Name : ReviewBoard Product : Fedora 19 Version : 1.7.18 Release : 1.fc19 URL : http://www.review-board.org Summary : Web-based code review tool Description : Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It scales well from small projects to large companies and offers a variety of tools to take much of the stress and time out of the code review process.
------------------------------------------------------------------------------- - Update Information:
1.7.18 fixes JavaScript errors
- New upstream security release 1.7.17
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/
- Resolves: CVE-2013-4519
- Security Fixes:
* Fixed XSS vulnerabilities for the 'Branch' field and uploaded file captions.
* Added a 'X-Frame-Options' header to prevent clickjacking.
- New Features:
* Remove the need for SSH keys for GitHub repositories.
* Improved validation for GitHub repositories.
* Added support for permissions on Local Sites.
- Performance Improvements:
* Reduced query counts on all pages.
* Reduced query counts in the web API when returning empty lists.
- Extensibility:
* Extensions using the ``configure_extension`` view an now pass in a custom ``template_name`` pointing to a template for the configuration page, if it needs additional customization.
* Enabling, disabling or reconfiguring extensions will now invalidate the caches for pages, ensuring that hooks will take affect.
* Extension configuration now works properly on subdirectory installs.
- Bug Fixes:
* Fixed showing private review requests on a submitter page.
* The description for submitted or discarded review requests is now shown on the diff viewer.
* Discarding, reopening and then closing a review request no longer makes the review request private.
* Fixed a naming conflict with older PyCrypto packages, such as the default package on CentOS 6.4.
* Users with the 'can_change_status' permission no longer need the 'can_edit_reviewrequest' permission in order to close or reopen review requests.
* Switching a repository from using a hosting service to Custom no longer reverts back to the hosting service.
* Fixed editing a repository if its associated hosting service can't be loaded (such as if an extension providing that hosting service is disabled).
* Many diff validation errors weren't being shown on the New Review Request page, generating 500 errors instead.
* Fixed caching issues with the Blocks field on review requests.
* Editing JSON text fields in the administration UI now works, validates, and won't result in warnings in the log.
* Fixed breakages with looking up URLs internally with Local Sites.
------------------------------------------------------------------------------- - ChangeLog:
* Wed Nov 13 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.7.18-1 - New upstream bugfix release 1.7.18 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.18/ - Convert to using UglifyJS2 for javascript minification * Tue Nov 5 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.7.17-1 - New upstream security release 1.7.17 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/ - Resolves: CVE-2013-4519 - Security Fixes: * Fixed XSS vulnerabilities for the 'Branch' field and uploaded file captions. * Added a 'X-Frame-Options' header to prevent clickjacking. - New Features: * Remove the need for SSH keys for GitHub repositories. * Improved validation for GitHub repositories. * Added support for permissions on Local Sites. - Performance Improvements: * Reduced query counts on all pages. * Reduced query counts in the web API when returning empty lists. - Extensibility: * Extensions using the ``configure_extension`` view an now pass in a custom ``template_name`` pointing to a template for the configuration page, if it needs additional customization. * Enabling, disabling or reconfiguring extensions will now invalidate the caches for pages, ensuring that hooks will take affect. * Extension configuration now works properly on subdirectory installs. - Bug Fixes: * Fixed showing private review requests on a submitter page. * The description for submitted or discarded review requests is now shown on the diff viewer. * Discarding, reopening and then closing a review request no longer makes the review request private. * Fixed a naming conflict with older PyCrypto packages, such as the default package on CentOS 6.4. * Users with the 'can_change_status' permission no longer need the 'can_edit_reviewrequest' permission in order to close or reopen review requests. * Switching a repository from using a hosting service to Custom no longer reverts back to the hosting service. * Fixed editing a repository if its associated hosting service can't be loaded (such as if an extension providing that hosting service is disabled). * Many diff validation errors weren't being shown on the New Review Request page, generating 500 errors instead. * Fixed caching issues with the Blocks field on review requests. * Editing JSON text fields in the administration UI now works, validates, and won't result in warnings in the log. * Fixed breakages with looking up URLs internally with Local Sites. * Sun Oct 13 2013 Patrick Uiterwijk <puiterwijk@gmail.com> - 1.7.16-2 - Update Djblets version * Sun