Credits : Customerthink

One of the most daunting tasks for any business is choosing the right PHP development framework to build a robust web application. PHP frameworks are not recently discovered technologies but Laravel is one of the newest kids on the block. It has exploded in popularity and gained immense momentum in no time at all. As a result, Laravel development services have received huge recognition when compared to its contemporaries.

1. Authorization

As Laravel has facilitated the execution of authentication techniques, it has become an indispensable part for any Laravel development company. It offers an easy way to assemble the authorization logic and manage access to resources. Besides, most of it can be configured extraordinarily.

2. Responsable Interface

Responsable Interface is an advanced feature added in Laravel 5.5 in August 2017. It is a class that can be utilized for the implementation of the interface and returned with the help of controller method. Subsequently, the router will assess the instance of Responsable.

3. Blade Templating Engine

Laravel comes with Blade templating engine that is lightweight, easy-to-use, and robust. This templating engine is better when compared to others because it does not limit the usage of plain PHP in the template’s view part. On the contrary, to make things easy and mitigate overhead, they are created as plain PHP and cached as such until any modifications are made.

4. Insightful Tutorials

If the developers can learn more, they can be a better professional. With Laravel, the developers get access to Laracasts that include free and paid video tutorials explaining the usage of Laravel. Jeffery Way, a proficient instructor shares his insights in these videos. Because of these valuable lessons, it becomes a breeze to use Laravel for website development.

5. Migration of Database

It is of utmost importance to maintain a sync of the database between development machines. Laravel database migrations makes it absolutely convenient to align the database. It is quite likely that you have made several alterations to the database and hassle-migration makes Laravel one of the most preferred PHP framework for website development.

6. Security

Cyber crimes are increasing at an alarming rate, owing to which it becomes incumbent upon web developers to ensure the security of the application. Laravel employs salted and hashed passwords. This implies that the passwords will never be saved as plain text in the database. Bcrypt hashing algorithm generates an encrypted depiction of the password and mitigates the security concerns. Injection attacks become almost impossible as it uses prepared SQL statements. Moreover, it prevents the injection of tag by applying a simple method.

Take a look at the main security features offered by Laravel:

1. Configuration
2. Storage of passwords
3. Authentication of users
4. Manually logging in users
5. Securing routes
6. HTTP basic authentication
7. Password reminders and reset
8. Encryption
9. Authentication drivers

7. Model-View-Controller (MVC) Support

Laravel supports Model-View-Controller (MVC) architecture that maintains clarity between logic and presentation. It enables optimum performance and proper documentation. The multiple functionalities that it comes with serves like an icing on the cake. Take a look how MVC is implemented for Laravel.



8. Artisan

Typically, a developer is supposed to interact with the Laravel framework with the help of a command line. It facilitates the creation and management of Laravel project environment. For this command-line, Laravel has an in-built tool known as Artisan. With the help of this tool, you can carry out all the repetitive and tedious tasks of programming with ease, without the need of any manual efforts.

9. Object-oriented Libraries

Object-oriented libraries and several pre-installed libraries make Laravel the leading PHP framework. An important pre-installed library is the Authentication library. Despite the fact that it is an absolute cakewalk to incorporate it, there are numerous advanced features in Laravel, namely Bcrypt hashing, password reset, checking active users, CSRF (Cross-site Request Forgery) protection, encryption, and checking active users to name a few.

10. Automatic Package Discovery

In the previous versions of Laravel, installing packages was not very user friendly. Laravel 5.5 introduced a new feature known as Automatic Package discovery that automatically identifies the packages which the users might want to install. This proved to be a respite for the developers as they do not have to setup any aliases or providers for installing the latest packages in Laravel. Apart from that, this version also lets the developers disable this feature in case of specific packages.

11. Better Performance

Laravel offers remarkable features like multilingual support that expands the website reach, and enhanced security for an application. Doing so helps the companies to make the most of its potential. In addition, Laravel has native support for Memcached and Radis caching systems. The cache driver gives you the functionality to store diverse cached objects and build applications quickly. The scalability of this framework ensures efficient traffic management on the web servers with a unique message queue system when any project development starts.

