What's New in Review Board

Review Board 3.0.21 and 4.0 RC 2 are out. These releases fix a security vulnerability, along with other bug fixes.

3.0.21 also introduces Docker support.

Security Fix

Both releases fix a XSS vulnerability in Markdown rendering, which could allow an attacker to craft a link that executes arbitrary JavaScript code when clicked.

The attacker would need to be someone who already has legitimate access to your server, and can perform reviews or otherwise access your code.

We recommend that everyone (especially those running public servers) upgrades to address this vulnerability, though the seriousness of the issue will vary from company to company.

Docker Support

Review Board 3.0.21 ships with new Docker support, helping you set up and deploy servers quickly without need to manually install anything.

This is still young. If you hit any issues, please report them to us.

Going forward, all Review Board 3.x and higher releases will include Docker images.

Compatibility and Bug Fixes

Both releases fix installation issues on Python 2.7, along with a handful of bug fixes and improvements.

See the 3.0.21 release notes and 4.0 RC 2 release notes for the full lists of changes.

Today's release of Review Bot 2.0.1 offers compatibility improvements for Python 3 and the upcoming Review Board 4.0.

If you're planning to upgrade to Review Board 4.0 upon release, we recommend upgrading to Review Bot 2.0.1 today.

What is Review Bot?

Review Bot is an automated code review tool that connects to Review Board, interfacing with many different code linting tools:

• BuildBot
• checkstyle
• Clang Static Analyzer
• CppCheck
• CppLint
• doc8
• flake8
• JSHint
• PMD
• pycodestyle
• pydocstyle
• pyflakes

Coming Soon

We're preparing a much larger 3.0 release with all-new tools, configuration options, and official Docker support. We expect this to be available in the next few months.

For now, see the release notes for the details on 2.0.1, or download Review Bot today.

Development is coming to a close with today's release of the first Release Candidate for 4.0.

If you're planning an upgrade to 4.0 upon release, please give 4.0 RC 1 and report any feedback you find.

Docker

Review Board 4.0 RC 1 ships along with a Docker image, making it easy to get set up quickly and to scale out as your needs grow.

Going forward, every new release of Review Board will ship with Docker images. We're also building them for Review Bot.

See our documentation to get started.

Improved Site Management

We've refined the rb-site install experience, offering better guidance all throughout.

New options have been added for automated installs, including specifying the site's SECRET_KEY, allowed hostnames for accessing the server, and even custom settings_local.py templates.

rb-site manage --help now shows all the most common management commands used with Review Board.

New Extension Testing Options

The rbext tool has been updated with new options to make it easy to test your extensions.

The new --extension option takes the extension class name and sets up a full test environment around it. Combined with the new --app option for adding additional Django apps, testing extensions has never been easier.

Bug Fixes and Other Improvements

• Improved keyboard shortcuts in the Diff Upload and File Upload dialogs
• Fixed search configuration on new installs
• Fixed some Unicode encoding bugs with LDAP and Active Directory authentication
• rb-site manage resolve-check no longer needs to be called after setting up a new site.

The full details, along with installation/upgrade instructions, are in the release notes.

Please report any issues (or successes!) you hit with either Review Board 4.0 RC 1 or the new Docker image. If all goes well, we'll be releasing 4.0 very soon.

We have two new releases of Review Board out today.

Review Board 3.0.20

This is a compatibility and bug fix release, focused mainly on ensuring Review Board 3.x continues to install cleanly on Python 2.7 environments.

There's also database-related performance improvements aimed toward large installations, and visual bug fixes on Firefox.

For the full list of improvements, see the 3.0.20 release notes.

Review Board 4.0 Beta 2

Thanks to everyone who tested 4.0 beta 1 and reported feedback. We've fixed the major issues, and hope you're ready for round 2!

Beta 2 brings:

• Fixes for regressions in search, LDAP, Active Directory, and Clear Case.
• Fixes for installation issues that some people encountered when setting up a new site directory.
• Fixes for Postgres database compatibility.
• Numerous improvements for rb-site, including better help, new options to help with automated installs, and providing custom settings templates.
• A new Repositories widget in the administration dashboard.

Plus a handful of other fixes and improvements.

For installation/upgrade instructions, and the full list of changes, see the 4.0 beta 2 release notes.

Review Board 4.0 is nearly ready to ship, after much development and testing. With the addition of multi-commit review requests for Git and Mercurial, Discord and Jenkins CI integration, and review and administrative capabilities, this is a release that we're very proud of.

We're opening this up to beta testers before we ship the final 4.0, and would like your feedback.

Let's look at the highlights.

Multi-Commit Review Requests

Git and Mercurial users can now create review requests covering multiple commits at once. Reviewers can review each commit individually, all commits squashed together, or a portion of the commits squashed together.

