Fixed a vulnerability where a URL to a diff fragment could be crafted that would inject custom HTML into the page. An attacker could send such a URL to another user and execute code in their browser session.
This was reported by Uchida. A CVE number is pending.
The Original File and Patched File resources could be used to access files on a private review request that the user did not have access to, if they knew the approciate database IDs.
A CVE number is pending.
新特性
Added support for parent diffs in the New Review Request page.
When uploading a diff, Review Board will now detect if a parent diff is needed for the patch to apply. If so, the user will be shown an appropriate error and then shown fields for uploading a parent diff.
Localization
Updated the Italian translations.
Bug Fixes
Fixed the URL to the Recaptcha registration page. (Bug #3471)
Fixed the command line used for update_index in the example crontab.
Review Requests
Fixed the display of errors when failing to publish a draft review request.
Patch by Mark Côté.
When uploading file attachments, malformed mimetypes provided by the browser will be ignored, and a proper mimetype will be guessed. (Bug #3427)
Long strings in the right-hand review request fields no longer cause fields to overlap. (Bug #3371)
Fixed the display of errors in the Upload Diff and Add File dialogs. (Bug #3413)
Subversion
Fixed a Unicode compatibility issue when fetching files using PySVN.
Review Board 2.0.4 发布,代码评审工具
Review Board 2.0.4 发布了,该版本改进记录包括:
安全更新
值得关注的有:
Fixed a vulnerability where a URL to a diff fragment could be crafted that would inject custom HTML into the page. An attacker could send such a URL to another user and execute code in their browser session.
This was reported by Uchida. A CVE number is pending.
The Original File and Patched File resources could be used to access files on a private review request that the user did not have access to, if they knew the approciate database IDs.
A CVE number is pending.
新特性
Added support for parent diffs in the New Review Request page.
When uploading a diff, Review Board will now detect if a parent diff is needed for the patch to apply. If so, the user will be shown an appropriate error and then shown fields for uploading a parent diff.
Localization
Updated the Italian translations.
Bug Fixes
Fixed the URL to the Recaptcha registration page. (Bug #3471)
Fixed the command line used for update_index in the example crontab.
Review Requests
Fixed the display of errors when failing to publish a draft review request.
Patch by Mark Côté.
When uploading file attachments, malformed mimetypes provided by the browser will be ignored, and a proper mimetype will be guessed. (Bug #3427)
Long strings in the right-hand review request fields no longer cause fields to overlap. (Bug #3371)
Fixed the display of errors in the Upload Diff and Add File dialogs. (Bug #3413)
Subversion
Fixed a Unicode compatibility issue when fetching files using PySVN.
同时发布的还有 1.7.27 版本。
代码审查(Code Review)不但可以提高质量,而且还是一个知识共享和指导的极好的手段。不幸的是,准备工作的辛苦和工具支持的缺乏让代码审查很容易被延至“稍后再议”。Review Board的目标便是改变这一现状,它所提供的应用程序可以支持代码审查流程。