[SECURITY] Fedora 20 Update: ReviewBoard-1.7.22-2.fc20
updates at fedoraproject.org
updates at fedoraproject.org
Sat Mar 15 15:20:29 UTC 2014
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-3446
2014-03-05 03:55:20
--------------------------------------------------------------------------------
Name : ReviewBoard
Product : Fedora 20
Version : 1.7.22
Release : 2.fc20
URL : http://www.review-board.org
Summary : Web-based code review tool
Description :
Review Board is a powerful web-based code review tool that offers
developers an easy way to handle code reviews. It scales well from small
projects to large companies and offers a variety of tools to take much
of the stress and time out of the code review process.
--------------------------------------------------------------------------------
Update Information:
- New upstream security release 1.7.22
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.22/
- Security Fixes:
* An XSS vulnerability was found in the Search field's auto-complete.
- New Features:
* Added support for anonymous access to public Local Sites.
* Added support for parallel-installed versions of Django.
- API Changes:
* The documentation for Review Group Resource no longer says that review groups cannot be created through the API.
- Bug Fixes:
* Install/Upgrade:
* Fixed compatibility with Apache 2.4's method for authorization in newly generated config files.
* Fixed an issue on some configurations where loading in initial schema data for the database would fail
* rb-site upgrade --all-sites no longer throws an error if there are no valid sites configured.
* Administration:
* Administrators now have access to all repositories, instead of just public ones or ones they're a member of.
* Repositories backed by paths that no longer exist can now be hidden.
* Fixed creating groups and repositories that had conflicting "unique" fields.
* Password fields no longer appear blank when they have a value in forms.
* Setting https in the server URL now properly marks the server as using HTTPS. All URLs generated for the API and e-mails will include https instead of http.
* Fixed incorrect labelling for the review request status graph in the Admin dashboard.
* LDAP:
* Usernames, passwords, and other information are properly encoded to UTF-8 before authenticating.
* Users without e-mail addresses in LDAP no longer break when first authenticating.
* Dashboard:
* Fixed support for accessing watched groups through the Dashboard.
* Repositories:
* Copied files in Git diffs no longer results in File Not Found errors, and properly handles showing the state much like moved files.
* Added better compatibility with Mercurial repository when accessing hg-history URLs, when the server name didn't contain a trailing slash.
* Added better CVS compatibility for repositories that don’t contain CVSROOT/modules.
* Fixed issues with Clear Case in multi-site mode when OIDs weren't yet available on the server.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 3 2014 Stephen Gallagher <sgallagh at redhat.com> 1.7.22-2
- Add BuildRequires: systemd for the %{_unitdir}} macro
* Mon Mar 3 2014 Stephen Gallagher <sgallagh at redhat.com> 1.7.22-1
- New upstream security release 1.7.22
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.22/
- Security Fixes:
* An XSS vulnerability was found in the Search field's auto-complete.
- New Features:
* Added support for anonymous access to public Local Sites.
* Added support for parallel-installed versions of Django.
- API Changes:
* The documentation for Review Group Resource no longer says that review
groups cannot be created through the API.
- Bug Fixes:
* Install/Upgrade:
* Fixed compatibility with Apache 2.4's method for authorization in newly
generated config files.
* Fixed an issue on some configurations where loading in initial schema
data for the database would fail
* rb-site upgrade --all-sites no longer throws an error if there are no
valid sites configured.
* Administration:
* Administrators now have access to all repositories, instead of just
public ones or ones they're a member of.
* Repositories backed by paths that no longer exist can now be hidden.
* Fixed creating groups and repositories that had conflicting "unique"
fields.
* Password fields no longer appear blank when they have a value in forms.
* Setting https in the server URL now properly marks the server as using
HTTPS. All URLs generated for the API and e-mails will include https
instead of http.
* Fixed incorrect labelling for the review request status graph in the
Admin dashboard.
* LDAP:
* Usernames, passwords, and other information are properly encoded to UTF-8
before authenticating.
* Users without e-mail addresses in LDAP no longer break when first
authenticating.
* Dashboard:
* Fixed support for accessing watched groups through the Dashboard.
* Repositories:
* Copied files in Git diffs no longer results in File Not Found errors, and
properly handles showing the state much like moved files.
* Added better compatibility with Mercurial repository when accessing
hg-history URLs, when the server name didn't contain a trailing slash.
* Added better CVS compatibility for repositories that don’t contain
CVSROOT/modules.
* Fixed issues with Clear Case in multi-site mode when OIDs weren’t yet
available on the server.
* Fri Feb 21 2014 Stephen Gallagher <sgallagh at redhat.com> 1.7.21-5
- Require patched version of Djblets to handle requires.txt
* Fri Feb 21 2014 Stephen Gallagher <sgallagh at redhat.com> 1.7.21-4
- Fix mimeparse requirement
* Fri Feb 21 2014 Stephen Gallagher <sgallagh at redhat.com> 1.7.21-3
- Support parallel-installable python-django14 package
* Mon Jan 27 2014 Stephen Gallagher <sgallagh at redhat.com> 1.7.21-2
- Fix apache configuration to support new authorization directive
* Wed Jan 15 2014 Stephen Gallagher <sgallagh at redhat.com> 1.7.21-1
- New upstream enhancement release 1.7.21
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.21/
- New Features:
* Added support for GitLab servers.
* Added support for the Unfuddle service.
* Added support for publicly accessible Local Sites.
- Performance Improvements:
* Massively improved render time of large diffs.
- API Changes:
* Added new query parameters for filtering lists of repositories.
- Bug Fixes:
* Fixed issues verifying and accessing files for Subversion repositories on
Beanstalk.
* Fixed issues accessing properties on Subversion repositories on some
hosting providers that require authentication.
* The activity widget in the administration UI now shows data for the current
day.
* Fixed issues where the activity widget could break, depending on the date
range.
* Fixed a regression in error messages provided when setting up a GitHub
repository.
* Fixed links in e-mails to file attachments stored on CDNs.
* Removed an unnecessary external image included in e-mails.
* Users no longer on a LocalSite will be excluded from any e-mails on review
requests or reviews they were previously involved in.
* Thu Dec 12 2013 Stephen Gallagher <sgallagh at redhat.com> - 1.7.20-1
- New upstream bugfix release 1.7.20
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.20/
- Web API Changes:
* When posting a review request and using submit-as, the given username will
now be looked up in the auth backend (LDAP, Active Directory, etc.),
instead of just the local database.
- Bug Fixes:
* Accessing file attachments without review UIs through the API no longer
causes an HTTP 500 error.
* Fields in the administration UI containing JSON will no longer cause errors
during save. Furthermore, the JSON is now valid and properly editable.
* Usernames with plus signs are now allowed.
- Internal Changes
* Rewrote the Mercurial support to use the command line tool.
* Wed Nov 27 2013 Stephen Gallagher <sgallagh at redhat.com> - 1.7.19-1
- New upstream bugfix release 1.7.19
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.19/
- New Features:
* Added support for two-factor authentication for GitHub.
- Performance Improvements:
* Re-introduced browser caching on the review request page.
- Web API Changes:
* Added the mirror_path field to Repository Resource.
- Bug Fixes:
* Fixed the default focus on the Review dialog. The top-most field now always
has default focus.
* Fixed displaying review requests for groups on a Local Site.
* Prevented rare crashes with Local Sites using the new permissions support
without any granted permissions.
* Fixed HTTP basic authentication with the web API when using fastcgi.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ReviewBoard' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list