Latest News
2008/12/25
Right on time we lay you this kind gift below your Christmas Tree: version 1.0.8.2 of GeSHi.
This release is mainly a bugfix release and thus does not incorperate many changes to the parser itself, but a lot of work on the language files. The main goal intended to reach in this release has not fully been reached: Two language files out of the total 126 languages supported still have some minor problems, yet the rest has all been fixed to be free of warnings or improved in some other way.
Alongside these 126 languages are 10 new languages; including 5 esotheric languages intended for release with 1.0.8.1 and available separately as an Halloween Esoteric Languages Pack - sorry for the minor glitches in there though: It was created in a hurry and some minor issues accidentially slipped by ;-).
For all those interested in up-to-date on-the-edge information on developement I recommend reading the GeSHi category of my blog which will cover the latest efforts that went into GeSHi as well as some future plans.
As I mentioned in my blog yesterday, there unfortutnally have not been any submissions for the GCC: GeSHi Contributions Contest and thus there has been no new script been added to the contrib section of the release. If you have any comments or feedback regarding the contest I'd be glad to hear about it in my blog or by mail.
I wish you a merry X-mas, nice presents and everything you wish yourself.
So long,
BenBE.
P.S.: Download from the usual place, bug reports to the sf.net tracker please etc. etc...
2008/11/05
There are moments, when a developer leans back after a release, concentrating on planning work for the next release to come and suddenly gets a mail on the devel list telling him about an security advisory about a bug he himself fixed about two months ago. For economy reasons the publically accessible news entry for users and developers contains the information on two distinct problems: One arbitrary remote code execution issue, which requires a system to be compromised by itself already (controlled by the attacker) or affected by another remote code execution issue in other third party software that gets executed before GeSHi runs - or to make it short: The door was open BEFORE the you could use the bug. In an attackers view, that issue was unnecessary to mention, because an attacker won't use it.
So well, maybe they mixed things up and ment the Denial of Service attack you could drive against GeSHi which had an real impact - in my tests I accidentially drove one server into the corner making the owner to having to reboot it. No - they didn't notice that one because the report clearly said "fixed in 1.0.8.1" AND the impact clearly stated "remote code execution". In an attackers point of view I'd clearly prefer the bug fixed with 1.0.8 instead of relying on an issue I won't be able to take advantage of.
So please, Secunia: Read bug reports provided by vendors, before you post your notices on unnecessary information on isues not relevant for attacks. Also I'd appreciate it if you at least could write the programs names correctly that you are reporting about. Furthermore you should use the contact information provided by the project management and contact them if you don't understand things or have information for them. It's simply annoying to get informed by third-parties of an issue of near-zero revelance, when there is public information on critical issues you can use to DoS a remote system.
Well, so far for security companies, now on to Debian package maintaining: I really like Debian, except for one point: You can't use testing for reasonably current software - instead you have to use unstable or even experimental. I know, testing should become more and more stable over time until it becomes the next stable at one point, but in my oppinion that shouldn't automatically mean that you freeze a package at a point where there is enough evidence of that particular version having more than just a few minor issues compared to updated versions. Instead you're botching around in an outdated version trying to backport patches for issues that can't be easily ported there, because the code evolved. This might work for the remote code execution issue that just changed one routine, but it won't work for the Denial of Service error in 1.0.7.22 because fixing it means to actually improve the parser, which in returns means, you just could update to the latest upstream version. So if you please could drop that package botching crap and let the upstream authors decide on how to handle things or at least give them more control on their software? Thanks in advance!
On a final word after all that complaining I would like to thank the people from the MediaWiki packaging team for their great work and efforts in packaging the latest versions of GeSHi that fast after a new release has been out. Keep up your good work!
BenBE.
2008/10/31
Not quite in time, but better late than never, I proudly present you the latest work on the GeSHi project. The latest version now is 1.0.8.1 and mainly includes bugfixes and security changes that should help improving your GeSHi experience. Also there are 7 new language files.
We also would like to remind you of the GCC: GeSHi Contribution Contest where you can let play your creativity.
Download from the usual place, bug reports to the sf.net tracker please etc. etc...
BenBE.
2008/10/31
I'm proud to announce the GeSHi HELP Edition (Halloween Esoteric Languages Pack) that will contain some rare, newly created and still unreleased languages. The pack contains some common esoteric languages which I hope you all will enjoy. These languages will be available only for a short time, so make sure you get them ;-)
2008/10/04
Hi folks,
after the release of the second RC had to be postponed a bit due to some other workload it's finally done: It's out.
What's new: Not much, except for some minor bugfixes in some of the language files (Bash, Boo, CIL, COBOL, MySQL, mIRC, Perl, Tcl, Typoscript, VB.NET and some others), some other minor fixes the GESHI_HEADER_PRE_TABLE header type and some other small tweaks here and there ...
As always, there are some new languages. This time: TeraTerm, Oracle11, Prolog and a language file for GNU make compatible Makefiles.
As always I wish happy testing of the RC. It's available from the usual place from within the SVN repository. As usual the website features the latest RC - so if you don't want to upload it on your server, feel free to test it here ;-)
BenBE.
News Archive
|
![[GeSHi - syntax colorizer]](./images/title.png)
![[small1.png: Click for a larger view]](images/screenshots/screen1.png)