Review Board 2.0.4 發布了,該版本改進記錄包括:
安全更新值得關注的有:
Fixed a vulnerability where a URL to a diff fragment could be crafted thatwould inject custom HTML into the page. An attacker could send such a URLto another user and execute code in their browser session.
This was reported by Uchida. A CVE number is pending.
The Original File and Patched File resources could be used to access fileson a private review request that the user did not have access to, if theyknew the approciate database IDs.
A CVE number is pending.
新特性Added support for parent diffs in the New Review Request page.
When uploading a diff, Review Board will now detect if a parent diff isneeded for the patch to apply. If so, the user will be shown an appropriateerror and then shown fields for uploading a parent diff.
LocalizationBug FixesReview RequestsFixed the display of errors when failing to publish a draft reviewrequest.
Patch by Mark Côté.
When uploading file attachments, malformed mimetypes provided by thebrowser will be ignored, and a proper mimetype will be guessed.(Bug #3427)
Long strings in the right-hand review request fields no longer causefields to overlap. (Bug #3371)
Fixed the display of errors in the Upload Diff and Add File dialogs.(Bug #3413)
Subversion同時發布的還有 1.7.27 版本。
代碼審查(Code Review)不但可以提高質量,而且還是一個知識共享和指導的極好的手段。不幸的是,準備工作的辛苦和工具支持的缺乏讓代碼審查很容易被延至「稍後再議」。Review Board的目標便是改變這一現狀,它所提供的應用程式可以支持代碼審查流程。