We have two new Review Board releases for you today, full of bug fixes, new features, and a security fix.
An Important Security Fix
Both the 2.0.x and 2.5.x series had a bug in one of our APIs that could overload a server. We weren't properly limiting the amount of data being fetched and serialized in one case.
While this doesn't result in any form of access to the system or leaked information from the database, it can cause crashes on the server. We recommend that everyone upgrades to 2.0.26 or 2.5.8 to prevent this problem.
Some New Features
Review Board 2.5.8 introduces a number of improvements for repository configuration:
- We've made it easier to get started and resolve problems with Bitbucket repositories.
- Self-hosted Gitorious servers are now supported.
- Bug trackers on Codebase are now supported.
- It's easier to set up repositories hosted on GitLab.com.
We've also made a few other improvements across the product:
- E-mail addresses are accepted as usernames in the API. These were already accepted in the web UI.
- Extensions can add content to review e-mails.
- The "New Updates" dashboard column is now available on the All Review Requests page.
Lots of Bug Fixes
Both 2.0.26 and 2.5.8 contain many bug fixes for repository compatibility, the API, administrative settings, usability, and more.
The full details, plus installation/upgrade instructions, can be found in the release notes: