Entries tagged "news"
News is any article written to announce noteworthy events (generally
significant software releases).
Found 15 entries
tagged with "news", displaying most recent 5 entries.
There have been releases of the software on Sorcerer's Isle, mostly to
update URLs and fix the lack of documentation in the download packages.
The reason for the URL changes is the migration of repositories from GitHub
onto my own server, details of which will follow this quick summary of the releases.
If you want more details on the releases, read the full version of this post, but in summary...
Lucee on Jetty is now at v0.7 and both Jetty 9.4.44 and Jetty 10.0.7 have been bundled with Lucee 5.3.8
cfPassphrase had been sitting on rc0.2 for longer than necessary and was promoted to v0.2 -
there are no code changes - no need to update current projects.
QueryParam Scanner v0.8 has been formally merged/released - again, no code changes from rc0.8,
just another case of life getting in the way at the time when this should have otherwise happened.
cfRegex v0.1.003 has been re-released as v0.3 to keep versioning consistent amongst projects,
and actually has its own repository now, along with simplified packages and documentation.
Scatter v0.1.1 does nothing more than add documentation and update the repository URL,
so again nothing to update for existing projects.
So that's the quick overview, but why?
The primary reason for all of these releases was to change their repository URLs, from
This is not a total move away from GitHub - it is still used for issue tracking
(for the time being), and I'll most likely still push code there when full
releases are made - but it will only be a secondary source/mirror.
The motivation for doing this is to reduce dependency on centralised proprietary services,
This move would have happened a great deal sooner, but when I looked into the various Git
repository browsers available, I found a lot of bloated software with features
I neither needed nor wanted, hundreds of megabytes of code and dependencies,
no ability to meaningfully change how it looks, and so on.
Long story short: irritated by how everything sucked, whilst also looking for
a decent project to extend my Python skills, I created a
lightweight and themeable Git repository browser.
GitFrit is capable of running on CentOS 7, only needing Python 3.6 (or newer) and Git 2.24 (or newer).
The source code is currently ~0.5MB (half of that is the included templating library, which I'd like to streamline).
GitFrit is tiny in comparison to almost everything else available - even git-web with ~0.3MB of source is only slightly smaller,
and that has its markup intertwined with Perl, preventing it from being themeable.
GitFrit is not quite ready for release yet - I took shortcuts to get it up onto
Sorcerer's Isle sooner, and those now need to be cleaned up into configuration
options, all of which needs to be documented, plus there's a couple more features
I'd like it to have first.
When those changes (and thus a release) will happen is uncertain - I need to shift focus
back onto other priorities, and unless there's significant interest in GitFrit, it may take me a
while to get back to it and spend the time to make it publicly available.
If you are interested, do send me an email so I can let you know when it's ready.
It is deliberately lightweight, easy to integrate, and without dependencies.
The initial script was written to provide a scattered polaroid effect for an in-page gallery,
as a reaction to the complexity found in a couple of existing libraries - both of those
other libraries expected JSON files containing the image URLs, which was parsed and
iterated through to generate specific markup, and neither of the libraries could be easily
modified to take the simpler and more flexible approach of being pointed at existing markup.
Thus, the script that evolved into Scatter was created, with a focus on providing an
easy-to-integrate and configurable scattering effect with a clean core script - i.e.
following the philosophy of doing one thing well, and also making it easy for others
to understand (and extend if needed).
Scatter does not convert JSON to HTML for you - that's a distinct task from randomly
arranging HTML elements - but it will work whether your HTML is static or dynamic,
and it does not limit you to images styled as polaroids.
The versatility is demonstrated within the Scatter documentation, where a handful of
examples show how it can be used to achieve vastly different effects.
Scatter does not require any external libraries, it's a single ~12KB file (~3KB compressed)
and will run in any browser released in the past five years (earlier browsers will work with
appropriate polyfills, available either from MDN or backwards compatibility libraries).
If you find any issues, or you have a need that Scatter almost-but-not-quite meets, feel free
to either raise an issue or get in touch directly to discuss further.
The release candidate for the next version of QueryParam Scanner is
available on GitHub.
So what's changed?
Well it now runs on FW/1 rather than Fusebox, and the UI has a new
theme - the previous gold/beige is gone, and in its place is a theme based on a
"new" logo which I've actually had sitting around for several years. There's CSS
used that will require a modern browser - FF4 and IE9 both work, but no
guarantees for anything older.
Functionality-wise there's a couple of fixes: an error is now thrown when a
directory doesn't exist (previous behaviour was to return 0 matches in 0 files),
and the IDs returned in data structures are now content-based hashes (previously
they were ever-changing UUIDs). Oh, and the IDs are now displayed with the HTML
results, in preparation for future functionality that'll potentially use them.
A new experimental (i.e. buggy) feature has been added to seperate the query
code into SELECT/FROM/WHERE/etc parts, when returning data structures. This may
help with post-processing the data, but has known flaws so use with care.
(The existing ORDER BY functionality has also been marked as experimental to
similarly indicate that it's not perfect.)
There's a minor change in that relative paths are officially not supported -
the UI always stated absolute paths or mappings were required, but there was
ugly code in place to try and make relative paths work too - that code has been
removed. If you used relative paths before, you need to resolve them before
passing to qpscanner.
Changed: Switched to FW/1 and removed unnecessary files.
Changed: New logo and front-end UI.
Removed: Dropped unofficial relative path support.
Added: Experimental ability to separate query code into segments
Fixed: IDs now use content-based SHA hashes, not random UUIDs.
Fixed: Throw error when path does not exist, instead of zero results.
Supports: ColdFusion 9/10 and Railo 3.3/4.0/4.1
That's it for now. There are several new features planned to make qpscanner
faster, more flexible and more useful, but you'll have to wait for a future
release for those.
As ever, if you have any feedback, feature requests, or find any bugs, then
please go ahead and get in touch via the GitHub issue tracker.
Earlier this week I promoted the release candidate for 0.7.5 of QueryParam Scanner
to full release.
For anyone unaware, QueryParam Scanner is a simple tool for identifying
unparameterised variables in CFML queries (which may indicate a potential SQL
This version has a handful of bug fixes and code cleanups, resulting in faster
more accurate scanning than previous versions, plus the addition of JSON output
format, giving a more lightweight option if used in scripted processes.
For further details on these, see the previous RC article; other than
a couple of trivial fixes and a new readme, nothing has changed since that.
To download the latest version, you can either clone the git repo, or
grab it as a zip archive from the GitHub tags page.
For any feedback, problems, or questions, please use the issue tracker.
I have just pushed an update of QueryParam Scanner to GitHub, containing
This update is on the rc0.7.5 branch, and it'd be nice if people could
take it for a spin and make sure there are no issues with it. (There is a
zip download for anyone without git.)
The visible changes which you might notice are:
- Added JSON output format, giving an alternative to XML for anyone using
qpscanner in a scripted process.
- Added variable for number of potential risk files, and improved related
wording in HTML output.
- Fixed bug where identical queries were causing incorrect line numbers.
- Fixed bug where query names were not being detected.
- Fixed bug where blank lines were incorrectly removed.
However, there are also significant under-the-hood changes. I removed my
obsolete "Java Regex Utils" library (replacing it with the object part of
cfRegex), and made a number of little code clean-ups.
A result of these changes is that qpscanner rc0.7.5 appears to be almost twice
as fast as previous versions.
If you have any feedback, please feel free to contact me via GitHub,
and similarly if you find any bugs then please raise them on the issue tracker.