Skip to content

3.11.0 - Preview Release 1

@derek derek released this Jun 19, 2013 · 354 commits to master since this release

We are pleased to announce a new preview release for you to try out. YUI 3.11pr1 is available via Yahoo! CDN, a downloadable archive, or on npm. Our YUI Library staging website has also been updated to reflect the changes in this release. Given that this is a preview release, please take note of the testing advisory below.

Purpose of This Preview Release

For this sprint we have some fundamental changes to Attribute and Base, which could benefit from some validation against real-world implementations. Getting an early PR out and widely adopted gives us a couple of weeks to react to anything which comes out of the PR process due to these low level changes.

Attribute and Base Changes

There are two relatively low level changes to Attribute and Base/BaseCore that help improve performance and stability.

  • Base now adds all ATTRS up the class hierarchy at once, instead of a class at a time (Issue / Pull Request).
  • Base init and Attribute change events now bypass the Event sub-system if there are no potential listeners (Issue / Pull Request).

Here are some performance numbers, to highlight the potential benefits of these changes:

Version Ops/Sec
new Base() with no init listener x 12,914 ops/sec
myBase.set() with no listeners x 82,616 ops/sec
new Base() with no init listener x 40,308 ops/sec
myBase.set() with no listeners x 256,048 ops/sec
new Base() with no init listener x 75,828 ops/sec
myBase.set() with no listeners x 1,217,522 ops/sec

Both of these changes carry with them some element of risk, but they have the potential to provide performance improvements with only a small degree of backwards compatibility issues. One of the primary reasons for this PR is to test these changes, so we encourage you to download this release and test them out.

New Paginator and DataTable Paginator


We are pleased to announce a new component, Paginator. It is released with a few examples and full test coverage. It's built to be lightweight and flexible and can be used on the server or client side. Since there are so many unique styles and use cases to paginators, the paginator view has been stripped out and can be implemented in any fashion you like. Take a look at the examples to get a head start.

DataTable Paginator

Hot on the heels of Paginator is the much anticipated DataTable Paginator. DataTable Paginator mixes directly into DataTable and is ready to go with a few settings defined as it has its own Model, View, and Templates. Everything is decoupled enough however to take in a new Model, View and/or Template and render something completely different.

Other Updates

There are also a number of bug fixes and updates across the board in this release, including a new Paginator module.

DataTable Fixes

There are also a few DataTable bugs that were addressed in this preview release. Look here for the full list of changes. Let Tony (@apipkin) know what you think of the changes in DataTable as well as any plans you have to use Paginator.

ArraySort Changes

Ryan Grove added a new method in ArraySort for performing natural-order comparisons of two strings, two numbers, or a number and a string.

ScrollInfo Changes

Ryan also added an isNodeOnscreen() method in ScrollInfo that returns true if the given node is within the visible bounds of the viewport, false otherwise. He improved the performance of getOffscreenNodes() and getOnscreenNodes(). He also fixed a bug that caused getOffscreenNodes() and getOnscreenNodes() to return incorrect information when used on a scrollable node rather than the body.

Tree Changes

Ryan was on a roll with changes for this release:

  • In Y.Tree the Tree#createNode(), Tree#insertNode(), and Tree#traverseNode() methods now throw or log informative error messages when given a destroyed node instead of failing cryptically (or succeeding when they shouldn't).
  • He added Tree.Node#depth(), which returns the depth of the node, starting at 0 for the root node.
  • Also added was Tree.Sortable#sort(), which sorts the children of every node in a sortable tree.
  • The Tree.Node#isRoot() method now returns false on destroyed nodes instead of causing an exception.
  • The Tree.Sortable#sortNode() and Tree.Sortable.Node#sort() methods now accept a deep option. If set to true, the entire hierarchy will be sorted (children, children's children, etc.).
  • In Tree.Sortable the Sort comparator functions are now executed in their original context. When the sort comparator lives on the tree, its this object will be the tree instance. When it lives on a node, its this object will be the node. When specified as an anonymous function in an options object, its this object will be the global object.

And More!

There were fixes in AsyncQueue, Calendar (thanks Arnaud Didry), Color, DataTable, updates to Handlebars, IO, JSONP, and Promise. Hungarian language support was added to AutoComplete, Console, and Date (thank you Gábor Kovács). You can find a complete list of changes for this release on GitHub as well as the change history rollup. We had a total of 381 commits by 14 authors since YUI 3.10.3.

A Call for Testing

Since many of these changes are either new or may have unforeseen issues, we recommend that you take this preview release and try it out in a staging environment with your own applications. It is very important that we hear about any issues you run into so that we can fix them in a timely manner before the 3.11 GA release. If you do encounter an issue, please file a ticket.

Known Issues

We've already been testing this preview release across our target environments and we've encountered a few issues that you should be aware of in your own testing.

  • Test failure: ArraySort on Safari (4.0) / Linux [ 2.3 ] in naturalCompare() should sort mixed strings and numbers: Values in position 5 are not the same. Expected: 100 (number) Actual: 100 (string)

  • Test failure: DataTable: Paginator on Internet Explorer (8.0) / Windows XP in Paginator test rowsPerPage === null shows all rows: There are not 100 rows in the table Expected: 100 (number) Actual: 0 (number)

  • Test failure: test clicking on the controls: Values should be the same. Expected: C:30 (string) Actual: A:0 (string)

The ArraySort test failure is being tracked in this pull request (#886) and Tony is investigating the DataTable issues in this pull request (#890).

As you try out this preview release, pay particular attention to the Attribute and Base changes, the new Paginator module, and the new methods in Y.Tree. With your help, we can make the upcoming 3.11 GA release the best one yet!


3.10.3 Released

@derek derek released this Jun 6, 2013 · 735 commits to master since this release

Update: There was an issue with the downloadable .zip package that prevented successful extraction that has now been fixed.

We are releasing YUI 3.10.3 today to fix a .swf vulnerability that was inadvertantly reintroduced in YUI 3.10.2. Any project which is self-hosting the YUI 3.10.2 io.swf file should upgrade to YUI 3.10.3 to resolve the vulnerability. Any project which is not self-hosting the YUI 3.10.2 io.swf file is not affected by the vulnerability.

You can find YUI 3.10.3 on CDN, as a download, and on npm.


We released YUI 3.10.1 last month to correct a .swf vulnerability. Unfortunately within the 3.10.2 release cycle, one of the older vulnerable .swf files (io.swf) was inadvertently reintroduced to the source tree and distributed in our latest 3.10.2 release in the npm and downloadable .zip packages.

YUI 3.10.3 replaces the vulnerable .swf with the correct patched file, and no other code changes have been included with this release. Note: This is not a new vulnerability, just a reintroduction of an older .swf file that contained the original vulnerability.

Full details of the original vulnerability are available in the security bulletin.


Delete the File

If you are hosting io.swf but not using it in your application, simply delete the file to resolve the vulnerability.

Replace the Vulnerable Files

If you host and use this functionality, replace io.swf with the patched file provided below.

Version Replacement File Old MD5 Patched MD5
3.10.2 io.swf 1e642bb8a5105dc429f8f3979ac559c4 445cb13e3ca4dabe551a57b2bd072754

Plan To Remove All Flash-Based Features

In the future, we plan to remove all Flash-based features from the yui3 repo and instead host the source code in a separate yui3-swfs repo. This will allow projects continued access to the functionality via a compile-yourself and host-yourself model, while removing these problematic features from the core project. We are requesting community feedback on this topic on the mailing list.


Something went wrong with that request. Please try again.