News and Views
Wednesday, May 10, 2006 12:39:54 PM
Adobe has released another updater for Dreamweaver:
I have not had a chance to test the updater yet with any extensions, but if you are one of my customers and have an issue please let me know via the contact form. Apparently some extensions are not working well with the new updater. This was posted in the Dreamweaver forums by Alexandru from Interakt:
If you use InterAKT's extensions a lot, please refrain from upgrading to
Dreamweaver 8.0.2 for a week or so.
We have discovered several incompatibilities and we're working on some
fixes that will be released next week.
We apologize for any inconvenience,
Other users have reported issues with recordsets in ASP. Some users couldn't run the updater because it requires the CDROM. I'm sure more problems will pop up. Keep an eye on the Macromedia forums. I usually advise updating DW, but in this case I would say DO NOT UPDATE, unless you have read all the technotes and think that the update will not affect you adversely.
Adobe has also posted some technotes regarding the updater. The following lists the general fixes in the updater:
Make sure you read these technotes before updating. Some of these potential problems are severe:
- Server-side parameters have incorrect capitalization after active content conversion
- Dreamweaver was unable to convert all of the tags on this page
- Converting Active Content with the Dreamweaver 8.0.2 Update
Also, the following technotes describe the SQL injection fixes in the updater:
The full list of changed files in the Dreamweaver updater (for those of you who care) courtesy of Beyond Compare is at http://www.tom-muck.com/blog/samples/dw8updaterreport.cfm.
The other issue with these updaters is that you have to disable all extensions before running the updater, which takes a lot of time if you have a lot of extensions. Someday MacrAdobe will release an updater that doesn't require all this nonsense. It's the only program I know that makes you jump through hoops to run a simple updater.
Update: At least two of my extensions are incompatible with the DW 8.0.2 updater -- Sort Repeat Region and Dynamic Search -- but not in all server languages. Sort Repeat Region seems to work fine in PHP, but not ASP. I will try to get these updated to work with Adobe's code changes as soon as possible.
Update: Alexandru from Interakt asked me to change his quote from above to the following:
1. Everybody should upgrade to Dreamweaver 8.0.2, and start editing and reapplying their recordsets for adding the security measures. You should do this for all your sites - and re-upload them to your live servers.
2. If you use our extensions, you should stop using them until we release a new version - probably today
I should note that the security problem with the Macromedia code has been around for about 6 years, which they posted a partial fix for about 3-4 years ago that took care of most of the issues. I'm not happy about the way they went about making the change and dropping a bomb on us extension developers. Basically, any advanced server behavior that depends on dynamic SQL (even if we code it properly) will break the Dreamweaver recordset. I will have more information about my own extensions next week.
Before posting comments or trackbacks, please read the posting policy.