New security releases: Review Board 3.0.21 and 4.0 RC 2

16 views

Skip to first unread message

Christian Hammond

unread,

Apr 14, 2021, 3:50:28 AM4/14/21

to revie...@googlegroups.com

Hi everyone,

We just released Review Board 3.0.21 and 4.0 RC 2. These releases contain a security fix for Markdown rendering, which could allow an attacker to craft a link that executes arbitrary JavaScript code when clicked.

The attacker would need to be someone who already has legitimate access to your server, and can perform reviews or otherwise access your code.

We recommend that everyone (especially those running public servers) upgrades to address this vulnerability, though the seriousness of the issue will vary from company to company.

We also released Docker support for 3.0.21, fixed Python 2.7 compatibility issues during installation, and polished 4.0 a bit in preparation for a final release.

For more information, see the announcement at:

https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/

Or the release notes:

3.0.21: https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/

4.0 RC 2: https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/

Christian

Christian Hammond

President/CEO of Beanbag

Makers of Review Board

Reply all

Reply to author

Forward

0 new messages