easier to manage your license subscriptions.

Viewing Differences in PDFs

This can drastically cut down on the time needed to read through documents as the author takes in suggested edits from reviewers. Just like a code diff, any text changes made in a document are shown inline in the PDF, color-coded for easier viewing.

A handy new sidebar view catalogues all the changes made throughout the document, so there's no need to carefully scrutinize as you scroll.

If you do need to scroll, a new "Lock scroll" checkbox gives you control over whether the documents should scroll in sync, or scroll individually.

In order to enable diffing support for PDFs, you will need a PDF document that contains text information embedded in the document (such as when printing to PDF or using OCR on a scanned document). It's also important to update the existing PDF file attachment with the new document, instead of creating a brand new upload.

Easier License Management

We've revamped the Power Pack configuration page to better show the status and health of your license, how quickly the expiration date is coming up or whether you're hitting your user cap.

The new "Manage your license" button takes you straight to our license portal where you can renew your license, convert to a yearly subscription, add additional users, and more.

Power Pack now checks for updates to your license automatically when viewing the Power Pack configuration page, and will install any new license it finds. You no longer need to download and install new license files from the license portal yourself.

Plus the Usual Bug Fixes

We've sorted out some crashes and visual glitches in reports, as well as a compatibility problem with AWS CodeCommit. The full list of changes are in the release notes.

Get started today with a 30 day trial license. After 30 days, enjoy a complimentary license for up to 2 users forever, or purchase a license for the rest of your organization.

Today’s release of Review Board is the first in a series of releases focusing on performance. We’re going through the product with a fine-toothed comb, looking for places where we can make things faster so your servers can be happier and your developers more productive — or vice-versa.

Working Toward a Faster Review Board

Review Board 3.0.12 reduces the amount of database work required when updating or publishing review request drafts, loading extensions, processing integrations, and working with the API in general.

It also lays the groundwork for further improvements coming in 3.0.13 and beyond, helping ensure faster database reads and writes across the product.

And don't worry — no database upgrades are required for this release.

Improving the API

We've reworked two of the APIs to help customers building their Review Board integrations. The review request draft API now handles concurrent updates to the same draft from multiple clients far better than before, preventing fields from being overwritten unintentionally.

The repository API has also been rewritten, making it easier to archive repositories, adding better validation, and getting things ready for creating and updating repositories backed by hosting services (coming soon).

Plus a Few Other Fixes

We've also fixed a crash that could occur when sorting non-sortable Dashboard columns in the URL, the length of archived repository names, and over-zealous access restrictions in the Diff Context API.

See the release notes for more details on everything that's in 3.0.12.

Today's release of Review Board 3.0.11 features a security fix in the API, compatibility with modern Bitbucket WebHooks, and other improvements. We've also put out an accompanying 2.5.18 security release, for those who haven't yet upgraded to 3.0.

Diff Validation Security Fix

The Diff Validation API allowed for private repositories to be specified when validating a new diff. This did not leak any file contents whatsoever, but could expose whether a particular file at a revision did or did not exist, or whether an uploaded patch could be applied against those files.

This is only an issue for servers making use of private repositories, and it does not apply to Local Site access control. Still, we recommend that everyone updates to this release.

Modern Bitbucket WebHooks

Bitbucket removed support for their legacy WebHooks, which broke Review Board's ability to auto-close review requests when commits are pushed.

The 3.0.11 release adds compatibility with the newer WebHooks. Follow the instructions to re-add any hooks you had set before in Bitbucket.

Other Fixes and Improvements

• Repository names can now be up to 255 characters long, giving you enough room to generate names based on URLs or some other identifier
• Errors finding the GitLab API version (usually caused by domain resolution or SSL certificate trust issues) now contain enough information to help you locate the real problem
• Fixed crashes with sending WebHook payloads when certain data types were involved

See the Review Board 3.0.11 and 2.5.18 release notes for the full list of changes.