RBTools 2.0 or higher is required to post or land multi-commit review requests.

Discord and Jenkins CI

Prefer Discord over Slack? Jenkins over CircleCI?

Your review request updates and discussions can now be posted to Discord to keep your group informed. Jenkins can take on building and testing your code, posting feedback to your review request.

More integrations are on their way for 4.0.

New Administration UI

We've rebuilt the administration UI from the ground up. It's mobile-friendly, cleaner, with far better management of integrations and extensions.

Read-only Mode

Planning some maintenance? You can now put the server into read-only mode. People can still browse review requests and code, but they won't be able to change anything until your maintenance is complete.

Python 3 and Django 1.11

Review Board 4.0 beta 1 can be installed on Python 3.6 through 3.9. Or on 2.7, if you're not ready to make the upgrade.

We've also upgraded to Django 1.11. This will matter if you have in-house extensions, as much has changed. Fortunately, we've helped with some porting information, which you'll find in the release notes.

Plus More

It's a big release, and we've covered it all in the release notes, along with installation/upgrade instructions. Please upgrade only on a test installation for now, and not on your production server.

Give it a try and let us know what you think or if you hit any problems.

Review Board 3.0.19 enables new options for Review Bot, introduces a new experimental interdiff algorithm, enhances compatibility with several types of repositories, and improves the repository creation API.

Some New Review Bot Options

Review Bot users now have access to several new options.

Configured code checkers can now be set to run only on demand, by button click, which is useful for ones that take a very long time to run.

Failed builds can be retried, in case the failure was caused by a temporary issue.

Open issues piling up? Tools can now be set to drop all previously-opened issues they've filed the next time the tool is run, starting fresh.

A New Interdiff Algorithm

Some people have hit odd edge cases with interdiffs, where some lines seemed to be missing. This was due to a problem with the old algorithm, which we've been working out.

A new algorithm is coming in Review Board 4.0. If you're plagued by interdiff issues, you can preview this by setting the following in conf/settings_local.py:

ENABLED_FEATURES = {
    'diffviewer.filter_interdiffs_v2': True,
}

You’ll then need to restart your web server and clear memcached. We recommend trying this on a non-production server.

Better API-Based Repository Management

The Repository API can now create repositories backed by hosting services, such as GitHub or GitLab. It's no longer limited to plain, self-hosted repositories.

This is pretty advanced, but often requested. We're working on documentation, but in the meantime, reach out if you need assistance.

Plus...

• SSL fixes for Perforce
• Diff parsing fixes for Git and Mercurial
• Lookup fixes for JIRA
• Posting fixes for complex repository setups
• Authentication fixes for WebHooks
• Rendering fixes when publishing replies to reviews
• Saving fixes after copying-and-pasting into a text field

And more.

The full list of changes are in the release notes.

RBTools 2.0 is out, bringing compatibility improvements and new features for all users. The biggest improvement is the support for Review Board 4.0's upcoming multi-commit review requests.

Multi-Commit Review Requests

Review Board 4.0 beta 1 is coming in the next few weeks, and with RBTools 2.0, developers will be able to post a series of commits to a review request so that they can be reviewed individually or as one squashed change, depending on what the reviewer chooses to do.

Those changes can also be landed, preserving their history or squashing them back into a single commit.

To stay with the old behavior and squash the commits before posting to a review request, you can pass --squash to rbt post or rbt land (or set SQUASH_HISTORY = True or LAND_SQUASH = True, respectively, in .reviewboardrc).

This is available for both Git and Mercurial, and will require Review Board 4.0.

RBCommons users will receive multi-commit review request support in 2021.

Custom Certificate Authorities

If your Review Board server uses a self-signed certificate backed by an in-house Certificate Authority, you can now configure RBTools to recognize it through the --ca-certs, --client-key, and --client-cert options (or CA_CERTS, CLIENT_KEY, and CLIENT_CERT in .reviewboardrc).

Easier Repository Setup

rbt setup-repo has been redesigned to better help people configure their local repositories to connect to Review Board. It offers a more helpful guided setup, making it easier to find the right repository and generate your .reviewboardrc file.

Default Branches in Git

RBTools now understands the init.defaultBranch configuration for Git, helping you transition your primary branch from master to something like main.

Better Mercurial Integration

Compatibility issues are fixed, repository detection is faster, and custom scripts can benefit from performance improvements by connecting RBTools to the Mercurial command server.

And Better Perforce Integration

RBTools can work with a wider mix of configurations utilizing SSL and brokers.

There's also a new reviewboard.repository_name Perforce counter that can tie a depot to a Review Board repository, which can be used if .reviewboardrc isn't an option.

Plus...

• Variety of improvements for Python 3 compatibility (including support for Python 3.9).
• Additional Git arguments for fine-tuning rename detection.
• Custom formatting for rbt status, which is useful for scripting.
• rbt land and rbt patch now accept a review request URL, instead of just an ID.
• rbt patch can print a patch from a review request without needing a local copy of the repository.

