What's New in Review Board

Django released versions 2.2.13 and 3.0.7 today, fixing a couple of security issues. You can see their announcement for the issues addressed.

We maintain security-hardened builds of Django 1.6.11, the version series we use for Review Board 2.0 through 3.0. We've put out a new Django 1.6.11.9 release that contains these fixes.

To upgrade to this release, run:

$ pip install -U https://downloads.reviewboard.org/releases/Django/1.6/Django-1.6.11.9.tar.gz

Or:

$ easy_install -U http://downloads.reviewboard.org/releases/Django/1.6/Django-1.6.11.9.tar.gz

You can always keep up on the latest Review Board security announcements by subscribing to our Official Announcements mailing list, joining our Subreddit, or following us on Twitter.

Today's release of RBTools 1.0.3 is a big one, featuring enhancements for Mercurial support, a vastly improved commit editing experience when landing changes, and several compatibility fixes for Python 3 and various types of repositories.

Landing Commits on Mercurial

rbt land now supports landing commits on Mercurial repositories.

You can land a local change from a Mercurial branch or bookmark, or a remote change from a review request. This will first verify that the change has been approved on Review Board before allowing it to land. Once approved, a new merge commit containing the information and URL of the review request will be placed on your destination branch.

This can also close the branch/bookmark being merged in on your behalf. See the documentation for details.

Improved Commit Editing

Patching a commit with rbt patch -c, or landing a commit with rbt land -e has always let you edit the message for the commit, but the experience was sub-par.

Now RBTools will mimic Git or Mercurial's standard editing environment, helping your editor show the syntax highlighting or line length limits it would normally show.

Deleting all text in the editor and saving will cancel the patch/land operation.

You can also set a custom editor when working with RBTools by setting the new $RBTOOLS_EDITOR environment variable.

Compatibility Fixes

We've fixed a number of Python 3 compatibility issues. These largely centered around:

• Changes in Python 3.8
• Windows environment differences
• Editing or processing commits containing non-ASCII characters
• Normalizing URLs and paths for Subversion
• Loading in Perforce metadata
• Passing --help as the last argument

There's also a fix for looking up available Git remotes for a branch when a tracking branch isn't set. Thanks to Joshua Olson for this fix!

See the release notes for the full list of changes.

Review Board 3.0.17 provides compatibility fixes for GitHub (which addresses the deprecation warning e-mails that GitHub may have sent you), removes some legacy hosting service options for repositories, and fixes a few bugs with repository configuration.

GitHub Changes

GitHub has deprecated some old APIs and methods for authenticating with those APIs, which Review Board has historically used. You can read more about this deprecation in last week's ChangeLog post on the Beanbag Blog. If you've linked your GitHub account to Review Board, you may have received e-mails from GitHub warning you about this deprecation.

We've updated how we authenticate with the API in this release, which will keep you from being bombarded with those e-mails every few days. We'll be working to address more of the deprecations in coming releases, changing how we link new GitHub accounts.

You will not need to re-link your GitHub account. The changes are all automatic.

Removing Legacy Hosting Services

We've cleaned house a bit, removing Google Code and Fedora Hosted from the repository hosting services list. These services have been gone for a long time, but we've kept support for the few users who have repositories with review requests sitting around. These are now hidden for any new repositories.

Keeping Up-To-Date

See the release notes for all changes in this release.

To keep up with what's happening every week in the land of Review Board, be sure to follow our ChangeLog posts on Twitter, Facebook, or Reddit.

Today's release of Review Board 3.0.16 brings some key administrative enhancements to the API and to the repository configuration page, plus an assortment of bug fixes.

Updating users via the API

The User API now allows user information, such as full names and e-mail addresses, to be modified. Users can modify their own user information, and administrators (or users with the special auth.change_user permission) can modify any user's information.

Administrators can also deactivate or re-activate user accounts by setting the is_active flag on users. This can help organizations keep the list of active users up-to-date as personnel changes.