12. Customization Facility

If you are looking for a framework that enables customization, Laravel is the safest bet for you. It is not only competent solution but also comes with interactivity. This feature is useful for established businesses as well as startups that are yet to build their digital presence.

Over to you…

Laravel can really be a useful PHP framework for your next project owing to its growing popularity and useful features that improvethe process of development. If you are looking to harness Laravel’s capabilities to build a cost-effective app, you can think of hiring a Laravel developer who is familiar with all its features and capabilities.

By getting in touch with an experienced Laravel development company, you can build a scalable and intuitive solution that meets your dynamic business growth needs. So, what are you waiting for? Connect with our Laravel experts now.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Techcrunch

Google today announced that the Kotlin programming language is now its preferred language for Android app developers.

“Android development will become increasingly Kotlin-first,” Google writes in today’s announcement. “Many new Jetpack APIs and features will be offered first in Kotlin. If you’re starting a new project, you should write it in Kotlin; code written in Kotlin often mean much less code for you–less code to type, test, and maintain.”

It was only two years ago, at I/O 2017, that Google announced support for Kotlin in its Android Studio IDE. That came as a bit of a surprise, given that Java had long been the preferred language for Android app development, but few announcements at that year’s I/O got more applause. Over the course of the last two years, Kotlin’s popularity has only increased. More than 50% of professional Android developers now use the language to develop their apps, Google says, and in the latest Stack Overflow developer survey, it ranks as the fourth-most loved programming language.

With that, it makes sense for Google to increase its Kotlin support. “We’re announcing that the next big step that we’re taking is that we’re going Kotlin-first,” Chet Haase, chief advocate for Android, said.

“We understand that not everybody is on Kotlin right now, but we believe that you should get there,” Haase said. “There may be valid reasons for you to still be using the C++ and Java programming languages and that’s totally fine. These are not going away.”

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Zdnet

The WordPress content management system (CMS) is set to receive an assortment of new security features today that will finally add the protection level that many of its users have desired for years.

These features are expected to land with the official release of WordPress 5.2, expected for later today.

Included are support for cryptographically-signed updates, support for a modern cryptography library, a Site Health section in the admin panel backend, and a feature that will act as a White-Screen-of-Death (WSOD) protection –letting site admins access their backend in the case of catastrophic PHP errors.

With WordPress being installed on around 33.8 percent of all internet sites, these features are set to put some fears at ease in regards to some attack vectors.


Probably the biggest and the most important of today’s new security features is WordPress’ offline digital signatures system.

Starting with WordPress 5.2, the WordPress team will digitally sign its update packages with the Ed25519 public-key signature system so that a local installation will be able to verify the update package’s authenticity before applying it to a local site.

Adding support for cryptographically-signed updates is an important step in preventing threat actors from carrying out a supply-chain attack on all WordPress sites, something that security firms have warned for more than two years now.

“Before WordPress 5.2, if you wanted to infect every WordPress site on the Internet, you just had to hack [the WordPress] update server,” said Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprises, and one of the developers involved in securing the WordPress update system.

“After WordPress 5.2, you would need to pull off the same attack and somehow pilfer the signing key from the WordPress core development team.”


But Arciszewski’s work on the WordPress CMS did not end here. He also contributed to WordPress replacing an aging cryptographic library with one that’s fit for modern times.

Starting with WordPress 5.2, the CMS will support the Libsodium library for all cryptographic operations, instead of the now-deprecated and removed mcrypt.

Libsodium is now part of the WordPress CMS source code, along with Arciszewski’s sodium_compat library that works as a polyfill for older PHP servers that don’t support Libsodium.

WordPress now joins the ranks of modern web-dev tools that natively support Libsodium, such as PHP 7.2+, Magento 2.3+, and Joomla 3.8+.

Furthermore, with Libsodium’s addition to the WordPress CMS core, this also means plugin and theme developers can start supporting it as well.

