Review Board 1.6.3 Release Notes¶

A script injection vulnerability was discovered in the commenting system. This affected the diff viewer and screenshot pages, and allowed a commenter to break the page and execute JavaScript. This vulnerability has been fixed.

Thanks to Damian Johnson for reporting this.