Sorcerer's Tower

Repositories, Releases and Status Updates

There have been releases of the software on Sorcerer's Isle, mostly to update URLs and fix the lack of documentation in the download packages.

The reason for the URL changes is the migration of repositories from GitHub onto my own server, details of which will follow this quick summary of the releases.

If you want more details on the releases, see the bottom of page, but in summary...


So that's the quick overview, but why? The primary reason for all of these releases was to change their repository URLs, from[reponame] to[reponame].

This is not a total move away from GitHub - it is still used for issue tracking (for the time being), and I'll most likely still push code there when full releases are made - but it will only be a secondary source/mirror.

The motivation for doing this is to reduce dependency on centralised proprietary services, and removing the unwanted requirement to have JavaScript enabled.

This move would have happened a great deal sooner, but when I looked into the various Git repository browsers available, I found a lot of bloated software with features I neither needed nor wanted, hundreds of megabytes of code and dependencies, no ability to meaningfully change how it looks, and so on.

Long story short: irritated by how everything sucked, whilst also looking for a decent project to extend my Python skills, I created a lightweight and themeable Git repository browser.


GitFrit is capable of running on CentOS 7, only needing Python 3.6 (or newer) and Git 2.24 (or newer). The source code is currently ~0.5MB (half of that is the included templating library, which I'd like to streamline).

GitFrit is tiny in comparison to almost everything else available - even git-web with ~0.3MB of source is only slightly smaller, and that has its markup intertwined with Perl, preventing it from being themeable.

GitFrit is not quite ready for release yet - I took shortcuts to get it up onto Sorcerer's Isle sooner, and those now need to be cleaned up into configuration options, all of which needs to be documented, plus there's a couple more features I'd like it to have first.

When those changes (and thus a release) will happen is uncertain - I need to shift focus back onto other priorities, and unless there's significant interest in GitFrit, it may take me a while to get back to it and spend the time to make it publicly available.

If you are interested, do send me an email so I can let you know when it's ready.

Release Statuses

A few more details on those releases...

Lucee on Jetty v0.7

Lucee on Jetty now works with Jetty 10.x releases, and there are bundles of Lucee 5.3.8 on Jetty 10.0.7 and on Jetty 9.4.44 (i.e. the latest stable releases at time of writing).

Anyone still using a v8 JVM will need to use the 9.4.x bundles, since Jetty 10.x requires v11 JVM (or above).

The download size has reduced from 85MB to 29MB thanks to using jetty-home instead of jetty-distribution and the "light" edition of Lucee (listed as "lucee.jar(without Extension)" on the Lucee download page).

If you need the extensions provided by the standard edition, they can either be downloaded individually (from the Lucee download page) and placed in the deploy directory, or you can simply swap lucee-light-{version}.jar with lucee-{version}.jar (before starting server).

cfPassphrase v0.2

cfPassphrase had been sitting on rc0.2 for longer than necessary and was promoted to v0.2 - there are no code changes between the two, so there is no need to update current projects, but the v0.2 packages do now include documentation, which some may prefer to the online docs.

A while back I started on adding newer algorithms (including Argon2), but priorities shifted and since then I haven't needed to do work that justifies continuing those efforts, so they remain incomplete.

Likewise, I have partial functionality related to reset tokens/URLs that makes sense to include but that wont happen unless/until I have a reason to work on the library again.

If either of these would be useful, feel free to reach out and discuss what you need.

QueryParam Scanner v0.8

QueryParam Scanner v0.8 has been formally merged/released - again, no code changes from rc0.8, just another case of life getting in the way at the time when this should have otherwise happened.

I'll also note that there are no further changes planned - I doubt the project is relevant to anyone these days - it was never updated to handle cfscript queries, and security-minded people are probably already using more comprehensive language-agnostic tools, of which checking for SQL injection is just one part.

(If anyone still actively uses QueryParam Scanner, for any reason, I would be interested in hearing about it.)

cfRegex v0.4

For reasons that may or not have made sense at the time, when I started cfRegex I combined the source code and its website into a single repository. This has finally been corrected.

I have extracted the code to its own repository, simplified the packages (and added the documentation), and re-released v0.1.003 as v0.3 to keep versioning consistent amongst projects.

UPDATE: This has been followed by v0.4 which handles named groups in patterns, adds shortcut methods for returntypes, and fixes a few minor bugs.

Scatter v0.1.1

There have been no changes to Scatter - the version increment is to reflect the addition of documentation and update of repository URL in the download package - so no need to update for existing projects.

Further updates are possible, but unlikely - Scatter currently does everything it was built for, so from my perspective there's no reason for it to change, but if there's a use-case you have that Scatter can almost solve, let me know.