Repository form and architectural updates

The repository configuration form has received a few user-facing improvements, and a whole lot of behind-the-scenes improvements.

• Browsers should no longer fill in the Username and Password field with your Review Board login credentials
• Inactive or removed users that were added to a repository's access control list no longer cause problems when saving the repository
• Custom extra_data values set via the API or extensions are no longer lost when saving repositories
• Repository types provided by extensions can now provide their own configuration forms, instead of using the hard-coded fields like Path and Mirror Path.

There's actually a lot that has changed here over the past few months, and we're particularly interested in hearing about any unexpected changes in behavior.

We'll be taking advantage of this new functionality in the coming months as part of work on a brand-new ClearCase implementation.

Compatibility and bug fixes

We've improved parsing of Subversion diffs, communicating with Subversion repositories hosted on Beanstalk, and improved performance and reliability when handling Bitbucket WebHooks.

We also have fixes for search indexing of users, Dashboard sidebar counters, and dependency conflicts on new installs.

See the release notes for all the changes in this release.

To keep up with what's happening every week in the land of Review Board, be sure to follow our ChangeLog blog on Twitter, Facebook, or Reddit.

Django released the versions 2.2.4, 2.1.11, and 1.11.23 today, fixing a handful of security issues. You can see their announcement for the list of issues addressed.

We maintain security-hardened builds of Django 1.6.11, the version series we use for Review Board 2.0 through 3.0. We've put out a new Django 1.6.11.8 release that contains these fixes, plus some additional backports from newer releases.

To upgrade to this release, run:

$ pip install -U https://downloads.reviewboard.org/releases/Django/1.6/Django-1.6.11.8.tar.gz

Or:

$ easy_install -U http://downloads.reviewboard.org/releases/Django/1.6/Django-1.6.11.8.tar.gz

You can always keep up on the latest Review Board security announcements by subscribing to our Official Announcements mailing list, joining our Subreddit, or following us on Twitter.

Power Pack 3.0.2 improves integration with Microsoft's Team Foundation Server:

• Copied files containing non-ASCII filenames can now be diffed
• Compatibility between various versions of Review Board, Python, and Team Foundation Server has improved

There's also several behind-the-scenes changes preparing Power Pack for new features we have in the works, and for the upcoming Review Board 4.0 release.

Update Today

Power Pack 3.0.2 is recommended for all Power Pack users reviewing code over Team Foundation Server.

To upgrade, or to install for the first time, see the installation instructions.

On June 11, 2019, Bitbucket removed an API that Review Board required in order to upload or view diffs. This caught us by surprise, and if you use Bitbucket, you may have had a rough day. Us too.

We've worked around this in today's release, restoring full Bitbucket compatibility. We've also fixed some regressions introduced by changes to Bitbucket's webhook payloads (used to auto-close review requests).

Going forward, Review Board 3.0.15 or higher is required to use Bitbucket.

By the way, to keep track of important issues like this, follow us on Twitter.

Along with the Bitbucket fixes, we've added some polish to other parts of the product:

• Some sort of avatar will now always show up, no matter your configuration. If you've disabled all avatar services, we'll make sure the fallback avatar service is used.
• Using emojis shortcodes? You've probably noticed they've been looking... a bit strange. A CDN changed on us, so we've updated to use the new one.
• Very, very large images (high-DPI images, screenshots) shown in comments and other text fields would expand far outside their container, but no longer.
• People sometimes like to paste URLs or other text in the Depends On field for review requests, which just sort of failed with an error. Now you'll see something more helpful.
• If you've tried updating access lists for repositories lately, you may have noticed your changes weren't always saving. *ahem* We've taken care of that.
• Writing custom extensions? Adding new review request actions? Callbacks registered with RB.ReviewRequestActionHook will now do what they're supposed to do, instead of crashing.

See the release notes for everything in 3.0.15.

Improved Python 3 Support

RBTools 1.0 introduced support for Python 3, and since then many more of our users have switched over and sent us patches to improve that support. We've also improved our testing, helping us to maintain a more stable Python 3 codebase.

