coldfusionJedi

Recently the security firm Procheckup performed a security scan on BlogCFC. This was for a customer of theirs but they gladly shared the issues they found. This was rather nice of them so I'd like to thank them. They not only sent me a very detailed list of the issues (XSS issues), but also worked to help me verify they were fixed. Grab the latest bits from RIAForge: http://blogcfc.riaforge.org

I just released BlogCFC 5.9.5 to RIAForge. The readme describes all the changes, but the major focus in this release on improving the editor (lots of jQuery love!). I took a quick video demonstrating some of the new features. I know I need to get a better way of embedding videos on here, but for now the image below will take you to the SWF file directly.

Sorry for the all the "uhs" and junk. For some reason I tend to clench up when doing Jing videos. I blame the software. It can't be my fault!

Forgive the quick repost - I added this to BlogCFC.com, but wanted to ensure it got the widest distribution so I had as many testers as possible.

Ok folks, today I checked into SVN a major update to BlogCFC. New features include:

• A proper user manager. Yes, you can now add, edit, and delete users for your blog.
• Roles. Yes, you can now create users with restricted rules. I spent most of my time on the framework for this, and added a few default roles. I can expand the roles as people come back to me with suggestions.

The roles allow you to:

• Create users who can't edit other users.
• Create users who can't CRUD categories.
• Create users who can't add new categories.
• Create users who can't release, nor work with, released blog entries.

Again, these are the roles I'm shipping with. They are hard coded but can be expanded over time. There is also an Admin role. Any user in the Admin role can always do anything. This way you don't have to worry about adding new roles to a super user.

Please download (SVN instructions are at the RIAForge site) and test. Please read the readme.txt file or you will DIE! (Ok, you might not die, but still....)

I just released an update to BlogCFC. This fixes a few small bugs, but one is pretty critical. On blogs with multiple authors, if a user edits another user's blog entry (to fix a typo for example), than that user will become the author of the blog. Thanks to Sean Corfield for finding that one.

Speaking of blogs with multiple authors, don't forget that myself, Scott Stroz, and Scott Pinkston are blogging over at Geek The Tube. That's my main place to blog about TV/movie stuff, and with the fall season starting up (I still don't know what to think about the Urinal Terminator) the activity is picking up again.

Lastly, a TextMate question. I notice when I use Textmate to edit files on another machine on my network (I believe both Mac and PC), it leaves behind a file of the same name with an underscore in front of it. Anyone know what this is? It may not just be TextMate, but that's my primary editor outside of Eclipse.

I've just upated BlogCFC to version 5.9.1. This is one of the biggest releases in a while. It's mainly a guilt release. As folks know, version 6 has been well delayed. I decided to work on the 5.x branch again and clear up some old bugs and features that I had planned for version 6. So what's new?

• You can now delete a comment via email. When you get the email notification of a new comment (you being the admin), you have a special link. Clicking on this link will delete the comment without you even needing to log in. Basically, fire and forget.
• In the same vein, if you have comment moderation turned on, the email will include a link to approve the comment. (Thanks to Brian Kotek.)
• You can now subscribe to an entry without having to post a comment.
• Podcasting support. This was written by Brian Meloche.
• For entry enclosures, you can now manually enter a file name. This is handy for files that are too big to upload via HTTP (like files for podcasting).
• Multiple small bugs and other changes to generally approve the platform.

You can download BlogCFC from RIForge at http://blogcfc.riaforge.org.

I like the word Uber. Anyway, a bunch of updates today.

• Seeker was updated to include the Admin console. This now lets you list Lucene indexes as well as perform searches. You can also optimize and delete. ToDo: Form to add/index a new index. (Also ToDo are the things I mentioned before.)
• BlogCFC was updated with the latest ColdFish which should fix the CF6/7 issues.
• Galleon had a small update to the emails sent out to users.
• RIAForge. What to say? As you guys know, it has been suffering lately. A lot of folks have given advice, and I thank you. I removed the web SVN browser and it seems to have helped a lot. This does not impact the SVN server at all. Project owners can still use SVN. I just removed the web interface to browse SVN. The next issue I had was with MySQL. I was getting a max connection error. Again, multiple gurus stepped in to offer advice. I set a max connection limit in each of the DSNs on the box. So far, both of these changes seem to have helped quite a bit. Of course, it will probably go ape-youknowwhat while I'm at CFUNITED, but I'm hoping for the best.

Any questions, let me know.

I had decided to not work anymore on BlogCFC 5, but with 6 being delayed so long, I gave some love to the 5.X code base tonight. BlogCFC 5.9.003 was released tonight. Nothing major was changed, but I did switch to ColdFish, the code syntax highlighter written by Jason Delmore. This replaces the ancient code I had in there before.

Also released was an update to Galleon. This release fixes an issue related to the past security changes as well as a case sensitivity issue. (Sorry, but you will never convince me case sensitive file systems make sense. Who in the heck wants a file named foo.txt and Foo.txt??)

I also want to point out an interesting article by Ike: Porting Galleon Forums. He is porting Galleon to various frameworks and will be posting about the process.

Two quick updates this morning. I've released a minor update to BlogCFC. This update fixes another date issue (curse the world for daring to treat dates differently!) and adds some more xmlFormatting-love to the RSS output. I have not forgotten about BlogCFC V6 (aka Golden Snitch). With the holidays it has taken a back seat to other concerns, and frankly, I'd rather go slow then badly. I'm hoping to push another update out this month.

Next, ColdFire has been updated with a few minor bug fixes. This was all done by Nathan Mische, so all thanks go to him!

I'm now in the export/import business. Well, kinda. If you use BlogCFC and need a tool to export/import your blog entries, download the attachment below. This was tested with the latest 5.9 build of blogcfc. It outputs to WDDX files in a specified folder. You can then use the import comment to read in those WDDX files to a new BlogCFC instance. This may become an official BlogCFC tool for V6, but for now it is an unsupported utility.

A big thank you to digital primates. They needed the tool and paid me to development, then said they were cool with me giving it to the world.

Via Ed Tabara, it looks like the downloads of BlogCFC crossed 10,000. Wow! Not that it really matters of course. This puts BlogCFC in second place at RIAForge. FLEXible has me beat by close to 500 downloads. (Ok, time to execute the 'massageMyStats' hack!)