Security fixes

Review Board 3.0.10 addresses a security vulnerability found in-house that could allow for malicious JavaScript from a user profile to execute when rendering avatars. This bug was originally introduced in 3.0.7 and does not affect any prior releases.

Although there are no known exploits found in the wild, we do recommend that everyone upgrades to this release.

Plus several bug fixes, including

• A regression introduced in 3.0.9 with sending WebHooks
• An upgrade bug that could occur when upgrading to 3.0.x for the first time
• Conflicts between extensions when installing or upgrading multiple ones at a time
• URLs not always linking in comments and text fields

And other improvements

• The New Review Request page confirms that you want to post commits for review, in case you click the wrong thing
• Review request e-mails now show the branch information

That's not all. Check out the release notes for the rest of the changes.

Today's release of Review Board 3.0.9 brings on a handful of bug fixes for extensions, diffs, review requests, Perforce, Subversion, JIRA, Review Bot, and more. Plus, better active user tracking (for support contracts and licenses) and new condition rules.

Let's take a look.

Welcome back, Review Bot

A recent release of Review Bot unveiled some bugs in our extension handling. When installing for the first time, Review Board could crash loading the metadata. Shouldn't be a problem anymore, and thanks everyone for your patience on this.

Activity tracking has improved

We now store information on when users last used Review Board, helping administrators get a better idea of their active user base. Particularly helpful when signing up for support or purchasing a Power Pack license.

Subversion, Perforce, and JIRA are happier

Subversion repositories that allowed anonymous access were broken when using Subvertpy as a backend

Tracked down an odd bug with Perforce involving access-restricted Perforce clients named "none" blocking new review requests from being posted.

If JIRA was configured wrong, your logs could be full of crash details when failing to access a ticket. Now we handle that much more gracefully.

Extension authors, too

The Review Bot bug wasn't limited to just Review Bot. Any extensions with Unicode characters in the description could break, but not anymore.

We've also identified an issue that could break some custom authentication backends, and another that could prevent custom date/time fields from saving reliably.

We polished visuals

We've fixed up some alignment annoyances with move detection flags in the diff viewer. Moved lines of code no longer appear ever-so-slightly indented.

The Dashboard had some lingering hover styles for date fields that were pretty sloppy. We got rid of them.

Notifications for updates on a review request could also show the wrong timestamp in cases, or the wrong user if an administrator changed a review request. Edge cases, but they're taken care of.

Made integrations more flexible

We've added new options for choosing when Slack and other integrations do their thing. You can now define rules based on who has participated in discussions on a review request, or who is listed as a target reviewer.

And there's some other stuff

Fixes for the API, better safeguards for webhooks, and new helpful instructions for Beanstalk.

See the release notes for the full list of changes.

Today's release of Review Bot, our automated code review extension for Review Board, introduces a few new features and fixes several compatibility issues and other bugs. Most of these wouldn't have happened without our wonderful community of contributors and early adopters. Thank you!

Let's look at the highlights.

Full-Repository Review for Mercurial

Some tools (such as the Clang Static Analyzer) need a full checkout of the repository in order to perform a full review. These now work with Mercurial repositories in addition to Git.

Cppcheck Language Selection

Cppcheck can now be forced to check source files as either C or C++ code. This is helpful for codebases that treat .h files as C++. By default, it will continue to auto-detect the file type based on the extension.

Compatibility Fixes

Review Bot now authenticates properly with Review Board 3.0.8.

Dependency conflicts involving pyflakes, pycodestyle, or flake8 when installing the Review Bot Worker have been resolved. Not everyone hit these, but it was common on newer installs due to changes in newer versions of these packages.

And More

We've smoothed out communication between the Review Bot extension and worker services, added better error handling when saving a configuration form without all required data, removed unwanted temporary files, and fixed error reporting in flake8 and cpplint.

For the full list of changes, see the release notes.