ZPE 1.14.3 is another big update, and it's coming at the end of this week.
x509_pem_fingerprint
There is a new predefined function in ZPE, x509_pem_fingerprint, previously available only through the new zpe.lib.security library.
In addition, the direct inclusion of X.509 fingerprinting means that ZPE now supports different types of plugins and libraries. Some libraries are what are called trusted libraries - they are signed by me. Then there are untrusted libraries. ZPE will soon block these on their first load, but they can still be used after approval. These untrusted libraries will also not have the same access in sandbox mode, with restrictions on system files and being limited to the sandbox folder. In addition, certain activities, such as reflection, executing commands, and networking, will be banned. If the sandbox is disabled, they are free to do what they want. Sandbox is now enabled by default in ZPE 1.14 and later.
Stricter lockdown procedures
Lockdown is a feature added in July 2025 that allows ZPE to run in a safe mode, ensuring that certain features cannot be run or loaded. Lockdown is stricter than before in ZPE 1.14.3, as plugins will not load at all during lockdown.
Further module improvements
Modules also received a major update. When modules were first introduced, they worked fine with a main function, unless the code was compiled using the YASS Compiler in ZPE and saved to an executable file. Now that's all changed. During compilation, the main function is identified and referenced, thus ensuring that main functions within a module load correctly.
Plugin and library updates
With all the work I've been doing on plugin and library security over the last few versions, this update further improves how libraries are integrated into ZPE.
Libraries have deep access to ZPE, and they are core to expanding its possibilities even further. However, in recent versions, due to the number of plugins and libraries available to ZPE on the rise, and the inclusion of trust checks within them, plugin loading has become a burden on startup times. As a result, I realised that plugins and libraries should be loaded asynchronously on startup. This, however, causes another issue: if a library is loaded after a program is run in ZPE, it will throw an error. To combat this, I've added an additional form of loading - using the already included import command:
import "zpe.lib.sqlite"
This means you can force the loading of a plugin right there and then, and if it's already been loaded asynchronously, the import statement does nothing. Nice!
Check out the new plugins
Several new plugins are under development. These new plugins, which are currently mostly libraries, are designed to extend ZPE's functionality and were one of the key goals when ZPE was first conceptualised. A couple of the new libraries are:
libMSAccess, libSQLite, libUI, libSerial, libSystemInfo, libMQTT, libMySQL
Plugins can now be added via ZULE (ZPE Uploads, Libraries and Extensions) package manager (which is getting an update in the next version) using the --plugins option:
--zule install --plugins
You can find out more about the libraries and plugins available on my GitHub page, where I share all the source code and the latest trusted builds.