Arciszewski published today a blog post with basic advice for WordPress plugin and theme developers on how to replace old mcrypt cryptographic functions with libsodium ones.


But the first WordPress 5.2 security features that users will spot in today’s release are not the changes to the CMS’ code, but the new “Site Health” section in the admin panel’s Tools menu.

This section includes two new pages –namely Site Health Status and Site Health Info.

The Site Health Status page works by running a set of basic security checks and delivering a report with the findings, along with recommendations to fix any discovered issues.

This section comes with a series of bundled tests, but site owners and developers of security plugins can also write their own to expand security checks to more areas of a WordPress site.

WordPress Site Health Status
Image: Marius L. J.

The second section, named Site Health Info, is what its name implies. It provides a plethora of information about the website and server setup and is meant for debugging purposes or when needing to share server details with an IT professional for support services.

Info is provided about the WordPress install, the underlying server, plugins, themes, and file storage usage.

WordPress Site Health Info
Image: Marius L. J.


Another new security feature included with WordPress 5.2 is the Servehappy project, which was initially scheduled to be released with WordPress 5.1 but was split in two, with one part of the project shipping with WordPress 5.1 and the other half being shipped today, with WordPress 5.2.

WordPress 5.1 included the ability to show warnings when WordPress servers were running on servers with outdated PHP versions.

WordPress 5.2, released today, will include a feature called ‘White Screen Of Death’ (WSOD) protection, also known as “Fatal error protection,” and works as a “Safe Mode” for WordPress sites.

WSOD protection works by temporarily disabling themes and plugins when a PHP fatal error is encountered, so that site admins can regain access to their sites’ backends and fix the error.

The feature was initially scheduled for WordPress 5.1 but was delayed to v5.2 after security researchers raised several scenarios in which hackers could have abused the WSOD protection system to turn off WordPress security plugins and launch attacks on WordPress sites.


But work on improving WordPress security will not stop with the release of the 5.2 version. Other projects include project Gossamer, scheduled for WordPress 5.4.

Project Gossamer aims to port the same code-signing system used for the main WordPress updates into a framework that developers can use to code-sign updates for WordPress themes and plugins as well.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Theserverside

Software is everywhere, but the process to create a new software product can be complicated and challenging. That’s why software development best practices are important and can help reduce costs and speed up processes.

Without goals, a software project doesn’t have direction. Projects should start with a clear definition of the planned software’s goals, a discussion of those goals with stakeholders and an evaluation of expectations and risks. Simultaneously, you should be ready for various challenges that can come up, and implement strategies to keep the development process on course.

Best practices aren’t always a revelation of thought. Sometimes they are obvious. But as obvious as they might be, they are often overlooked, and developers need to be reminded of them. These software development best practices are obligatory for all software development projects.

Top five software development best practices

  1. Simplicity

Any software should be created in the most efficient way without unnecessary complexity. Simpler answers are usually more correct, and this thought perfectly meets the needs of the development process. Simplicity coincides with minor coding principles such as Don’t Repeat Yourself (DRY) or You Aren’t Gonna Need It (YAGNI).

  1. Coherence

Teamwork is vital for big projects and it’s impossible without a high level of consistency. Code coherence stands for the creation and adherence to a common writing style for all employees who develop software. This will allow managers or other coders to tell who the author of a given fragment is. Yes, when the whole code has the same style, it’s coherent.

Consistency helps a lot because colleagues will be able to test, edit or continue the work of each other. Vice versa, inharmonious projects can confuse your team and slow down the development process. Here are some tools that will help you enforce a single style:

  • Editorconfig: A system for the unification of code written with different IDEs,
  • ESLint: A highly customizable linter based on node.js,
  • JSCS: A linter and formatting tool for JavaScript,
  • HTML Tidy: Another linter for HTML which also finds errors and;
  • Stylelint: A linter for CSS with various plugins.
  1. Testing

Testing is essential for any product and on any stage. From the very first test run to the final evaluations, you should always test the product.

