List,
You can find a well formatted version of this email in our blog:
http://w3af.org/the-1-6-release
After all the wait, expectations, and hard work I present you the
1.6 release:
* Improved performance: your scans will run faster
* Improved quality: 1300+ unittests are run after each change to
make sure we don't add any regressions
* Now you'll be able to easily integrate w3af into other projects
with a simple "import w3af"
* Better documentation
New users should follow the usual installation procedure:
git clone https://github.com/andresriancho/w3af.git
cd w3af
./w3af_gui
If you already have a w3af installation the migration should be
fairly easy, just:
cd w3af
git pull
git checkout master
./w3af_console
The requirements for the latest version have changed, follow the
steps to install the latest required packages and then run
./w3af_console again.
Scripts and profiles don't have back-compatibility, in other
words: The scripts and profiles you were using for versions prior to
the 1.6 release will not work with this release version. This is
mostly because plugin names and configuration parameters have changed
drastically.
One of the symptoms will be shown when starting the w3af_gui where
you'll get many errors regarding missing plugins and configuration
settings.
If you don't have any important w3af profiles, I simply recommend
you remove all the old data using: rm -rf ~/.w3af/profiles/ The next
time w3af is run, all new profiles will be copied to that directory
and the broken profile warning should disappear. For the users that
have complex profiles, the only possible action at this point is to
manually migrate them the recommended steps are:
* Use your favorite text editor to read the profile file at
~/.w3af/profiles/profile-name.pw3af
* Open the latest version of ./w3af_gui
* Create a new profile
* Read the profile information from the text editor and manually
re-configure in w3af_gui
* Save your new profile
Report any tracebacks, false positives and false negatives. I've
blocked all this week to improve any issues that might be found right
after the release. Hopefully no bugs are reported (yeah, right!) and
I'll be able to rest all week!
Finally a very important message, the w3af project is looking for
contributors, and we're not picky: anyone who's interested in learning
together with us about Python development, application security and
designing algorithms to detect vulnerabilities is welcome. Just send a
"Hello world" email to our developers mailing list and we'll get you
started.
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
