On Tue, 2011-11-15 at 03:21 -0800, Christian Hammond wrote:
> Hi everyone,
> 
> This is the kind of release I never like to have to make, but it was
> pointed out to us today that an encoding bug in our comment processing
> made Review Board 1.5.x and 1.6.x susceptible to browser-side script
> injection. We've patched this and issued two new releases: 1.5.7 and
> 1.6.3.
> 
> If you're running 1.5.x, you can upgrade to this release by doing:
> 
>     $ sudo easy_install -U ReviewBoard==1.5.7
> 
> Otherwise, just upgrade as normal.
> 
> Thanks, and sorry for the inconvenience.

Fedora and EPEL (RHEL/CentOS) packages are now available as well:

https://admin.fedoraproject.org/updates/ReviewBoard-1.6.3-1.fc16
https://admin.fedoraproject.org/updates/ReviewBoard-1.5.7-1.fc15

https://admin.fedoraproject.org/updates/ReviewBoard-1.5.7-1.el5
https://admin.fedoraproject.org/updates/ReviewBoard-1.5.7-1.el6

-- 
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to