Thanks to modern approaches and the rise of machine learning, engineers have access to powerful tools such as automated algorithms to run millions of tests each second. Strategic thinking helps when you have to choose a testing type: functional, performance, integration or unit. If you choose the tools and testing types carefully, you can find a host of bugs and others issues that can ideally be fleshed out before you deploy your product. But remember not to only focus on test-driven development, remember about users and their needs.

  1. Maintenance

Unlike physical entities, the software has the potential to be immortal. Nevertheless, this would only be possible with good maintenance including regular updates, more tests and analysis. You’ve probably seen a warning before about an application that isn’t compatible you’re your device. Elaborate maintenance can get rid of these alerts and keep apps compatible with any hardware.

This principle is a bit controversial as not all teams or developers want to waste time on product compatibility with everything. However, you should focus on maintaining fresh code to allow your software to work on new devices. Thus, your product will meet the needs of more customers and help old applications to remain useful.

  1. Analysis

Apart from the pre-launch evaluation conducted by QA engineers and dedicated software developers, let me suggest you focus on performance analysis post-launch. Even the most elaborate code that results in a seemingly perfect match with your client isn’t guaranteed to work properly. There are a number of factors that can affect these results. Ideally, you’d like to have an analytics department to evaluate your numbers, but outsourced specialists always will work.

Methodologies and best practices

Apart from the aforementioned approaches, there are some other software development best practices to consider. Minor principles such as these can help play a role in a successful deployment:

  • Agile: This approach can help optimize your work. It is based on several development iterations that involve constant testing and result evaluation,
  • Repositories: Platforms such as Git are helpful to track versions, move back to previous iterations, work synchronization, and merging,
  • Accuracy over speed: Focus on correct code instead of fast code. Later it will be easier to speed up processes than rewrite everything and;
  • Experience sharing: Consider exchanging ideas and results with other developers to get external reviews if your project isn’t confidential.

Finally, let me propose a bit paradoxical statement: you don’t have to blindly follow best practices all the time. Time-proven ideas work fine for traditional processes when developers want to create common software without unique features.

But game-changing apps or innovative projects require fresh thinking. Surely, these software development best practices are fairly obvious and cover the most basic practices, but it’s better to find or build a software development team with a perfect balance between best market approaches and new ideas.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Androidauthority

While HTML lays the groundwork for your website or app, PHP takes it to the next level. Despite how powerful of a coding language it is, many web developers don’t know its full potential.

That’s where the Ultimate PHP Training Bundle comes in. This beginner-to-advanced course features 90 different lectures and over 12 hours of content covering all things PHP.

Build seamless, interactive sites.

Even if you’re just starting out, this course will have you building seamless, interactive sites before you know it. You’ll start with the syntax, development environment, and basic commands. Then, you’ll move on to more advanced topics like database storage, web interfacing, debugging, basic SQL language commands and application logging.

When you think you’ve got a grasp on it, there are quizzes to help you test your PHP knowledge.

Dynamic websites begin with PHP. Get this $97 Ultimate PHP Training Bundle for just $19 (80 percent off) today and start building.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Hub.packtpub

Joe Watkins, a PHP developer, shared that PHP 8 will support the Just-in-Time (JIT) compilation. This decision was the result of voting among the PHP core developers for supporting JIT in PHP 8 and also in PHP 7.4 as an experimental feature.

If you don’t know what JIT is, it is a compiling strategy in which a program is compiled on the fly into a form that’s usually faster, typically the host CPU’s native instruction set. To do this the JIT compiler has access to dynamic runtime information whereas a standard compiler doesn’t.

How PHP programs are compiled?

PHP comes with a virtual machine named the Zend VM. The human-readable scripts are compiled into instructions, which are called opcodes that are understandable to the virtual machine. Opcodes are low-level, and hence faster to translate to machine code as compared to the original PHP code. This stage of execution is called compile time. These opcodes are then executed by the Zend VM in the runtime stage.

