Announcing Lift Framework 2.1

107 views
Skip to first unread message

Indrajit Raychaudhuri

unread,
Sep 24, 2010, 1:53:33 PM9/24/10
to lift-announce, Lift, scala-a...@listes.epfl.ch

The Lift team and the Lift community are proud to announce the
availability of Lift Framework 2.1 [1].

Lift is an elegant, expressive web framework that allows any size team
build and maintain secure, highly interactive, scalable web applications
quickly and efficiently. Lift is built on the Scala and compiles to JVM
byte-code. Lift applications deploy as WAR files on popular application
servers and web cotainers including Jetty, Glassfish and Tomcat. Lift
applications can be monitored and managed with the same proven
infrastructure used to manage and monitor any Java web application.
Lift is open source licensed under an Apache 2.0 license.

Lift features include:

* Community: the Lift community is 2,000 members strong, super-active
and always there to help with questions

* Best Comet (server-push) support that allows the creation of dynamic
application such as Novell Pulse

* Super simple Ajax for creating highly interactive web applications
without worrying about HTTP plumbing

* Secure by default: Lift apps are resistant to the OWASP top 10
vulnerabilities including XSS, XSRF, and parameter tampering

* Concise and Maintainable: Lift apps typically contain fewer lines of
code than corresponding Rails apps, yet are type safe so that many
errors are flagged by the compiler

* Scalable: Lift apps scale to millions of users across many servers,
yet are highly efficient for single-box implementations

* Compatible: Lift apps can take advantage of any Java library as well
as the growing collection of Scala libraries

Lift 2.1's new features include:

* Support for both Scala 2.7 and Scala 2.8.
* Improved NoSQL support for MongoDB and CouchDB Squeryl support

Additionally, there are usual bug fixes and regular enhancements.

Lift-powered sites include:

* Foursquare: the multi-million user location based service that will
soon surpass 1M+ checkins a day on their Lift-powered system

* Novell Pulse: enterprise collaboration software platform based on
Google Wave

* Innovation Games: The fun way to do serious business -- seriously

* Xerox/XMPie: the leading provider of software for cross-media,
variable data one-to-one marketing

* Snapsort: Compare and decide on cameras

* No Fouls: Find pickup basketball games

Please join the Lift community and help use grow Lift. And a super-big
thanks to the 30+ Lift committers and all the active community members
who have grown the Lift community and code-base to what it is today --
and what it will be in the future!

One more thing:

We also have the all new website (liftweb.net) using the upcoming Lift
CMS module!


Thank you, have fun and have a great Scala LiftOff!
- The Lift Framework team


References:
1. Website: http://www.liftweb.net
2. Wiki: http://www.assembla.com/wiki/show/liftweb
3. Discussion: http://groups.google.com/group/liftweb
4. LiftOff: http://scalaliftoff.com

Charles Thompson

unread,
Sep 24, 2010, 8:45:17 PM9/24/10
to Lift
The rate at which the Lift team iterates this framework is amazing.
This is a serious selling point for this framework.

On Sep 24, 10:53 am, Indrajit Raychaudhuri <indraj...@gmail.com>
wrote:

Timothy Perrett

unread,
Sep 24, 2010, 8:48:47 PM9/24/10
to lif...@googlegroups.com
Charles, thank you for the kind words. Its great to hear positive feedback from the community :-)

Cheers, Tim

> --
> You received this message because you are subscribed to the Google Groups "Lift" group.
> To post to this group, send email to lif...@googlegroups.com.
> To unsubscribe from this group, send email to liftweb+u...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.
>
>

Joseph Stein

unread,
Sep 24, 2010, 8:53:08 PM9/24/10
to lif...@googlegroups.com
LIFT support / thought of the OWASP Top 10 is awesome !!!
--

/*
Joe Stein
http://www.linkedin.com/in/charmalloc
Twitter: @allthingshadoop
*/

aw

unread,
Sep 26, 2010, 2:56:53 AM9/26/10
to Lift
The new web site is awesome! Good stuff!

Can the API link be updated to point to 2.1 instead of 2.0?

On Sep 24, 10:53 am, Indrajit Raychaudhuri <indraj...@gmail.com>
wrote:

harryh

unread,
Sep 27, 2010, 5:01:34 PM9/27/10
to Lift
Are there scaladocs somewhere for the 2.8 branch of Lift 2.1?

-harryh, who can't seem to find them if they exist

Ross Mellgren

unread,
Sep 27, 2010, 5:08:07 PM9/27/10
to lif...@googlegroups.com
I don't think there are scaladocs posted for 2.8, but the interface should be largely the same.

-Ross


On Sep 27, 2010, at 5:01 PM, harryh wrote:

> Are there scaladocs somewhere for the 2.8 branch of Lift 2.1?
>
> -harryh, who can't seem to find them if they exist
>

harryh

unread,
Sep 27, 2010, 5:32:31 PM9/27/10
to Lift
> I don't think there are scaladocs posted for 2.8, but the interface should be largely the same.

