Jump to >
Review Board 1.7.23 and Heartbleed

Review Board 1.7.23 is out. It’s a fairly typical bug fix release, with one addition that helps to address Heartbleed.

Heartbleed is the name for a widespread SSL security vulnerability found in OpenSSL and announced to the world on April 7th that can allow attackers to, in some cases, access private data in memory. It’s not specific to Review Board (and, in fact, the vulnerability lies outside of Review Board). Most Linux distributions are now providing patched OpenSSL packages, and the general recommendation is to re-issue your SSL certificates.

GitHub is recommending that users change their passwords and reset their authorization tokens. Review Board uses these tokens to communicate with your repositories on GitHub.

In 1.7.23, we’re providing a new management command for resetting your associated GitHub authorization tokens. You’ll need to know the password (and two-factor auth token, if enabled) for each linked account that you want to update.

To reset your tokens, install 1.7.23 and run:

$ rb-site manage /path/to/site reset-github-tokens

If you’re running an installation accessible over the Internet, you may want to have your users reset their passwords as well, to be safe.

Along with this, we have some authorization fixes for GitLab, and a few small bug fixes.

See the release notes for more information.

RBTools 0.6 released

Oh man, do we have a great release for you today.

RBTools 0.6 has just been released, and it's a big one. We spent a lot of time simplifying the process for posting and updating review requests, and we think it's going to make life a lot easier for just about everyone.

Posting using Git or Mercurial used to require dealing with --parent and --revision-range, along with our custom revision syntax. Now all you have to do is pass native revisions or revision ranges to rbt post, like so:

$ rbt post HEAD
$ rbt post main-branch..feature-branch
$ rbt post 123:126

Compare this to the old way of doing things:

$ rbt post --parent=HEAD^
$ rbt post --revision-range=main-branch:feature-branch
$ rbt post --revision-range=123:126

We've also improved how "guessing" descriptions and summaries from commits work. In previous versions, you needed to run rbt post -g to enable guessing, but in 0.6, it's now automatic for new review requests. This means less typing and less work to do.

That behavior can also be changed through new GUESS_FIELDS settings in .reviewboardrc. This is covered more in the documentation.

A few other goodies:

  • Feature and performance improvements for Mercurial
  • Shelf support for Perforce
  • Git repository hook scripts for auto-closing review requests and requiring approval for pushes
  • Support for Markdown commit descriptions in Review Board 2.0
  • Recording commit IDs in Review Board 2.0
  • Many new configuration options

And more.

A couple important notes. We've removed support for the old post-review tool. Running post-review will now tell you to use rbt post instead.

We've also removed support for Python 2.4. You will now need 2.5 or higher. We strongly recommend that everybody upgrades to Python 2.7.

See the release notes for the complete list of changes.

Review Board 2.0 RC 2 released

Review Board 2.0 RC 2 is out, everybody! Thanks to all the great feedback from our beta testers, we were able to identify and fix the few remaining issues keeping us from a solid 2.0 release.

There's a bunch of fixes for little things here and there. Some polish, some performance enhancements, and a couple usability improvements. All in all, the release is feeling pretty stable, and we're feeling confident that the final 2.0 is just around the corner.

We also included a couple experimental feature additions from this semester's batch of students:

  • The dashboard widgets in the administration UI can now be reordered through drag-and-drop, allowing you to see the widgets that are most important to you at a glance.
  • We've added an experimental WebHook for those using GitHub. This hook will close any review requests referenced in a pushed commit, filling in the revision and branch where the commit landed. This requires a publicly-accessible Review Board install.

Along with this, we've made some nice improvements to rb-site. It has a new streamlined installation experience, as well as new management commands for working with installed extensions.

There's a few other goodies we've thrown in as well. See our release notes for all the details.

Review Board 2.0 RC 1 released

We're in the home stretch now with our release of Review Board 2.0 RC 1.

Our fist release candidate was focused on squashing bugs, improving performance, and tweaking the usability of the product, in preparation for the final 2.0 release.

We've fine-tuned the diff viewer, cutting the time of some operations in half. We've also reduced the startup and response time for installations using extensions.

36 bugs were fixed since beta 3. These cover site installation, administration, the diff viewer, the new My Account page, and much more.

For extension writers, we've added a new hook for custom authentication backends, as well as a few more goodies to help keep your extension code tight and clean.

This release also includes the security fixes in the 1.7.22 release, and strengthens security and access logs in other areas.

If you're planning on upgrading to Review Board 2.0 when it's out, this would be a great time to test. We're hoping to release it soon, and your feedback will go a long way to ensuring this release is solid.

The full details are in the release notes.

Review Board 1.7.22 released

Review Board 1.7.22 is out. It's primarily a bug fix release, with an important security update (particularly for public installations).

An XSS vulnerability was reported that we've patched that involves the Search field. If you're running a 1.7.x release, we recommend updating to 1.7.22.