JIT is being implemented as an almost independent part of OPcache, an extension to cache the opcodes so that compilation happens only when it is required. In PHP, JIT will treat the instructions generated for the Zend VM as the intermediate representation. It will then generate an architecture dependent machine code so that the host of your code is no longer the Zend VM, but the CPU directly.

Why JIT is introduced in PHP?

PHP hits the brick wall

Many improvements have been done to PHP since its 7.0 version including optimizations for HashTable, specializations in the Zend VM for certain opcodes, specializations in the compiler for certain sequences, and many more. After so many improvements, now PHP has reached the extent of its ability to be improved any further.

PHP for non-Web scenarios

Adding support for JIT in PHP will allow its use in scenarios for which it is not even considered today, i.e., in other non-web, CPU-intensive scenarios, where the performance benefits will be very substantial.

Faster innovation and more secure implementations

With JIT support, the team will be able to develop built-in functions in PHP instead of C without any huge performance penalty. This will make PHP less susceptible to memory management, overflows, and other similar issues associated with C-based development.

We can expect the release of PHP 7.4 later this year, which will debut JIT in PHP.  Though there is no official announcement about the release schedule of PHP 8, many are speculating its release in late 2021.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : mysanantonio

To create a killer business, you need a killer business plan. A compelling business plan not only piques the interest of investors, but it’s also a must-have tool for understanding the nuts and bolts of how your company will get from point A to point B. Your plan will give you a bird’s eye view of how your business may perform in the marketplace, how many team members you’ll need, your must-have supplies and how much you’ll need to spend on fundraising and advertising.

You might be able to craft a persuasive business plan using Microsoft Word or Google Docs, but it’ll be harder to grab your reader’s attention without an eye-catching format. If you don’t know Photoshop from PowerPoint and you can’t afford to hire a graphic designer, Bizplan Premium can help you construct a gorgeous plan through its user-friendly interface.

Bizplan Premium is a step-by-step business builder that puts all of your thoughts in a cohesive, collaboration-friendly format. The drag-and-drop templates help you pull off professional-level graphic design in minutes. Bizplan uses self-paced progress tracking, which breaks down major projects into bite-sized pieces and lets you skip around from financial forecasts to market predictions without losing your place.

If your important financial data lives in other programs, like Xero or QuickBooks, Bizplan Premium can import it in minutes. This will help you perform team salary forecasts and break down revenue vs. expenses with ease. There are also plenty of easy-to-use financial templates, so your data will have a professional edge when you present it to interested investors.

Some of Bizplan’s most helpful features are its collaboration options. You can share your plan online and collaborate with your whole team. If someone needs to jump in with feedback, they can start a group of threaded comments in any section across your entire plan — it’s great for promoting conversation across multiple departments. You can also share it with investors and stakeholders, who can leave their comments on your plan in real time.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

