Ring UI 1.0 Library Released

Learn about new features and improvements of Jet Brains' open source library
28 September 2018   1446

JetBrains told about the release of the Ring UI 1.0 library. Updates have affected the support of Babel 7, the finalization of the visual language, customizable CSS properties, and the library home page has moved.

In addition, in the new version, the developers did:

  • most components moved to CSS;
  • "pop-up messages", "tabs" and "buttons-switches" components;
  • the ability to configure the list of browsers in which the application will work, thanks to the support of Babel 7.

Colors from the Ring UI can be used for the harmonious design of their application. To do this, you need to configure PostCSS as follows:

plugins: [
  ...
  require('postcss-custom-properties')({
    preserve: true,
    variables: require('@jetbrains/ring-ui/extract-css-vars')
  })
]

Changes in the visual language look like this:

Ring UI
Ring UI

At the end of July 2018, the company reported that its products would not support legacy license servers. Changes were made to the development environments of versions 2018.2.1 and .NET 2018.3 tools.

Third Party Apps Could Read Twitter Messaging

According to the company, no one used this vulnerability and the issues is now solved
18 December 2018   691

Until the beginning of December, third-party applications could access Twitter private messages. According to the company, no one took advantage of this vulnerability. Terence Eden, who found it, was paid almost $ 3,000 under the Bug Bounty program.

In 2013, there was a leak of keys to the Twitter API - so applications could access the interface bypassing the social network. To protect users, Twitter implemented an application authorization mechanism through predefined addresses (Callback URL), but it didn’t suit everyone.

Applications that do not support Callback URLs could authenticate using PIN codes. With this authorization, a window pops up that lists which data the user opens to access. The window did not request access to private messages, but in fact the application received it.

On December 6, Twitter reported that it had solved the problem. Judging by the statement of the company on the HackerOne website, no one had time to take advantage of this vulnerability.

This is not the first social network security error related to the API. In September, Twitter discovered a bug in AAAPI (Account Activity API): the system sent a copy of the user's personal message to a random recipient.