codeflood logo

Revolver 2.2.1 Released

Revolver 2.2.1 has just been released and is now available over at codeflood. This is a rather small release to address 2 specific issues. You will find the downloads for the Sitecore package on the Revolver Download Page. The first issue addressed was a security concern in the Javascript of the Revolver client. Thanks goes to Marcin Okon of bwin.party who raised the concern and helped verify the fix, so thanks Marcin. The security concern was around the use of the eval() function to turn the JSON response into a Javascript object that was then used to populate the client UI. However eval() can be used to evaluate and execute any arbitrary Javascript code, so if possible it's best to avoid it in favour of a safer option. Revolver will now use JSON.parse() on newer browsers and the utilities provided by prototype.js if the JSON object is not available (I'm looking in your direction older IE...) The second issue isn't really an issue, it's Sitecore version support. Revolver now supports Sitecore 7.2 and 7.5 (for those lucky enough to have access to 7.5 already). So we've now got from Sitecore version 6.0 up to 7.5 covered.

Comments

Err, JSON.parse has been in every version of IE since IE8 - http://caniuse.com/#search=json
Are you really supporting IE7? Really?

Alistair Deneys

What can I say. I'm a nice guy :)

Leave a comment

All fields are required.