credits : Nanowerk

(Nanowerk News) New software lets users design science-fiction-like materials with the same efficiency that architects draft building plans.
Sandia National Laboratories has created the first inverse-design software for optical metamaterials — meaning users start by describing the result they want, and the software fills in the steps to get there. The modern design approach takes guesswork out of engineering as-yet theoretical technologies like ultracompact, high-performance cameras and cloaking armor that could make wearers invisible to detection.
Sandia uses the design aid, called Mirage, in its research and development programs and released a test version to select collaborators last year. Now, researchers working on government metamaterial projects can request a license at no cost.
Man-made, optical metamaterials have been touted for more than a decade for their ability to manipulate light in extraordinary ways. In theory, satellite imaging and interstellar telescopes could be dramatically smaller with metamaterial lenses one hundred times thinner than conventional ones. Or, the technology could someday lead to cloaking materials that deflect light around them, rendering objects impossible to see.
Mirage simplifies and automates the design process for materials that would be necessary for those technologies.
Mirage takes guesswork out of design
The field of optical metamaterials has so far struggled to deliver on all its perceived promise of revolutionizing optics. One difficulty for engineers has been that metamaterials are made of tiny building blocks, called meta-atoms, which can be designed in countless variations. A certain shape, collectively, might bend light. Change that shape, the size, the spacing or the material and that might amplify the effect or diminish it or cause something entirely different to happen, like twist the light one direction or another or change its intensity or color.
“Predicting what the bulk ‘homogenized’ properties will be has been very hard to determine until now,” said Mike Fiddy, a program manager in the Defense Advanced Research Projects Agency, or DARPA, which funded the software’s development.
Other software can simulate what meta-atoms will do to light, but that only allows researchers to use intuition to experiment with different designs until they stumble upon or tediously work out the behavior they want.
Despite the challenge, some researchers have had success creating imaginative metamaterial devices. Sandia invented a device that converts heat to electricity, potentially for more fuel-efficient engines, and a light-mixing technology that could lead to a new, changeable, multicolored light source, which could accelerate all kinds of research from archeology to biomedicine.
But on the whole, said Sandia scientist Ihab El-Kady, the metamaterial enterprise has needed a boost.
“We cannot possibly solve this problem by trial and error,” said El-Kady, who conceived Mirage. “Instead, we could do the opposite. We could say: ‘Here is the behavior I want. Now tell me what the metamaterial looks like.’”
No tool used this inverse-design approach. So, El-Kady and his team at Sandia’s National Security Photonics Center built one.
User-friendly instructions to exploit 100-plus templates
Mirage lets users start by telling it the optical property they want — how their metamaterial needs to interact with light — and their starting materials. Mirage generates designs that match those criteria from a library of more than 100 templates. Or, users can draw their own designs, and the program will check them for errors.
“A more systematic approach for designing metamaterials should greatly accelerate their adoption in various application areas,” eliminating more commonly used, intuition-based approaches, Fiddy said.
DARPA featured Mirage as a premier technology at the agency’s 60th Anniversary Symposium in Fort Washington, Maryland, showcasing its far-reaching uses.
“Mirage is an all-in-one tool,” El-Kady said. “Not only does it tell you what the metamaterial looks like, it allows you to explore various configurations, simulate the system, validate the chosen behavior, visualize its response and optimize its functionality within your fabrication constraints.”
Software refines powerful ideas
On top of that, said Sandia senior scientist Igal Brener, who uses the software in his metamaterial research, Mirage is useful because it includes algorithms that help researchers get the best performance from their inventions.
Brener’s team previously created a material that can mix two lasers to produce 11 colors at once, including infrared and ultraviolet light. Potentially, this technology could be developed into tunable lasers that replace single-color ones.
But some of those colors are too dim to be useful, so he’s exploring ways to brighten the output. Other software packages Brener has used include simple optimization algorithms. However, to use more advanced algorithms he must supplement those packages with his own coding. Not so with Mirage.
“Optimization techniques come in many different flavors,” he said. “Mirage is the only software package I know of that has the complex optimization techniques I need built in.”
If the initial launch is successful, Sandia plans to develop a second version of Mirage, tentatively called Mirage Elite, that would introduce a surge forward in optimization by automatically morphing meta-atoms into bizarre and outlandish shapes in the hunt for undiscovered behaviors.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Searchsecurity.techtarget


A zero-day in jQuery File Upload could affect thousands of projects because the jQuery plugin vulnerability has existed for eight years and actively exploited for at least three years.

A zero-day flaw in the popular jQuery File Upload plugin that could affect thousands of projects has been actively exploited for at least three years.

After Cashdollar reported the jQuery plugin vulnerability to its creator, Sebastian Tschan, the German developer who goes by the nym “Blueimp,” the two worked together and discovered the issue was caused by a change in the Apache HTTPD server. The change was made in Apacheversion 2.3.9 — made five days before release of the first version of jQuery File Upload in 2010 — and it disabled support for .htaccess web server configuration in order to prevent security features from being overridden. Unfortunately, Tschan’s plugin relied on .htaccess to implement security controls.

However, Cashdollar said in his report that “Apache had good reasons to disable .htaccess, but their changes left some developers and their projects open to attack, especially if they relied on .htaccess as a security function.”