Oct 13 2013 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.7.15-2 - New upstream bugfix release 1.7.16 - Fixes a breakage when accessing the Review Group Users resource - Fixes pagination in dashboard and similar pages * Thu Oct 10 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.7.15-1 - New upstream security release 1.7.15 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15/ - Resolves: CVE-2013-4410 - Fixes access-control problems with REST API - Resolves: CVE-2013-4411 - Fixes URL processing allowing unauthorized users to view review lists * Mon Sep 23 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.7.14-1 - New upstream security release 1.7.14 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.14/ - Some API resources were accessible even if their parent resources were not, due to a missing check. In most cases, this was harmless, but it can affect those using access control on groups or review requests. * Thu Aug 15 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.7.13-2 - New upstream release 1.7.13 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.13/ - Starting with this release, sites will automatically be upgraded if they are listed in the text file /etc/reviewboard/sites by the path to their site, one per line. * Mon Jul 29 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.7.12-1 - New upstream release 1.7.12 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12/ - Security Fixes: * Function names in diff headers are no longer rendered as HTML. * If a user’s full name contained HTML, the Submitters list would render it as HTML, without escaping it. This was an XSS vulnerability. * The default Apache configuration is now more strict with how it serves up file attachments. This does not apply to existing installations. See 110173-securing-file-attachments for details. * Uploaded files are now renamed to include a hash, preventing users from uploading malicious filenames, and making filenames unguessable. * Recaptcha support has been updated to use the new URLs provided by Google. - New Features: * Added a X-ReviewRequest-Repository header for e-mails. - Extension Improvements: * Extensions can now specify their list of app directories. * Extensions can now specify the author’s URL. * Improved the look and feel for extension configuration. * Improved the functionality for extension configuration. * Improved the list of available extensions. - Bug Fixes: * Fixed the “Show Whitespace Changes” toggle. * Fixed compatibility with modern versions of django-storages. * Draft comments on file attachments are no longer shown to all users. * Fixed issues with console windows appearing when invoking Clear Case requests on Python 2.7.x and Windows 7. * Review requests on Local Sites are now guaranteed to have the proper ID. * Fixed starring review requests on Local Sites. * Thu Jun 27 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.7.11-1 - New upstream release 1.7.11 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.11/ - Bug Fixes: * Fixed compatibility with Python 2.5 * Fixed the drop-down arrow by Support and the account name on older versions of Internet Explorer * Mon Jun 24 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.7.10-1 - New upstream release 1.7.10 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/ - Security Updates: * Fixed an XSS vulnerability where users could trigger script errors under certain conditions in auto-complete widgets - Web API Changes: * Added n ?order-by=<fieldname> query parameter for comment resources, allowing ordering by fields such as line numbers (for diff comments) * Added a filename field to screenshot resources, which provides the base filename (without path) of the screenshot * Added a review_url field to screenshot resources, which provides the URL to the screenshot review page * Added a thumbnail_url field to screenshot comment resources, which provides the URL to the snippet of the screenshot being commented on * Added a link_text field to file attachment comment resources, which shows the text for any link pointing to the file. This may differ depending on the comment * Added a review_url field to file attachment comment resources, which provides the URL to the review page for the file * Added a thumbnail_html field to file attachment comment resources, which provides HTML for rendering the thumbnail of the portion of the file being rendered, if any - UI Changes: * Improved the look and feel of the issue summary table. It’s cleaner and no longer looks odd with long comment text - Bug Fixes: * Fixed periodic but harmless JavaScript errors when removing elements with relative timestamps * Editing or reordering dashboard columns no longer breaks after the dashboard reloads * Relative timestamps in the dashboard no longer break after the dashboard reloads * The maximum size of the timezone has increased, allowing for longer timezone strings ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1027010 - CVE-2013-4519 ReviewBoard: two XSS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1027010 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update ReviewBoard' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|