Jump to >
New security releases: Review Board 1.6.19 and 1.7.15

Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of private review requests would show up on some pages (though the review requests themselves were not accessible).

These issues do not affect most of the installations out there, but we strongly recommend upgrading anyway. There are no known cases of anyone exploiting these bugs, and in fact we discovered these internally while building new tools to test for security vulnerabilities in our codebase.

There are also some other bug fixes, and important changes needed for extensions that provide their own REST APIs.

See the 1.6.19 and 1.7.15 release notes for more details on these releases.

Review Board 1.7.14 released

As we noted previously, there was a major Django security release announced. We're following that up with a new Review Board 1.7.14 release.

Along with updating to the latest Django release, we're also fixing a security issue in the API that affects those using access control on repositories and groups. It's possible to craft an API request that fetches reviews and some other information on review requests that shouldn't be accessible.

There's also support for Team accounts on Bitbucket, and a small handful of bug fixes.

See the release notes for more information.

Review Board 1.7.13 released

Review Board 1.7.13 is released, and brings with it support for Beanstalk and Bitbucket Git.

Beanstalk is a code hosting and development service with support for Git and Subversion. It integrates with a variety of services and offers easy deployment to servers.

We had support for Bitbucket with Mercurial, but due to some missing API, we couldn't integrate with Git. That's been solved in 1.7.13, if you also use RBTools 0.5.2.

There's also a handful of other fixes and improvements in this release.

While you're upgrading, we recommend making some additional changes to your Apache configuration. See the updates on our guide to securing file attachments.

See the release notes for more information on what's in 1.7.13.

RBTools 0.5.2 released

RBTools 0.5.2 is released, with a handful of new features and some nice fixes.

First off, along with the upcoming Review Board 1.7.13 release, you'll be able to post changes to Beanstalk and Bitbucket Git repositories. This should be helpful to a lot of you looking to use these services.

We've also made the tools a bit more friendly. The --help argument is back for all tools, and can be placed before or after the rbt sub-command (for example, rbt --help post or rbt post --help).

There's a new rbt get tool for scripts that want to talk more directly to our API, or those who want to experiment with the API without writing a script.

On top of all that, there's git-p4 support, improved Subversion support, and more.

See the release notes for the full list.

Review Board 1.6.18 and 1.7.12 released

We're happy to announce a couple new releases of Review Board tonight.

Both 1.6.18 and 1.7.12 focus on further security lockdowns and fixes. We've had some great testing and reports from a couple of our very security-savvy users, and we'll be continuing to put out new releases as they find more.

Those running public installs should update, and should also read our guide on securing file attachments.

None of the issues found have been seen in the wild. We've also been in contact with administrators of some of the larger public Review Board installations about our findings. If you run a public install and would like to be kept informed of any new security updates, please let us know.

Now, that's not all that 1.7.12 brings. We also have some new improvements for extension writers that are helpful to those writing larger extensions. This is all in preparation for some major improvements coming in 1.8. There's also a few bug fixes, such as a much-requested fix to the "Show Whitespace Changes" toggle.

See the 1.6.18 and 1.7.12 release notes for more details.

Review Board 1.7.11 released

Review Board 1.7.11 is released. It's a small release that just fixes a visual issue with the drop-down menus on IE9, and a compatibility issue with Python 2.5.

If you're primarily using non-IE browsers, and using something newer than Python 2.5, you don't need to upgrade to 1.7.11.

For those using Python 2.5, we recommend planning an upgrade to Python 2.7 soon. Review Board 1.8 will stop supporting Python 2.5, and 2.7 is your best bet for longer-term compatibility.

Release notes are available.

Review Board 1.6.17 and 1.7.10 released

We have a pair of releases today for users of Review Board 1.6.x and 1.7.x. Both contain important security updates, and we recommend updating immediately.

This security vulnerability allows attackers to execute JavaScript under certain conditions. There are no known vulnerabilities in the wild. The latest 1.6.x and 1.7.x releases are susceptible to the flaw. We have released 1.6.x and 1.7.x updates. We recommend that all users upgrade their install to a modern release, particularly if you are running a version prior to 1.6.

Along with the security updates, Review Board 1.7.10 provides some new bug fixes, API enhancements (for comments and screenshots), and UI refinement.

See the 1.6.17 and 1.7.10 releases for more info.

Review Board 1.7.9 released

Some of our wonderful early adopters found a couple bugs in 1.7.8 and some missing API for the new Depends On feature. We decided to get these out before everyone else upgraded.

Thanks early adopters!

Review Board 1.7.9 has an installation fix for some MySQL configurations, new API for Depends On and Blocks fields on review requests, and fixes to the recommended cgit URL for Git repositories.

Release notes are available.

Review Board 1.7.8 released

Review Board 1.7.8 is out, and it's chock full of goodies.

Review requests have two new fields: Blocks and Depends On. Developers can mark that a review request depends on another review request, helping reviewers prioritize what to review first. This goes both ways. A review request depending on another will be shown as being blocked on the other.

We've increased performance across the board. Every page's load times should be reduced. Upload times for diffs will, in many cases, also be reduced, as we won't hammer your repository as hard. This will also help with those using GitHub who may worry about API limits. The dashboard's reloading is smoother and less prone to problems when the connection or server goes down.

Clicking "Get Support" now goes to an all-new support page with some helpful links. If you have a support contract with us, the support page will give you an easy way to contact us with a problem.

You can even change the page that "Get Support" points to, which is handy if you have your own support page in your company.

That's not all. There's several improvements to the extension framework, improved logging for error resolution, and several bug fixes.

See the release notes for the full list of changes.

RBTools 0.5.1 released

RBTools 0.5.1 is out, with many important bug fixes, some new features, and improvements to our API.

We've addressed the bulk of the problems people hit with the new commands in RBTools 0.5.0. In particular, several crashes with Perforce, Subversion and Bazaar have been addressed.

Most of the RBTools commands now have a --repository-type option, which can be used to specify the type of repository, instead of RBTools having to guess. This can also be set in .reviewboardrc by setting the REPOSITORY_TYPE setting. Setting this will dramatically speed up creating and updating review requests, and prevent problems with nested repositories.

You can use post-review --list-repo-types or rbt list-repo-types to see the valid values for this new setting.

To upgrade your copy of RBTools, just run:

easy_install -U RBTools

See the release notes for the full list of changes.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 pages