![[GeSHi - syntax colorizer]](./images/title.png)
|
|
|
|
HomeNewsExamplesDemoDownloadsFAQDocumentationMailing ListsLicense | |||||||||
|
4:10 am GMT
GeSHi NewsHere's where you can find out all the latest news about GeSHi - new releases, bug fixes and general errata. GeSHi 1.0.8.6 Released26/12/2009Again there have been some important changes in this new release. It contains alot of bugfixes over earlier releases and adds 11 more languages thus making a total of 157 supported languages. This time the release mostly consisted mostly of bugfixes and improvements to language files. The only parser update has been a rework of number support to make it become a bit more stable in cases where numbers are part of a keyword URL - and thus invalid HTML has been produced. The root cause is inherent, but this update should fix most cases that caused trouble in the past. As already noted previously there's a problem with PCRE not working properly with some large sources: As I'm not a developer of PCRE, but a mere user I ask you to report issues with PCRE bugs upstream to them, not me. More information on current GeSHi developement can be found in my blog. Download from the usual place, bug reports to the sf.net tracker please etc. etc... BenBE. GeSHi 1.0.8.5 Released10/09/2009Again there have been some important changes in this new release. It contains alot of bugfixes over earlier releases and adds 7 more languages thus making a total of 146 supported languages. Besides the many bugfixes in the language files there are some formal bugfixes with the parser where certain conditions could lead to invalid or improper code being generated. As already noted previously there's a problem with PCRE not working properly with some large sources: As I'm not a developer of PCRE, but a mere user I ask you to report issues with PCRE bugs upstream to them, not me. More information on current GeSHi developement can be found in my blog. Download from the usual place, bug reports to the sf.net tracker please etc. etc... BenBE. GeSHi 1.0.8.4 Released23/05/2009Again time has passed and there have been some more or less important changes in this new release. It contains alot of bugfixes over earlier releases and adds 6 more languages thus making a total of 138 supported languages. Besides the many bugfixes in the language files there is one quite important change language file developers should take care of: GeSHi now highlights keywords BEFORE highlighting regexps thus allowing languages like LaTeX to link known keywords while still highlighting unknown commands via regexp. This feature comes with a small price: You have to take care of how you link your keywords and how your regexps operate to not interfere with the already highlighted keywords. Also I noticed a problem with PCRE not working properly with some large sources: As I'm not a developer of PCRE, but a mere user I ask you to report issues with PCRE bugs upstream to them, not me. More information on current GeSHi developement can be found in my blog. Download from the usual place, bug reports to the sf.net tracker please etc. etc... BenBE. GeSHi 1.0.8.3 Released22/03/2009One year of leading this project has gone by quite fast and many things have improved, some have changed, but most important: Things are developing. Thanks to you all I was able to fix a lot of bugs in earlier releases and add 6 more languages thus making a total of 132 languages. All in all this is a nice present to celebrate 1 year of GeSHi developement that has gone by after Nigel handed over the lead. One year with 6 releases which is more or less what I planned, although one particular todo item has silently been ignored (more or less): Getting GeSHi 1.1.X to release quality. But well, more on the ups and downs in the last year can be found in my blog. Please check there for more details on GESHi developement and future plans. Download from the usual place, bug reports to the sf.net tracker please etc. etc... BenBE. GeSHi celebrates 2000 revisions!08/02/2009I'm proud to announce that the 2000th revision of GeSHi has just been committed to the SVN. This, at the same time, is also the first Release Candidates for the upcoming 1.0.8.3 release of GeSHi to enable all of you out there to check the new features involved in this new release. As mentioned in my blog there will not be much news with the parser as there has been with the previous releases, but again a bunch of new language files and loads of corrections to existing ones have been incoorperated. But well, one news there is. Previous releases of GeSHi had problems with languages containing keywords like "CREATE TABLE" like SQL has, or the famous "O RLY?" keyword from LOLcode. Old versions matched spaces in there literally thus your code had to exactly replicate these keywords. Starting with rev 1999 - the last change included with this release candidate - there is a PARSER_CONTROL to make GeSHi handle those kinds of keywords more liberal. More details on the changes in this RC can as always be taken from the CHANGELOG; downloads as usual for Release Candidates from the RELEASE_1_0_X_STABLE branch in the SVN. I want to thank all the people out there for their great efforts and helpful hand in making GeSHi what it has become: A great highlighter! On to the next 2000 revisions! GeSHi 1.0.8.2 Released25/12/2008Right on time we lay you this kind gift below your Christmas Tree: version 1.0.8.2 of GeSHi. This release is mainly a bugfix release and thus does not incorperate many changes to the parser itself, but a lot of work on the language files. The main goal intended to reach in this release has not fully been reached: Two language files out of the total 126 languages supported still have some minor problems, yet the rest has all been fixed to be free of warnings or improved in some other way. Alongside these 126 languages are 10 new languages; including 5 esotheric languages intended for release with 1.0.8.1 and available separately as an