Hey everyone, We've just released Review Board 2.0.30 and 2.5.14, which contain some important security fixes. We recommend upgrading ASAP to stay secure. There's a fix for a XSS vulnerability, allowing a user to craft a malicious URL that can execute JavaScript on a user's behalf, and a fix for a data leak in the API that could allow some information on otherwise private review requests to be exposed. Both were found in-house (by us and through a partner).
There are also a handful of bug fixes and a couple of new features in 2.5.14 (commit ID search indexing and Markdown table support). See the announcement for more details: https://www.reviewboard.org/news/2017/08/01/new-review-board-2-0-30-and-2-5-14-security-bug-fix-releases/ Christian -- Christian Hammond President/CEO of Beanbag <https://www.beanbaginc.com/> Makers of Review Board <https://www.reviewboard.org/> -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
