Security fixes
Review Board 3.0.10 addresses a security vulnerability found in-house that could allow for malicious JavaScript from a user profile to execute when rendering avatars. This bug was originally introduced in 3.0.7 and does not affect any prior releases.
Although there are no known exploits found in the wild, we do recommend that everyone upgrades to this release.
Plus several bug fixes, including
- A regression introduced in 3.0.9 with sending WebHooks
- An upgrade bug that could occur when upgrading to 3.0.x for the first time
- Conflicts between extensions when installing or upgrading multiple ones at a time
- URLs not always linking in comments and text fields
And other improvements
- The New Review Request page confirms that you want to post commits for review, in case you click the wrong thing
- Review request e-mails now show the branch information
That's not all. Check out the release notes for the rest of the changes.