• Get Review Board
  • What's New
  • Products
  • Review Board Code review, image review, and document review
  • Documentation
  • Release Notes
  • Power Pack Enterprise integrations, reports, and enhanced document review
  • Try for 60 Days
  • Purchase
  • RBCommons Review Board as a Service, hosted by us
  • Pricing
  • RBTools Command line tools and Python API for Review Board
  • Documentation
  • Release Notes
  • Review Bot Automated code review, connecting tools you already use
  • Documentation
  • Release Notes
  • RB Gateway Manage Git and Mercurial repositories in your network
  • Documentation
  • Release Notes
  • Learn and Explore
  • What is Code Review?
  • Documentation
  • Frequently Asked Questions
  • Support Options
  • Third-Party Integrations
  • Demo

    • Review Board 5 Beta 2

    August 17, 2022

    Last month, we announced the release of Review Board 5 beta 1, a feature-packed beta introducing SAML Single Sign-On, Trojan Source attack detection, new APIs, and more.

    Today, we're following up with another beta, this time introducing:

    Enhanced API Tokens

    We're increasing the security of API tokens, and giving both users and administrators more control over their lifecycle.

    • Expiration: API tokens can now be set to expire after a period of time, helping with testing or compliance with internal best practices. Once expired, a token will no longer be accepted. (Currently, expiration can only be set via the API, but the next beta will offer UI for this.)

    • Invalidation: Administrators can invalidate tokens for specific users or all users on a server, helping to lock things down in the event of a security breach.

    • Secret Scanning: Tokens are now 255 characters, and can be identified by secret scanning. We'll be updating Review Bot to help scan for leaked tokens in posted code, and will be working with other companies offering secret scanning.

    All existing tokens will continue to work, but we recommend migrating over to the new enhanced API tokens.

    Repository Access Control List APIs

    Repositories can be locked down to a specific set of users and groups, and now these ACLs can be managed programmatically via new Repository Group ACL and Repository User ACL APIs.

    We're introducing this in 5.0, but we plan to bring these same APIs to the upcoming 4.0.11 release as well.

    Help When Upgrades Go Wrong

    We work hard to ensure upgrades go smoothly, but sometimes things just go wrong.

    Now, whenever there's a problem with an upgrade, rb-site will generate a debug log file containing information you can send to your Beanbag Support contact. We can use this to more quickly help you get going again.

    If you don't have a support contract, and you're on your own supporting Review Board for your company, talk to us about how we can help lend a hand.

    Plus..

    • Mitigation against SAML Single Sign-On replay attacks
    • Updates to Single Sign-On to work with multiple Review Board server hostnames
    • Performance improvements with the Search field
    • Usability improvements in the administration UI and My Account page
    • Bug fixes throughout the product.

    See the release notes for the complete list of changes.

    Want to Help Us Test?

    We’d love to have your help! We have installation information in the release notes.

    Please make sure you have a dedicated testing server and database. Do not test this beta in production!

    You can use the beanbag/reviewboard:5.0b2 Docker image as well. See our Docker instructions for information on setting up an environment.

    Keep up with the latest Review Board releases, security updates, and helpful information.

    About
    News
    Demo
    RBCommons Hosting
    Integrations
    Happy Users
    Support Options
    Documentation
    FAQ
    User Manual
    RBTools
    Administration Guide
    Power Pack
    Release Notes
    Downloads
    Review Board
    RBTools
    Djblets
    Power Pack
    Package Store
    PGP Signatures
    Contributing
    Bug Tracker
    Submit Patches
    Development Setup
    Wiki
    Follow Us
    Mailing Lists
    Reddit
    Twitter
    Mastodon
    Facebook
    YouTube

    Copyright © 2006-2024 Beanbag, Inc. All rights reserved.

    Terms of Service — Privacy Policy — AI Ethics Policy — Branding