“The internet relies on many security controls every day in order to keep our systems, data, and transactions safe and secure,” Cashdollar wrote. “If one of these controls suddenly doesn’t exist it may put security at risk unknowingly to the users and software developers relying on them.”

The issue was in the source code of the jQuery File Upload plugin, originally developed by Tschan, so the vulnerability could affect many other projects.

According to GitHub, jQuery File Upload is the most starred — meaning users mark it in order to signal interest and support — jQuery plugin and also the most forked. Cashdollar said the plugin has been forked more than 7,800 times and could have been built in to thousands of other projects, making it difficult to determine how widespread the jQuery plugin vulnerability could be.

“Unfortunately, there is no way to accurately determine how many of the projects forked from jQuery File Upload are being properly maintained and applying changes as they happen in the master project,” Cashdollar wrote. “Also, there is no way to determine where the forked projects are being used in production environments if they’re being used in such a way. Moreover, older versions of the project were also vulnerable to the file upload issue, going back to 2010.”

Although Cashdollar has credit for discovering the jQuery plugin vulnerability (CVE-2018-9206), it seems to have been an open secret as YouTube videos going back to 2015 show how to exploit the flaw.

“I suspected this vulnerability hadn’t gone unnoticed and a quick Google search confirmed that other projects that used this code or possibly code derived from it were vulnerable,” Cashdollar wrote. “There are a few Youtube (sic) videos demonstrating the attack for similar software packages.”

Tschan patched the plugin in version 9.22.1, but because of the number of forks and other products using the plugin, it’s unclear how many other vulnerable programs still exist.


This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.


Credits : Sdtimes


2018 was a big year for Java because of the changes to the language’s release schedule and the transfer of Java EE to the Eclipse Foundation. Last year, Oracle announced that it would be releasing major versions of Java twice per year, and Java 10 was the first release in that new schedule.

Java 10 was released in March and included features such as extending type inferences to local variable declarations, GC parallelization, optimized startup time, and the ability to use Graal as an experimental JIT compiler on Linux/x64.

Java 11 was released in September and was a Long Term Support (LTS) release, which means that it will be supported by Oracle via security and bug-fixing updates until at least 2026.

Sometime between the release of Java 10 and Java 11, the JVM Ecosystem Survey Report revealed that Java 8 was still the most widely used version of Java. The report found that 79 percent of developers use Java 8, four percent use Java 9, and four percent use Java 10.

In February, Java EE was renamed to Jakarta EE after being moved to the Eclipse Foundation from Oracle. The name is a reference to the Jakarta Project, which was an early Apache open-source project. A new specification process called the Eclipse Foundation Specification Process was also created. Other renamed Java projects include Glassfish, which is now Eclipse Glassfish, and Oracle development management, which is now Eclipse Enterprise for Java Project Management Committee.

The Eclipse Foundation also added 16 new members to support the growth of the Jakarta EE and IoT communities.

In March, Oracle split off JavaFX into its own module. It was previously part of the JDK, and will continue to be supported as part of JDK 8 until at least 2022, but starting with Java 11 it was available as its own module. Oracle revealed that it would work with third parties to make it easier to maintain JavaFX as an open-source module.

Other cuts made by Oracle include removing support for Applets in 2019 and removing Java Web Start starting with Java 11. According to the company, Java Web Start will be supported in Java 8 until 2025, and products with Web Start dependencies will be supported on a to-be-determined timeline.

In June, the Eclipse Foundation released the latest version of the Eclipse IDE. Eclipse Photon expanded on polyglot capabilities. New features include C# editing and debugging capabilities, support for Java 10 and Java EE 8, dark theme improvements, and support for building, debugging, running, and packaging Rust apps.

The next month, Google released Jib, which is a method that Java developers can use to containerize applications. The reasoning behind creating Jib was that Java developers are often not container experts, making it difficult to containerize their apps.

Amazon also released a no-cost distribution of OpenJDK in an effort to make sure that Java is available for free to its users in the long term. Amazon Corretto is available with long-term support, and Amazon will continue making performance enhancements and security fixes.


This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.