Skip to content

Review Board 5.0.2: API Token Expirations, Trojan Source Options, Bug Fixes
Compare
Choose a tag to compare
@chipx86 chipx86 released this 07 Feb 09:59
· 867 commits to master since this release
release-5.0.2
e4313f8

Review Board 5.0.2 adds new time-based expiration controls for API tokens, improves your control over Trojan Source detection, adds new API features, and fixes several bugs.

Time-Based Expiration for API Tokens

In Review Board 5.0, we introduced new, stronger API tokens that could expire and be validated through automated tools.

Tokens can now be set to expire at a specific time. This is useful when creating short-lived tokens or ones that need to expire at, say, midnight on a given date.

The expiration dates/times for existing tokens can also be changed after token creation. They can even be set in the past to force a token to be expired.

Trojan Source Detection Options

Review Board 5 brought the ability to scan uploaded diffs for possible Trojan Source attacks. Since these are based on Unicode characters from a variety of languages, they can result in false-positives when working with character sets such as Cyrillic or Greek.

Now, Trojan Source detection can be toggled off entirely in Admin UI -> Diff Viewer Settings. Or you can leave it on and mark some character sets as safe.

Changes to URI Templates in the API

URI templates provide quick and easy access to various API resources, allowing a client to determine the appropriate URL simply by accessing the root resource and looking up the desired template name.

In Review Board 5, we had some new resources that conflicted with other ones. This may have impacted some in-house integrations or when using the RBTools API.

We’ve now fixed this to use the original names. The conflicting URI template names have been deprecated, and we’ve introduced a whole new set of future-proofed URI template names.

If you're a developer using our API, please see the full list of new, existing, and deprecated URI templates.

Plus...

  • Review UI support for more JSON and YAML mimetypes
  • Better defaults on new site installs for maximum diff sizes and lines for syntax highlighting
  • Extension capabilities for defining custom ACLs for accessing diffs
  • Usability fixes in the diff viewer and in configuration forms
  • Crash fixes
  • And more.

All the details can be found in the release notes.

To learn more about upgrading your server, see our upgrade instructions. You can also use our official Docker images.

If you need assistance with your server, we can help under a support contract.

Assets 2