Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 19 Update: ReviewBoard-1.7.12-1.fc19
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Wednesday 7th August 2013 23:05:08 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-13850
2013-07-30 15:12:18
--------------------------------------------------------------------------------

Name        : ReviewBoard
Product     : Fedora 19
Version     : 1.7.12
Release     : 1.fc19
URL         : http://www.review-board.org
Summary     : Web-based code review tool
Description :
Review Board is a powerful web-based code review tool that offers
developers an easy way to handle code reviews. It scales well from small
projects to large companies and offers a variety of tools to take much
of the stress and time out of the code review process.

--------------------------------------------------------------------------------
Update Information:

As with all ReviewBoard updates, you will need to run 'rb-site upgrade
/path/to/site' for all installed sites after applying this update.

== Action Required ==

The default Apache configuration is now more strict with how it serves up
file attachments. This does not apply to existing installations. See http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments
for details.


== Description ==

- New upstream release 1.7.12
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12/
- Security Fixes:
    * Function names in diff headers are no longer rendered as HTML.
    * If a user’s full name contained HTML, the Submitters list would
render it as HTML, without escaping it. This was an XSS vulnerability.
    * The default Apache configuration is now more strict with how it
serves up file attachments. This does not apply to existing installations.
See http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments
for details.
    * Uploaded files are now renamed to include a hash, preventing users
from uploading malicious filenames, and making filenames unguessable.
    * Recaptcha support has been updated to use the new URLs provided by
Google.
- New Features:
    * Added a X-ReviewRequest-Repository header for e-mails.
- Extension Improvements:
    * Extensions can now specify their list of app directories.
    * Extensions can now specify the author’s URL.
    * Improved the look and feel for extension configuration.
    * Improved the functionality for extension configuration.
    * Improved the list of available extensions.
- Bug Fixes:
    * Fixed the “Show Whitespace Changes” toggle.
    * Fixed compatibility with modern versions of django-storages.
    * Draft comments on file attachments are no longer shown to all users.
    * Fixed issues with console windows appearing when invoking Clear Case
requests on Python 2.7.x and Windows 7.
    * Review requests on Local Sites are now guaranteed to have the proper
ID.
    * Fixed starring review requests on Local Sites.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 29 2013 Stephen Gallagher  - 1.7.12-1
- New upstream release 1.7.12
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12/
- Security Fixes:
    * Function names in diff headers are no longer rendered as HTML.
    * If a user’s full name contained HTML, the Submitters list would
render it
      as HTML, without escaping it. This was an XSS vulnerability.
    * The default Apache configuration is now more strict with how it
serves up
      file attachments. This does not apply to existing installations. See
      http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments
      for details.
    * Uploaded files are now renamed to include a hash, preventing users
from
      uploading malicious filenames, and making filenames unguessable.
    * Recaptcha support has been updated to use the new URLs provided by
      Google.
- New Features:
    * Added a X-ReviewRequest-Repository header for e-mails.
- Extension Improvements:
    * Extensions can now specify their list of app directories.
    * Extensions can now specify the author’s URL.
    * Improved the look and feel for extension configuration.
    * Improved the functionality for extension configuration.
    * Improved the list of available extensions.
- Bug Fixes:
    * Fixed the “Show Whitespace Changes” toggle.
    * Fixed compatibility with modern versions of django-storages.
    * Draft comments on file attachments are no longer shown to all users.
    * Fixed issues with console windows appearing when invoking Clear Case
      requests on Python 2.7.x and Windows 7.
    * Review requests on Local Sites are now guaranteed to have the proper
ID.
    * Fixed starring review requests on Local Sites.
* Thu Jun 27 2013 Stephen Gallagher  - 1.7.11-1
- New upstream release 1.7.11
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.11/
- Bug Fixes:
    * Fixed compatibility with Python 2.5
    * Fixed the drop-down arrow by Support and the account name on older
      versions of Internet Explorer
* Mon Jun 24 2013 Stephen Gallagher  - 1.7.10-1
- New upstream release 1.7.10
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/
- Security Updates:
    * Fixed an XSS vulnerability where users could trigger script errors
under
      certain conditions in auto-complete widgets
- Web API Changes:
    * Added n ?order-by= query parameter for comment resources,
      allowing ordering by fields such as line numbers (for diff comments)
    * Added a filename field to screenshot resources, which provides the
base
      filename (without path) of the screenshot
    * Added a review_url field to screenshot resources, which provides the
URL
      to the screenshot review page
    * Added a thumbnail_url field to screenshot comment resources, which
      provides the URL to the snippet of the screenshot being commented on
    * Added a link_text field to file attachment comment resources, which
shows
      the text for any link pointing to the file. This may differ depending
on
      the comment
    * Added a review_url field to file attachment comment resources, which
      provides the URL to the review page for the file
    * Added a thumbnail_html field to file attachment comment resources,
which
      provides HTML for rendering the thumbnail of the portion of the file
      being rendered, if any
- UI Changes:
    * Improved the look and feel of the issue summary table. It’s cleaner
and
      no longer looks odd with long comment text
- Bug Fixes:
    * Fixed periodic but harmless JavaScript errors when removing elements
with
      relative timestamps
    * Editing or reordering dashboard columns no longer breaks after the
      dashboard reloads
    * Relative timestamps in the dashboard no longer break after the
dashboard
      reloads
    * The maximum size of the timezone has increased, allowing for longer
      timezone strings
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update ReviewBoard' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms