The Lift Committers blog about the Lift Web Framework

  • Lift XML Vulnerability

    March 22, 2015

    A Serious Vulnerability

    Security testing at a large Lift-powered site revealed a serious XML-related security vulnerability.

    The core issue is that Lift prior to recently patched versions 2.5.2, 2.6.1, and 3.0-M4 are vulnerable to a XML eXternal Entity attack. The attack allows access to the local filesystem via XML entities:

     <?xml version="1.0" encoding="ISO-8859-1"?>
      <!DOCTYPE foo [
         <!ELEMENT foo ANY >
            <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
    

    The root cause of the problem is that Lift uses Scala's scala.xml.XML library for parsing and the default configuration of that library is insecure.


  • Angular JS, Lift 3, and Streaming Promises

    April 18, 2013

    Simple AngularJS

    Lift has always had the best server-push technology around. Why? It's secure, it deals well with spotty connections, it respects the limited number of HTTP connections between the client and the server, and so much more.

    Angular JS is a very exciting UI package that makes building dynamic single-page applications a snap because there's a 2-way binding between the model and the UI so that changes in the model are correctly reflected in the UI. And the whole binding is declarative so that once you use a model item in the UI, that part of the UI is always updated when the model changes.

    Round Trips


  • First bit of Lift 3.0

    February 12, 2013

    Lift is growing

    Lift is growing and evolving.

    I've just started the Lift 3.0 code branch. Lift 3.0 will be based on Scala 2.10+ and will use features exclusive to 2.10 including macros. Lift 3.0 will also cut away at a lot of cruft that's grown onto Lift over the years, so 3.0 will have a bunch of breaking changes.

    The Future is Futures

    Lift 3.0 will support Futures (specifically LAFutures which are Lift's time-tested, solid Futures) such that you can do stuff like this in a REST call:

    object DelayedRest extends RestHelper {
      serve {
        case "delay" :: Nil Get _ =>
        LAFuture(() => {
          Thread.sleep(2000)
          <b>Hello</b>})
      }
    }
    

  • New Lift Contribution Policy

    November 12, 2012

    Contributions to Lift by non-committers

    From the beginning of the Lift project, Lift has had a very well defined and restrictive Intellectual Property (IP) policy. All code in the various Lift repositories was created exclusively by committers who signed an IP assignment agreement (we adopted the Plone IP assignment.) All Lift code was created exclusively by the committers and the copyright in such code was assigned to an entity that holds the Lift copyrights.


  • Lift on Escalante

    November 1, 2012

    Escalante and OpenShift is a super-simple way to deploy Lift apps

    The RedHat OpenShift folks are making it super-simple to deploy a Lift app.

    The Escalante project provides an amazingly simple way to deploy a Lift app.

    Basically, just write you Lift app with a Maven POM file, git-push the app to OpenShift and in a few minutes, you app is live.

    How to do it

    I built a simple Lift/Escalante app.

    Basically, I followed the instructions and then I added the code for a simple chat app.

    OpenShift and Escalante just work with Lift. Thanks for Galder for creating Escalante and lowering to barriers to entry for Lift.


  • Should I learn Lift?

    October 5, 2012

    Should I learn Lift?

    This was the question I had about 3 years ago. I think I used Scala for about 3 months before I heard about Lift. And because I always liked web development, I figured this was a good way to learn Scala.

    Fast forward to today, I left my job at Oracle/MySQL and joined Elemica, so I could work full time using Lift and become a Lift committer. I'm one of the most active members in the community, by participating on the mailing list, as well as writing about Lift.

    How was the journey?


  • Cookbook updates for July

    July 30, 2012

    Six more recipes added to the Lift Cookbook this month:

    ...bringing the total to 62 recipes.

    The cookbook is a growing resource for Lift developers, presenting programming solutions to a range of specific questions. Follow @LiftCookbook for updates as they happen.


  • Happy 5th Birthday, Lift

    February 25, 2012

    Happy 5th Anniversary Lift

    It was five years ago that I founded the Lift Web Framework project.

    At that time, the Scala community was very small and academically focused. Lift was one of the first external libraries for Scala and Lift is now the venerable, longest-lived external library in the Scala ecosystem.

    The Lift community has grown to over 3,000 people and more than 50 committers. There are multiple books on Lift and hundreds of sites built on Lift.


  • Lift Basics and Broad Shoulders

    February 8, 2012

    The Lift community is amazing.  It's a collection of more than 3,000 people building amazing apps with Lift.

    The Lift committer group is amazing.  It's a collection of more than 50 people who put time and effort into writing the code in Lift and more importantly into creating an excellent, supportive environment in the Lift community.

    Between the community and the committers, the shoulders that support Lift are indeed very broad and very strong.


  • The transition of scala-tools.org

    February 3, 2012

    It's been a little slow in coming (those ship dates always slip), but the Sonatype folks will be taking over the hosting of Scala related artifacts from scala-tools.org.

    Currently, Sonatype is rsyncing the entire scala-tools.org repository so that anything published to scala-tools.org will be mirrored up to Sonatype.

    We have transferred the LDAP information for all the scala-tools.org such that you will be able to publish directly to Sontaype's servers.


  • DPP's Lift Office Hours Monday February 6th

    February 3, 2012

    David Pollak will be available for Lift Office Hours to answer Lift-related questions either in person or on Skype from 11am to 3pm Pacific Standard Time.

    Physical Location:
    541 8th Street
    San Francisco, CA 94121

    Skype: lift-office-hours

    Drop on by, give a call, I'll be glad to help!

    Thanks,

    David

  • Monday Jan 30 11am - 3pm Lift Office Hours with @dpp

    January 24, 2012

    Part of my ongoing commitment to Lift's growth and the success of Lift users and the Lift community, I will be doing "office hours" a couple of Mondays a month.

    Office hours are an open invitation for anybody to drop by my office (541 8th Street in San Francisco) with Lift questions, suggestions, project demos or just to chat.

    The first Lift Office Hours are from 11am PST to 3pm PST on Monday January 30th.

    So, if you're in the Bay Area and want to chat, come on by.  There's plenty of coffee, tea, and other beverages.

    Looking forward to meeting folks!

    Thanks!

    David

  • No, I don't owe you scala-tools.org

    January 21, 2012

    Apparently I'm a jerk for shutting down scala-tools.org.  Apparently, I'm an egomaniac for deciding not to sell the domain for "more than $0" even though nobody has made a legitimate offer for the domain. [Note: James Iry asked the question on Twitter.  It was a perfectly reasonable question that I answered as best I could in 140 characters. I answered him and there were subsequent posts from others that personally attacked me for not doing things the way they think I should.  Posts from others who attacked me for talking about using scala-tools.org to mourn the losses that I see in Scala-land.  This post is *NOT* aimed at James.  I like James.  I respect James.  James represents some of the very best of the Scala community and he was one of the folks who energized me about Scala and gave me hope that Scala could be a "local maximum of research and practical in computer langages."  I am deeply sorry that James read this post as something about him.]


  • Scala-tools.org winding down

    January 17, 2012

    Scala-tools.org has been running for more than 3 years, providing Maven repository hosting to the Scala community.

    Scala-tools.org was initially hosted on a machine that I owned and paid for and was co-administered by me and David Bernard.  In May, 2009, we transitioned the hardware to something more robust as well as having Derek Chen-Becker and Josh Sureth take over the administration tasks.  I still own the machine and pay for the hosting and bandwidth as well as organizing the administrators.


  • Announcing Lift 2.4 Final

    January 12, 2012

    The Lift team proudly announces the availability of the final release of Lift version 2.4.

    Lift is a powerful, secure and most matured web framework available today. There are Seven Things that distinguish Lift from other web frameworks.

    Lift applications are:

    • Secure – Lift apps are resistant to common vulnerabilities including many of the OWASP Top 10
    • Developer centric – Lift apps are fast to build, concise and easy to maintain
    • Scalable – Lift apps are high performance and scale in the real world to handle insane traffic levels
    • Interactive like a desktop app – Lift's Comet and Ajax support are super-easy and very secure

    Read an overview of how Lift achieves these important goals.