Hi everyone, We discovered a security vulnerability in-house that applies to 1.7.x, 2.0.x, and 2.5.x. We've just released new builds of Review Board 1.7.29, 2.0.22, and 2.5.3 to take care of these. The vulnerability allows access to file attachments, legacy screenshots, and metadata on review request updates on private review requests through hand-crafted URLs.
There are also some bug fixes for issues that have been reported over the past couple of months, and some new features for extension authors and admins. See the announcement for more information: https://www.reviewboard.org/news/2016/02/22/new-review-board-security-releases/ Just a reminder that you can get the full details about releases and security issues sent directly to you as soon as they're announced by signing up for our Official Announcements mailing list at https://www.reviewboard.org/mailing-lists/ Christian -- Christian Hammond - christ...@beanbaginc.com Review Board - https://www.reviewboard.org Beanbag, Inc. - https://www.beanbaginc.com -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
