As with all ReviewBoard updates, you will need to run 'rb-site upgrade /path/to/site' for all installed sites after applying this update.

== Action Required ==

The default Apache configuration is now more strict with how it serves up file attachments. This does not apply to existing installations. See http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments for details.

== Description ==

  • New upstream release 1.7.12
  • http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12/
  • Security Fixes:
    • Function names in diff headers are no longer rendered as HTML.
    • If a user’s full name contained HTML, the Submitters list would render it as HTML, without escaping it. This was an XSS vulnerability.
    • The default Apache configuration is now more strict with how it serves up file attachments. This does not apply to existing installations. See http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments for details.
    • Uploaded files are now renamed to include a hash, preventing users from uploading malicious filenames, and making filenames unguessable.
    • Recaptcha support has been updated to use the new URLs provided by Google.
  • New Features:
    • Added a X-ReviewRequest-Repository header for e-mails.
  • Extension Improvements:
    • Extensions can now specify their list of app directories.
    • Extensions can now specify the author’s URL.
    • Improved the look and feel for extension configuration.
    • Improved the functionality for extension configuration.
    • Improved the list of available extensions.
  • Bug Fixes:
    • Fixed the “Show Whitespace Changes” toggle.
    • Fixed compatibility with modern versions of django-storages.
    • Draft comments on file attachments are no longer shown to all users.
    • Fixed issues with console windows appearing when invoking Clear Case requests on Python 2.7.x and Windows 7.
    • Review requests on Local Sites are now guaranteed to have the proper ID.
    • Fixed starring review requests on Local Sites.

This update has been submitted for testing by sgallagh.

8 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

8 years ago

This update has been pushed to testing

8 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

8 years ago

This update has been submitted for stable by sgallagh.

8 years ago

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

8 years ago

This update has been pushed to stable

8 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago

Automated Test Results