Hi everyone, We just released Review Board 3.0.21 and 4.0 RC 2. These releases contain a security fix for Markdown rendering, which could allow an attacker to craft a link that executes arbitrary JavaScript code when clicked.
The attacker would need to be someone who already has legitimate access to your server, and can perform reviews or otherwise access your code. We recommend that everyone (especially those running public servers) upgrades to address this vulnerability, though the seriousness of the issue will vary from company to company. We also released Docker support for 3.0.21, fixed Python 2.7 compatibility issues during installation, and polished 4.0 a bit in preparation for a final release. For more information, see the announcement at: https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/ Or the release notes: 3.0.21: https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/ 4.0 RC 2: https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/ Christian -- Christian Hammond President/CEO of Beanbag <https://www.beanbaginc.com/> Makers of Review Board <https://www.reviewboard.org/> -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CAE7Vndk5JEz8dQm-vjKX%3DdPdxG9cu2ZU2%2B%2BQb2xBAk%2BD6P5MYQ%40mail.gmail.com.