Halloween Esoteric Languages Pack - sorry for the minor glitches in there though: It was created in a hurry and some minor issues accidentially slipped by ;-). For all those interested in up-to-date on-the-edge information on developement I recommend reading the GeSHi category of my blog which will cover the latest efforts that went into GeSHi as well as some future plans. As I mentioned in my blog yesterday, there unfortutnally have not been any submissions for the GCC: GeSHi Contributions Contest and thus there has been no new script been added to the contrib section of the release. If you have any comments or feedback regarding the contest I'd be glad to hear about it in my blog or by mail. I wish you a merry X-mas, nice presents and everything you wish yourself. So long, BenBE. P.S.: Download from the usual place, bug reports to the sf.net tracker please etc. etc... Security companies, distributors and reading ...05/11/2008There are moments, when a developer leans back after a release, concentrating on planning work for the next release to come and suddenly gets a mail on the devel list telling him about an security advisory about a bug he himself fixed about two months ago. For economy reasons the publically accessible news entry for users and developers contains the information on two distinct problems: One arbitrary remote code execution issue, which requires a system to be compromised by itself already (controlled by the attacker) or affected by another remote code execution issue in other third party software that gets executed before GeSHi runs - or to make it short: The door was open BEFORE the you could use the bug. In an attackers view, that issue was unnecessary to mention, because an attacker won't use it. So well, maybe they mixed things up and ment the Denial of Service attack you could drive against GeSHi which had an real impact - in my tests I accidentially drove one server into the corner making the owner to having to reboot it. No - they didn't notice that one because the report clearly said "fixed in 1.0.8.1" AND the impact clearly stated "remote code execution". In an attackers point of view I'd clearly prefer the bug fixed with 1.0.8 instead of relying on an issue I won't be able to take advantage of. So please, Secunia: Read bug reports provided by vendors, before you post your notices on unnecessary information on isues not relevant for attacks. Also I'd appreciate it if you at least could write the programs names correctly that you are reporting about. Furthermore you should use the contact information provided by the project management and contact them if you don't understand things or have information for them. It's simply annoying to get informed by third-parties of an issue of near-zero revelance, when there is public information on critical issues you can use to DoS a remote system. Well, so far for security companies, now on to Debian package maintaining: I really like Debian, except for one point: You can't use testing for reasonably current software - instead you have to use unstable or even experimental. I know, testing should become more and more stable over time until it becomes the next stable at one point, but in my oppinion that shouldn't automatically mean that you freeze a package at a point where there is enough evidence of that particular version having more than just a few minor issues compared to updated versions. Instead you're botching around in an outdated version trying to backport patches for issues that can't be easily ported there, because the code evolved. This might work for the remote code execution issue that just changed one routine, but it won't work for the Denial of Service error in 1.0.7.22 because fixing it means to actually improve the parser, which in returns means, you just could update to the latest upstream version. So if you please could drop that package botching crap and let the upstream authors decide on how to handle things or at least give them more control on their software? Thanks in advance! On a final word after all that complaining I would like to thank the people from the MediaWiki packaging team for their great work and efforts in packaging the latest versions of GeSHi that fast after a new release has been out. Keep up your good work! BenBE. GeSHi 1.0.8.1 Released31/10/2008Not quite in time, but better late than never, I proudly present you the latest work on the GeSHi project. The latest version now is 1.0.8.1 and mainly includes bugfixes and security changes that should help improving your GeSHi experience. Also there are 7 new language files. We also would like to remind you of the GCC: GeSHi Contribution Contest where you can let play your creativity. Download from the usual place, bug reports to the sf.net tracker please etc. etc... BenBE. GeSHi HELP Edition31/10/2008I'm proud to announce the GeSHi HELP Edition (Halloween Esoteric Languages Pack) that will contain some rare, newly created and still unreleased languages. The pack contains some common esoteric languages which I hope you all will enjoy. These languages will be available only for a short time, so make sure you get them ;-) Second Release Candidate for 1.0.8.1 finally out04/10/2008Hi folks, after the release of the second RC had to be postponed a bit due to some other workload it's finally done: It's out. What's new: Not much, except for some minor bugfixes in some of the language files (Bash, Boo, CIL, COBOL, MySQL, mIRC, Perl, Tcl, Typoscript, VB.NET and some others), some other minor fixes the GESHI_HEADER_PRE_TABLE header type and some other small tweaks here and there ... As always, there are some new languages. This time: TeraTerm, Oracle11, Prolog and a language file for GNU make compatible Makefiles. As always I wish happy testing of the RC. It's available from the usual place from within the SVN repository. As usual the website features the latest RC - so if you don't want to upload it on your server, feel free to test it here ;-) BenBE. |
