On Tue, Aug 1, 2017 at 4:58 PM Christian Hammond <christ...@beanbaginc.com> wrote:
> Hey everyone, > > We've just released Review Board 2.0.30 and 2.5.14, which contain some > important security fixes. We recommend upgrading ASAP to stay secure. > There's a fix for a XSS vulnerability, allowing a user to craft a malicious > URL that can execute JavaScript on a user's behalf, and a fix for a data > leak in the API that could allow some information on otherwise private > review requests to be exposed. Both were found in-house (by us and through > a partner). > > There are also a handful of bug fixes and a couple of new features in > 2.5.14 (commit ID search indexing and Markdown table support). > > See the announcement for more details: > https://www.reviewboard.org/news/2017/08/01/new-review-board-2-0-30-and-2-5-14-security-bug-fix-releases/ > > For users of RHEL 7, CentOS 7 and derivatives: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-816da4b59a is on its way to the EPEL 7 testing repository. You can update to it with `yum update ReviewBoard --enablerepo=epel-testing`. -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.