There's also a large number of bug fixes in this release. We've been working hard on going through the bug tracker and fixing up as many bugs as we can. This includes Git diff parsing fixes, compatibility improvements for Mercurial configurations, easier support for enabling HTTPS, and more.

See the release notes for the complete list of fixes.

Review Board 2.0 beta 3 released

Diffed Text Fields

Review Board 2.0 beta 3 is out! This is an amazing release, with over 15 new user-facing features, over 40 bug fixes, nearly 20 new API and extension improvements, and some significant performance and usability enhancements.

This is a huge beta, but it's also expected to be our last beta. We'll be moving on to RC next, with a final 2.0 release (hopefully) around the corner. If you're planning to upgrade to Review Board 2.0 (and why wouldn't you?), you should give the beta try.

Some of the highlights of this release include:

  • Issue tracking in the dashboard

    See at a glance which changes are ready to ship and which still have work left to do.

    You'll never see a Ship It! if there are any issues still open.

  • Better review request updates

    Changes to the Description and Testing Done fields are shown as diffs, making it easy to see what changed.

    New diff uploads list the modified files and the complexity of the changes.

    New file attachments are shown as thumbnails, and can be reviewed right from the box.

  • Indentation markers in diffs

    Your indentation changes are now shown clearly without distracting from your other changes. Unlike most diff viewers, we don't clutter your view with inserts, deletes, or replaces.

    Super useful for Python files.

  • All new My Account page

    It's now easier to find and join groups!

    This is also a great place for extensions to provide per-user customization.

  • Customizable "approval" for review requests

    Extensions can decide if a review request is approved, and API consumers (such as pre-commit hooks) can enforce those decisions.

    We're working on some hooks that can take advantage of this.

  • Improved post-commit support for Subversion

    Non-standard repository layouts now work a lot better with the New Review Request page.

And much, much more.

If you're an extension author, you'll have a lot of new goodies to play with. An assortment of new hooks, better static media support, per-page JavaScript extensions, and easier extension initialization, to name a few.

Be sure to check out our release notes for the full list of changes, including some pretty screenshots showing off many of the new features. Be sure to read the installation instructions and upgrade notes.

RBTools 0.5.7 released

Last week's RBTools release brought a lot of great improvements to Perforce, but it also brought an obnoxious bug along for the ride. To post a review request or run any of the other RBTools commands, you had to be in the root of your Perforce checkout.

RBTools 0.5.7 corrects this bug. If you're a Perforce user, you'll want this release. Otherwise, upgrade if you like shiny new version numbers, but you won't see any differences.

See the release notes for the same information.

RBTools 0.5.6 released

We just released RBTools 0.5.6, which fixes several bugs with Perforce.

A couple of the new commands, such as rbt status, would crash when used with Perforce repositories. These have been fixed, and you should now be able to use rbt status, rbt diff, and others without any problems.

We also fixed a long-standing bug with matching Perforce repositories. In previous releases, if $P4PORT was pointing to a server where you had an active client, RBTools could end up matching that client's repository instead of the one in the current directory. For example, if running inside a Bazaar repository, or (in some releases) in a Git repository. That should no longer happen in this release.

There's also a fix restoring Python 2.4 compatibility in rbt setup-repo. While the 0.5.x releases support Python 2.4, 0.6.x will not. If you are running Python 2.4, we recommend upgrading.

See the release notes for the complete list of changes.

Review Board Power Pack trial licenses are now available

Last week, we announced the release of the Review Board Power Pack, an add-on product for Review Board that provides PDF document review, GitHub Enterprise integration, and scalability improvements.

Starting today, we've made it easy to try it out. Simply fill out the form and a 30 day trial license will be sent to your e-mail address. You can then follow the instructions for installing Power Pack.

We'd love to hear your feedback. We're working on some exciting new features for Power Pack that we know our users will love. We'll talk about those more in the coming months.

Review Board 2.0 beta 2 released

This week has been full of great releases, but we're not done yet. Today, we're excited to announce Review Board 2.0 beta 2!

This long-awaited beta is almost a major release by itself. Let's check out the highlights:

  • New look-and-feel for review requests, review UIs, and the login/registration pages.
  • Ability to review any text files, just like diffs, complete with syntax highlighting and multi-line commenting.
  • Bulk closing for review requests on the dashboard.
  • Enhanced Markdown file review.
  • Rewrote search support, making it very easy to install. No more PyLucene!
  • Security checklist to help catch some common security vulnerabilities.
  • A new rb-site management command for compressing your database up to 50%.
  • Whole lot of new extension features and API additions.
  • Performance improvements.
  • Several bug fixes.

That's just the summary. The release notes cover all the exciting changes in this release. We think you're going to like it.

We have one very important note for upgrading. We always say this, but back up your database! This release uses a whole new mechanism for automated database migrations, and it's possible there are still bugs to work out. If you do have a problem, please contact us and let us know.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 pages