Entries tagged "news"
News is any article written to announce noteworthy events (generally
significant software releases).
Found 13 entries
tagged with "news", displaying most recent 5 entries.
The release candidate for the next version of QueryParam Scanner is
available on GitHub.
So what's changed?
Well it now runs on FW/1 rather than Fusebox, and the UI has a new
theme - the previous gold/beige is gone, and in its place is a theme based on a
"new" logo which I've actually had sitting around for several years. There's CSS
used that will require a modern browser - FF4 and IE9 both work, but no
guarantees for anything older.
Functionality-wise there's a couple of fixes: an error is now thrown when a
directory doesn't exist (previous behaviour was to return 0 matches in 0 files),
and the IDs returned in data structures are now content-based hashes (previously
they were ever-changing UUIDs). Oh, and the IDs are now displayed with the HTML
results, in preparation for future functionality that'll potentially use them.
A new experimental (i.e. buggy) feature has been added to seperate the query
code into SELECT/FROM/WHERE/etc parts, when returning data structures. This may
help with post-processing the data, but has known flaws so use with care.
(The existing ORDER BY functionality has also been marked as experimental to
similarly indicate that it's not perfect.)
There's a minor change in that relative paths are officially not supported -
the UI always stated absolute paths or mappings were required, but there was
ugly code in place to try and make relative paths work too - that code has been
removed. If you used relative paths before, you need to resolve them before
passing to qpscanner.
Changed: Switched to FW/1 and removed unnecessary files.
Changed: New logo and front-end UI.
Removed: Dropped unofficial relative path support.
Added: Experimental ability to separate query code into segments
Fixed: IDs now use content-based SHA hashes, not random UUIDs.
Fixed: Throw error when path does not exist, instead of zero results.
Supports: ColdFusion 9/10 and Railo 3.3/4.0/4.1
That's it for now. There are several new features planned to make qpscanner
faster, more flexible and more useful, but you'll have to wait for a future
release for those.
As ever, if you have any feedback, feature requests, or find any bugs, then
please go ahead and get in touch via the GitHub issue tracker.
Earlier this week I promoted the release candidate for 0.7.5 of QueryParam Scanner
to full release.
For anyone unaware, QueryParam Scanner is a simple tool for identifying
unparameterised variables in CFML queries (which may indicate a potential SQL
This version has a handful of bug fixes and code cleanups, resulting in faster
more accurate scanning than previous versions, plus the addition of JSON output
format, giving a more lightweight option if used in scripted processes.
For further details on these, see the previous RC article; other than
a couple of trivial fixes and a new readme, nothing has changed since that.
To download the latest version, you can either clone the git repo, or
grab it as a zip archive from the GitHub tags page.
For any feedback, problems, or questions, please use the issue tracker.
I have just pushed an update of QueryParam Scanner to GitHub, containing
This update is on the rc0.7.5 branch, and it'd be nice if people could
take it for a spin and make sure there are no issues with it. (There is a
zip download for anyone without git.)
The visible changes which you might notice are:
- Added JSON output format, giving an alternative to XML for anyone using
qpscanner in a scripted process.
- Added variable for number of potential risk files, and improved related
wording in HTML output.
- Fixed bug where identical queries were causing incorrect line numbers.
- Fixed bug where query names were not being detected.
- Fixed bug where blank lines were incorrectly removed.
However, there are also significant under-the-hood changes. I removed my
obsolete "Java Regex Utils" library (replacing it with the object part of
cfRegex), and made a number of little code clean-ups.
A result of these changes is that qpscanner rc0.7.5 appears to be almost twice
as fast as previous versions.
If you have any feedback, please feel free to contact me via GitHub,
and similarly if you find any bugs then please raise them on the issue tracker.
The cfRegex project is two things. Firstly, it is a complete regex implementation
for CFML, providing more functionality, flexibility, features and power than the
existing CFML RE functions. Secondly, it is a drive to encourage people to
properly learn and make use of regex.
Regex is a very flexible language for matching patterns within text, and it has
the power to greatly simplify certain programming tasks. However, it can also be
intimidating to people not experienced with it.
This problem can be compounded by the relatively limited support for regex in
CFML, which often means code is written that is more complex than should be
cfRegex helps to address both these problems. It provides a number of functions
and features that help to reduce the amount of code which programmers have to
write, whilst also helping to make their code clearer and easier to understand.
In addition, the project provides documentation, not just for its own features,
but also for regex itself, helping people to understand exactly what their
expressions are matching, and how to get the most out of regex.
Whilst cfRegex is still at a relatively early stage, it is currently usable, and
if you're a fan of regex it is certainly worth checking out.
It currently runs on CF 9.0.1, OpenBD 2.0, Railo 3.2 and later.
(Support for CF8 and others will be considered if enough people need it.)
The documentation should tell you everything you need to know about using it,
but if not then get it touch and say what's missing so it can be fixed!
If you get stuck, there's a mailing list where you can receive answers to any
problems or questions you have.
Version 0.9 of Beehive Forum, probably the greatest forum software there is, has recently been officially released.
Since the previous v0.8.4 there have been a variety of fixes and improvements, particularly to client-side caching and UTF-8.
There is also now support for Google Analytics and for displaying optional Google Adsense adverts. For full information on what has changed, you can check the release notes.
Download Beehive Forum 0.9 from SourceForge
Also, Beehive is currently a Finalist in the SourceForge Community Choice Awards!
If you're a fan of Beehive and haven't yet voted, please vote for Beehive now.
There is a lot of competition, with many thousands of votes already having been cast, so please help spread the word to as many other Beehive users as you can, to help vote for Beehive to win, and gain the recognition it deserves!