:(

The lack of timely releases of the scaladocs along with Lift releases
is turning into a persistent problem.

-harryh

Ross Mellgren

unread,
Sep 27, 2010, 5:34:05 PM9/27/10
to lif...@googlegroups.com
Well the 2.7 scaladocs were released in a timely fashion. I'm not sure 2.8 docs were ever generated? I'd imagine it's a hudson issue... perhaps Indrajit et el. can comment?

-Ross

Derek Chen-Becker

unread,
Sep 27, 2010, 6:41:07 PM9/27/10
to lif...@googlegroups.com
What part of the API is different between the 2.7 and 2.8 branches? As far as I know, any differences should be strictly internal, not exposed via the API.

Derek

Ross Mellgren

unread,
Sep 27, 2010, 7:25:41 PM9/27/10
to lif...@googlegroups.com
Squeryl is not present in the 2.7 API. I dunno if there are others.

-Ross

David Pollak

unread,
Sep 27, 2010, 11:19:52 PM9/27/10
to lif...@googlegroups.com
On Mon, Sep 27, 2010 at 4:25 PM, Ross Mellgren <dri...@gmail.com> wrote:
Squeryl is not present in the 2.7 API. I dunno if there are others.

Squeryl and Scalate support are exclusive to 2.8

The rest of the APIs should be the same.
 



--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Blog: http://goodstuff.im
Surf the harmonics

Donald McLean

unread,
Sep 28, 2010, 1:40:24 PM9/28/10
to lif...@googlegroups.com
On Fri, Sep 24, 2010 at 1:53 PM, Indrajit Raychaudhuri
<indr...@gmail.com> wrote:
>
> The Lift team and the Lift community are proud to announce the availability
> of Lift Framework 2.1 [1].
>
\> Lift features include:

>
> * Secure by default: Lift apps are resistant to the OWASP top 10
> vulnerabilities including XSS, XSRF, and parameter tampering

Can someone comment on how this is implemented? Any other relevant
points about security?

Thank you,

Donald

(we're evaluating Lift against GWT and Flex)

David Pollak

unread,
Sep 28, 2010, 2:04:35 PM9/28/10
to lif...@googlegroups.com
On Tue, Sep 28, 2010 at 10:40 AM, Donald McLean <dmcl...@gmail.com> wrote:
On Fri, Sep 24, 2010 at 1:53 PM, Indrajit Raychaudhuri
<indr...@gmail.com> wrote:
>
> The Lift team and the Lift community are proud to announce the availability
> of Lift Framework 2.1 [1].
>
\> Lift features include:
>
> * Secure by default: Lift apps are resistant to the OWASP top 10
> vulnerabilities including XSS, XSRF, and parameter tampering

Can someone comment on how this is implemented? Any other relevant
points about security?

Top level:
  • Lift keeps page representations around as valid XHTML until very late in the page rendering phase, thus a developer has to explicitly use a construct like scala.xml.Unparsed to introduce a cross site scripting vulnerability.  So, the developer has to do something explicit that can easily be grepped for in order to introduce an XSS vulnerability.
  • Lift's form handling associated a GUID with a function on the server.  This makes cross site request forgeries and replay attacks nearly impossible because the field names are not predictable.  Plus, the GUID mechanism allows the developer to keep things like primary keys on the server without ever exposing them to the client, so Lift apps leak fewer primary keys and other information than do other apps.
  • Because Lift has a function associated with browser-side actions, Lift will never read more parameters from a form submission than were put into the browser (this is a particularly big issue related to Rails' mass assignment).  Additionally, select boxes will not pass a choice to the function unless the choice was one of the originally listed choices when the select was generated on the server (another common parameter tampering issue.)
There's much more, but Lift's statefulness gives us a lot of flexibility in terms of knowing what was presented to the browser and only acting on those fields.
 

Thank you,

Donald

(we're evaluating Lift against GWT and Flex)

--
You received this message because you are subscribed to the Google Groups "Lift" group.
To post to this group, send email to lif...@googlegroups.com.
To unsubscribe from this group, send email to liftweb+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.

Indrajit Raychaudhuri

unread,
Sep 28, 2010, 1:52:35 PM9/28/10
to lif...@googlegroups.com

Ross Mellgren wrote:
> Well the 2.7 scaladocs were released in a timely fashion. I'm not sure 2.8 docs were ever generated? I'd imagine it's a hudson issue... perhaps Indrajit et el. can comment?

At the moment only the 2.7 scaladocs has been generated.

It's a vscaladoc issue actually. We use vscaladoc for generating the
unified Scaladoc. Vscaladoc isn't yet available for 2.8. So ther is
little bit of a hold up here :)

DavidB is working on a vscaladoc version for 2.8.

- Indrajit

Reply all
Reply to author
Forward
0 new messages