This is the kind of release I never like to have to make, but it was
pointed out to us today that an encoding bug in our comment processing made
Review Board 1.5.x and 1.6.x susceptible to browser-side script injection.
We've patched this and issued two new releases: 1.5.7 and 1.6.3.
If you're running 1.5.x, you can upgrade to this release by doing:
$ sudo easy_install -U ReviewBoard==1.5.7
Otherwise, just upgrade as normal.
Thanks, and sorry for the inconvenience.
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com
Want to help the Review Board project? Donate today at
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to
For more options, visit this group at