Two-Factor Auth for RBCommons

The support for Two-Factor Authentication in RBCommons has been completely redone to avoid login rate limit issues, missing headers, and trouble logging in.

Going forward, RBTools 1.0.2 will be the minimum version required for RBCommons accounts using Two-Factor Authentication.

Git Improvements

We've improved upon the smart tracking branch detection logic introduced in RBTools 1.0, which is designed to find the right tracking branch for your local changes. It now does a better job of finding a suitable branch if your repository doesn't have an origin remote, and gives priority to the one provided in --tracking-branch.

Support for disabling Git file rename detection has also been added, for those cases where Git is getting too aggressive and making for bad diffs. Simply pass --no-renames to rbt post or rbt diff to generate a diff without renamed files.

A Step Toward Better Error Messages

We've working to improve error messages throughout our products, to help guide people when things go wrong.

If RBTools is pointing to a bad Review Board URL, it no longer just fails with an HTTP status code or cryptic error message. RBTools will now inspect the URL to determine what may have gone wrong, and offer guidance on resolving the problem.

Error messages in our API and other commands have also been fixed. We'll be making further improvements in future releases.

Plus More

• Perforce diffs now contain information on binary files
• Aliases invoking shell commands now preserve their quotes and escape sequences
• Patches from users with private profiles enabled can now be applied to new commits without crashing

See the release notes for the full list of changes.

Today's release of Review Board 3.0.14 fixes a handful of bugs that may be plaguing you, and introduces some long-overdue UI improvements for integrations and avatars.

Fallback Avatars

Review Board now displays a default avatar when no other avatar service is available for the user.

This avoids those annoying blank avatars and ugly log messages when users have opted out of all other types of avatars.

A Better Integrations Experience

Integrations configuration has been completely redone, making it easier to see what integrations you already have and which are available to install.

RBCommons will be receiving support for integrations very soon. We're beta-testing this now, so if you're interested in trying it out, let us know!

Plus...

• A regression with using integrations bound to repositories and review groups has been fixed.
• The bubble shown on the Review Request page when there are updates doesn't sometimes list the wrong reviewer name anymore.
• Our close-on-push hooks for GitHub, Bitbucket, and other services no longer crash when encountering invalid review request IDs in commit messages.
• We've bumped up the version of Less, the language used for our CSS, from 2.6 to 3.9. Extensions can now make use of all the latest Less CSS features.
• The Users API now supports optional rendering of avatars, supporting all Review Board and in-house avatar services.

See the release notes for all the changes in this release.

Today's release is the second in a series of releases built to improve the speed of the product, reducing the database work required in most pages and in the API. That's not all, though. We've fixed a few bugs, including an API regression from 2.0.12, and added a few new user-facing and administrative features.

More Fine-Tuning

We've further reduced the database work required by Review Board, particularly when it comes to loading and saving user-specific data, something we do on nearly every HTTP request.

Behind the scenes, we've made several improvements to our API testing infrastructure that will help us make the API more lean in future releases.

The Follow Menu

We've added a new menu to the top-right of Review Board that helps users find the Review Board News feed, Twitter, Facebook page, Subreddit, and YouTube channel. This is intended to help users follow the latest Review Board and RBTools updates and to read, watch, or discuss both code review tips and Review Board in general.

Improved E-Mail Support

If you're dealing with "this e-mail is suspicious" warnings in your e-mail client, you're running into problems with how Review Board sends e-mail on behalf of users.

While this can generally be corrected through proper domain records, you can now change how Review Board generates e-mails through a new option in the E-Mail Settings page.

Plus Some Other Improvements

• We've fixed a regression in the review request draft API that caused unwanted groups to appear when emptying the field.

• Those using custom X.509-based authentication schemes can now specify a custom username field without forking any code.

• Search results now contain inactive users and closed review requests.

• Condition fields for integrations no longer show any archived/hidden repositories or hidden groups, resulting in less noise when setting things up on older installations.

See the release notes for all the changes in 3.0.13.