On Tue, 2011-11-15 at 03:21 -0800, Christian Hammond wrote:
> Hi everyone,
> This is the kind of release I never like to have to make, but it was
> pointed out to us today that an encoding bug in our comment processing
> made Review Board 1.5.x and 1.6.x susceptible to browser-side script
> injection. We've patched this and issued two new releases: 1.5.7 and
> If you're running 1.5.x, you can upgrade to this release by doing:
> $ sudo easy_install -U ReviewBoard==1.5.7
> Otherwise, just upgrade as normal.
> Thanks, and sorry for the inconvenience.
Fedora and EPEL (RHEL/CentOS) packages are now available as well:
Want to help the Review Board project? Donate today at
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to
For more options, visit this group at