See the release notes for more information, or download RBTools 2.0 today.

Power Pack 3.0.3 is built to get you ready for Review Board 4.0 and for licensing changes in Power Pack 4.0. Plus, it fixes bugs and improves compatibility across the product.

Review Board 4.0 Compatibility

Review Board 4.0 will soon be out in beta, and you'll want to make your transition as smooth as possible.

Power Pack 3.0.3 works today with your current Review Board and with the Review Board of tomorrow.

(Not literally tomorrow. Sorry to get your hopes up.)

New Licensing Format

We're moving to a new license format, which will open the door to features we have planned for Power Pack 4.0. By upgrading now, you'll be ready for the new licenses when they're ready, giving you a head start on Power Pack 4.0.

Bug and Compatibility Fixes

• Installation is a bit easier on most Linux systems
• We've further enhanced rendering of PDFs
• Prepared for future GitHub Enterprise authentication changes
• Improved compatibility with AWS CodeCommit and Bitbucket Server
• Stopped a crash when exporting CSV files for some reports
• Fixed enabling or disabling some feature checkboxes, for customizing your install

Update Today

Prepare for tomorrow by upgrading to Power Pack 3.0.3 today.

To upgrade or install for the first time, see the installation instructions.

The new Review Bot adds new automated code review tools for Python source code, and brings some major enhancements to help you get the most out of automated code review.

Plus compatibility with the upcoming release of Review Board 4.0.

Introducing doc8 and pydocstyle

If you're a Python developer trying to keep your project's documentation in check, Review Bot can help you out through the new support for doc8 and pydocstyle.

doc8 checks your ReStructuredText-based documentation (used by Sphinx or docutils) for common problems, such as syntax or whitespace issues.

pydocstyle checks the Python side of your documentation, making sure your function, class, and module docstrings are all there and don't have any issues.

Automatically drop old issues from Review Bot

Review Bot can now be configured to drop any older issues it opened before it runs any tools again. No more massive lists of open issues to close every time you post an update to your change.

This can be configured for each automated code review tool individually.

Manually run and re-run tools

Tools can now be set to be run manually, instead of every time a new change is posted. This is especially useful for in-house tools that may take an extremely long amount of time to complete.

If any tool has failed to run for any reason, you can also re-run it with the click of a button. No need to re-upload your change.

(This requires Review Board 3.0.19 or the upcoming 4.0.)

Simpler configuration for tools needing the full repository

Some tools (such as clang) require a full copy of the repository. This used to require telling each worker about each and every repository a tool may need to access.

Workers can now fetch this information directly from Review Board, if configured on the worker. This requires that the worker has access to the path configured for the repository in Review Board, and any SSH keys needed.

New capabilities for tools

Custom tools can now leave general comments on a review request, not tied to any particular change or file. This is useful if the comment is more about process and policy, or about the description or testing performed, rather than code.

Get Started

Review Bot is compatible with Review Board 3 and 4, and is an easy upgrade. Just follow our simple instructions.

To learn more about this release, see the release notes.

Review Board 3.0.18 is the culmination of months of work in just about every area of the product. There are compatibility updates and bug fixes, better performance, tweaks to usability, and improvements to extensibility.

Better Compatibility

• Dependencies have been updated to make installation easier on some systems.
• GitHub now uses Personal Access Token instead of a password when linking accounts. This will be required by GitHub in November.
• Bitbucket's Mercurial support was removed.
• GitLab commit browsing works better for public repositories, and is more helpful when things fail for private repositories (caused by GitLab API issues).
• Perforce SSL/stunnel repository setup is now rock-solid.
• Subversion filenames with certain special (but uncommon) characters can now be found.
• NIS authentication works again!

Better Performance

• Communicating with repositories over SSH is much faster.
• Need to migrate old pre-3.0 diffs using the condensediffs command? It should take a lot less time now, especially on MySQL, and you can schedule small batches of migrations over a period of time.

Better Usability

• We've polished mouse interaction in the dashboard and keyboard interaction in dialog boxes.
• Very long lines in diffs are now safely broken up in the diff viewer.

Better Stability

• Broken extensions are less likely to interfere with the rest of the product, and can more easily be diagnosed.
• The Markdown review UI doesn't get stuck anymore showing only rendered content.
• Fewer crashes from edge cases throughout the product.

Plus...

• The repository API lets you create/manage repositories on hosting services and store custom metadata.
• We've bumped up versions of the tools used to process JavaScript and LessCSS for custom extensions.

See the release notes for all changes in this release.

To keep up with what's happening every week in the land of Review Board, be sure to follow our ChangeLog posts on Twitter, Facebook, or Reddit.