Review Board 2.5.8 Release Notes¶

Security Improvements¶

• Fixed an API call that would return too much information in the request, potentially overloading the server.

  Search Resource, when passing an empty search query, would attempt to return far too many results. Depending on the size of the server, this could end up using too much memory and swamping the server. We’ve fixed this API to always return a maximum number of results.

Packaging¶

• Simplified installation of dependencies for contributors to Review Board.

  If you’re working on the Review Board codebase, installing the package in development mode (running setup.py develop) will now install all of Python packages as Wheels instead of Eggs (simplifying installation on most systems), and will install the node.js dependencies needed for building static media.

  This should help contributors get going with development. It does not impact consumers of the Review Board packages in any way.

• The complete list of package dependencies now lives in the reviewboard.dependencies module instead of setup.py.

  Package maintainers looking to update the list of dependencies in some way or wanting to stay up-to-date on the list of dependencies should consult the reviewboard/dependencies.py file. Note that only the Python dependencies listed in there are requirements for consuming the package. The node.js dependencies are only used to build the Review Board packages.

New Features¶

• Added a “New Updates” column to the All Review Requests page.

  We’ve brought this column from the dashboard to the All Review Requests page to make it easier to see if there have been updates since you last saw the review requests.

  This column is not added by default. You can enable it by editing columns and choosing “New Updates”.

  Patch by Griffin Myers.

• Simplified configuration of GitLab repositories hosted on gitlab.com.

  When configuring a GitLab repository, you can now select whether the repository is hosted on gitlab.com or self-hosted on your own server.

• Simplified configuration of Bitbucket repositories.

  There were a handful of issues related to Bitbucket configuration that made things difficult for many users. Bitbucket requires a username instead of the Atlassian account, which wasn’t always obvious, and two-factor authentication required usage of app-specific passwords. When things did go wrong, Bitbucket often didn’t send any error messages in the API responses.

  We’ve made a lot of changes to help make configuring Bitbucket a smoother experience. There’s more useful information on the form for the authentication requirements. We’re handling empty error responses and providing suitable errors that provide suggestions for solving the problems.

  We’ve also made it easier to add personal repositories owned by a different user.

• Added support for self-hosted Gitorious servers.

  We previously had support for hosting on gitorious.org, but this service no longer exists. We now allow for configuring a repository to use a self-hosted Gitorious server instead.

• Added support for bug trackers hosted on Codebase.

• WebHooks invoked by publishing reviews or replies to reviews will now provide the parent review request in the payload (under the review_request key).

  Patch by Jean Hominal.

Extensions¶

• Added template hooks for injecting content into review e-mails.

  TemplateHook now supports the review-email-html-summary and review-email-text-summary hook points for adding custom content to HTML and plain text e-mails (respectively).

  Patch by Erik Johansson.

Web API¶

• Search Resource now always provides a maximum number of results, preventing the server from being swamped.

• E-mail addresses are now accepted as usernames when authenticating with the API.

  We already allow using an e-mail address to log in to Review Board, but the API still required the official username. Now an e-mail address is considered a valid login credential as well.

  Note that if the e-mail address is claimed by more than one user, it will not be allowed.

• Review Request Resource no longer silently ignores malformed timestamps in the filtering query arguments.

  Before, passing a malformed timestamp for a query argument (like ?time-added-from=abc123) would simply be ignored. Now it will return an error instead.

• Review Request Resource no longer breaks when using timestamps that exist during the hour after the transition from daylight savings to standard time.

• User Resource no longer crashes when using ?only-fields=... and serializing users with private profiles enabled.

Usability Improvements¶

• Reduced the hover delay for presenting the diff expansion controls for diff comments on a review.

• Fixed the mouse cursor shown when hovering over empty areas of a text field. (Bug #4432)

  Patch by John Larmie.

Bug Fixes¶

Contributors¶

• Barret Rennie

• Christian Hammond

• Connor Yoshimoto

• David Trowbridge

• Dominic Kuang

• Erik Johansson

• Griffin Myers

• Jean Hominal

• John Larmie

• Raman Dhatt