Yeti 0.2.5 released
While work to make Yeti more compatible with older browsers continues, we’re releasing a smaller Yeti 0.2.5 today that includes bug fixes:
- A security fix, detailed below.
- Fix Bug #76 Run fixture YUI Tests offline; really no longer depend on yui.yahooapis.com at runtime.
- Fix Bug #74
- Avoid crashing Yeti on certain types of bad requests.
You can install the latest Yeti with one command:
npm install -g yeti
Yeti works with a Client and a Hub. The Client is the instance of Yeti that provides tests. Browsers connect to the the Hub, which can be an instance of Yeti running on a different computer.
Yeti 0.2.0 and later makes it possible to have the Hub and Client operate on separate computers. Many Clients can share the same Hub of browsers. In order for the Hub to serve tests that live on another computer, Yeti uses a bi-directional RPC system that allows for the Hub to request files from the Client.
Test files are more than the HTML files that are passed on the command line, since those files often reference JS and images that live near the files. Yeti 0.1.x addressed this by serving any files to the Hub, as long as they are inside the directory where Yeti’s Hub was started.
Yeti 0.2.0 – 0.2.4 did not check to make sure files requested from a Hub were inside the directory where Yeti’s Client was started. This was fixed in a commit this week. A security risk can exist if:
- You connect to a Yeti Hub that is running on another computer, or is running with more privledges than the Client on your computer.
- The Yeti Hub you use was modified to send malicious commands to request files not related to testing.
The risk is minimal, but users of Yeti 0.2.0 – 0.2.4 are advised to upgrade to 0.2.5.
Browser support update
We are hard at work on developing a version of Yeti that works with as many GBS browsers as possible. Since last week, we discovered that the Socket.io project, which Yeti uses to communicate with connected browsers, has stopped triaging bugs affecting certain browsers we wish to support, such as IE 6 and 8. (See: IE6 handshake error, IE 8 disconnect bug.)
No matter what system we use, we intend to get Yeti more stable and reliable on more browsers in releases to come. We’re working on it! Stay tuned.
General documentation: http://yeti.cx/docs/v0.2.5/quick-start/
API documentation: http://yeti.cx/docs/v0.2.5/api/
Detailed API documentation: http://yeti.cx/docs/v0.2.5/api/everything/
CI testing: http://travis-ci.org/yui/yeti
Code coverage: http://yeti.cx/docs/v0.2.5/coverage.html
Report a bug: http://yuilibrary.com/projects/yeti/newticket