Hosting Serendipity

2.3.2
 (Sicherheitsupdate)
28 November 2019 - 50MB
Fix: [SECURITY] Only allow .txt and .log files for spamblock logging. Thanks to Gary O'Leary-Steele!

Fix: [SECURITY] Escape category images to avoid backend XSS (#639). Thanks to @hannob!

Fix: Pagination should now really be fixed for the new default "stable archives" sorting order.

Fix: Fix autologin when using MySQL (#632). Thanks to @erAck!

Fix: Properly display plugin save errors after validation.

Fix: The WYSIWYG editor stripped the figcaption element used for image captions.

Fix: Rotating an image did not rotate all responsive thumbnails.

Fix: Auto-generated mails where mangled by wrong linebreaks on some MTA (#644).

Fix: Prevent PHP warnings (#638, #642).

Thanks to @hannob!

Lesen Sie mehr: https://github.com/s9y/Serendipity/releases






2.3.1
 (Hauptversion)
20 September 2019 - 50MB2.3.1



Highlights

Fix: ML mass delete didn't work.

Fix: Pagination (a feature of themes like Timeline and Bulletproof) didn't work with the new default "stable archives" sorting order.

Change: Previous/next links and page numbers for archive pages with "stable archives" sorting order have been changed to match the pagination.

Fix: Notices for moderated comments ("This comment needs approval before it will be displayed") didn't show (reliably) when more than one spamblock plugin was active (as these plugins mutually overwrote their "moderated" flags).

Fix: Some internationalisation fixes and new German translations.

New: Show links for each plugin installed from Spartacus to its Spartacus entry.



2.3.0



Security

Security fixes for XSS in Editor Preview and Media Library by interpreted EXIF tags (thanks to Hanno Boeck!)



Highlights

PHP 7.2 and 7.3 support - minimal PHP version is now PHP 7.0

Smarty upgrade to 3.1.33

Updates to the media manager and some bug fixes

New function to add multiple images to an entry at once, creating a gallery

Use figure/figcaption markup for media manager images with captions

Ability to create responsive image thumbnails

Set responsiveimages as default plugin

Add rewrite to absolute url for srcsets to the feed generation

Using voku/simple-cache for internal cache as bundled lib, which will allow to cache with memcached and redis instead of just on the filesystem

Adding a maintenance mode option

Improving the nl2br plugin

Allowing to receive multiple trackbacks and pingbacks 

Changing (installation) defaults: disable entryproperties cache and enable internal cache, enable stable-archive option



Bug Fixes

Fallback for $lang variable when configuration failed to load which evades some unuseful error messages

Drop deprecated serendipity_purgeEntry function

Bootstrap4 adaptations

Fixes for plugin drag'n'drop

Multiple minor bug fixes to core, bundled plugins and bundled themes.



2.1.6



Bug Fixes

Prevent error in upgrader when $sqlfiles is NULL.

Fix preview iframe in bulletproof.



2.1.5



Security

Fix XSS in Editor Preview by interpreted EXIF tags.

Fix XSS in Media Library by interpreted EXIF tags.



Bug Fixes

Fix mispositioned button in media db directory list.

Change default for comment subscription to full text.

Display errors if comment coulnd't be deleted.

Make it easier to drag plugins to other column.

Add fallback for broken JS in configuration screens.



2.1.4



Security

Fix XSS for pagination, when multi-category selection is used. Thanks to Brian Carpenter (geeknik) and Hanno Boeck!* Minor code fixes (proper PHP escaping for 'orderkey' SQL statement



Bug Fixes

Sekelton, Timeline and Clean Blog templates: Add theme option to disable google webfonts

Link to https s9y.org pages



2.1.3



Security

Ensure URL parameter casting for RSS and blog entry limits to prevent possible SQL injection inside the LIMIT statement part

Prevent XSS in the "Edit entries" panel

Prevent sending comment notifications to more than one email address

Disable exit.php-Tracking for open URL redirection, unless the trackexits plugin is specifically configured to do so



2.1.2



Bug Fixes

Fixed a regression in Net/DNSBL regarding serendipity_event_spamblock_rbl and serendipity_event_spamblock_surbl by adding Net/DNS2 1.4.3 as a bundled library to core and patching Net/DNSBL.

Fixed broken Akismet API calls

Fixed comment preview for logged-in users

Fixed message display after comment editing/deleting



2.1.1



Bug Fixes

Rewrites in some older legacy parts of the core (URL routing, template fallback chain, experimental internal caching) as well as PHP 7 compatibility.

New bundled responsive themes "Timeline" and "Clean-Blog"

Improved usability of plugin upgrades by combining sidebar and event plugins and upgrading multiple plugins at once

Permission checks for the dashboard output and comments

Usability improvements to the media library, bulk moving support

New API wrapper for URL downloads that plugins can use (serendipity_request_url)

New Theme "Skeleton" (responsive, mobile first)

Improved preview iframe handling

Changes (simplifications) in template file routing for backend/frontend views, new smarty {getFile} function for theme authors

Ability to set a default posting category for an author

Improved security checks against CSRF attacks (comment moderation, comment toggling

Improved security for referrer redirection

Improved security for local file hotlinking

Fixed sorting media database by filename

Addressed some more PHP 7.1 issues, fixed bugs with missing token for installing plugins and deleting comments. We mainly tested PHP 7.0 compatibility, but PHP 7.1 should work too.

Fixed displaying the proper plugin configuration value when set to false/empty.



2.1-rc1



Highlights

Rewrites in some older legacy parts of the core (URL routing, template fallback chain, experimental internal caching) as well as PHP7 compatibility.

New bundled responsive themes "Timeline" and "Clean-Blog"

Improved usability of plugin upgrades by combining sidebar and event plugins and upgrading multiple plugins at once

Permission checks for the dashboard output and comments

Usability improvements to the media library, bulk moving support

New API wrapper for URL downloads that plugins can use (serendipity_request_url)

New Theme "Skeleton" (responsive, mobile first)

Improved preview iframe handling

Changes (simplifications) in template file routing for backend/frontend views, new smarty {getFile} function for theme authors

Ability to set a default posting category for an author

Improved security checks against CSRF attacks (comment moderation, comment toggling

Improved security for referrer redirection

Improved security for local file hotlinking

Fixed sorting media database by filename

Lesen Sie mehr: https://github.com/s9y/Serendipity/releases






2.1.4
 (Hauptversion)
18 Dezember 2018 - 27MB
PHP 7.2 support (including a new autologin token system and bcrypt password hashing)

Add function to add multiple images to an enty at once, creating a gallery

Added a maintenance mode option

Upgrade Smarty to 3.1.32

Bootstrap4 adaptations

Fixes for plugin drag'n'drop

Improvements to the p-mode of nl2br plugin

Ability to create responsive image thumbnails

Improvements to local caching

Rework of moving media items (work in progress)

Lesen Sie mehr: http://blog.s9y.org/archives/280-Serendipity-2.1.4-and-2.2.1-alpha1-released.html






2.0.5
 (Sicherheitsupdate)
6 Dezember 2016 - 27MB
[Security] Improve preventing fetching local files, thanks to Xu Yue.
[Security] Prevent XSS in adding category and directory names, thanks to Edric Teo @smarterbitbybit, CVE-2016-9681.

Lesen Sie mehr: http://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html



Zeige mehr Versionen




2.0.3
 (Sicherheitsupdate)
4 Januar 2016 - 27MBHappy new Year! Serendipity 2.0.3 has just been released to address a XSS security issue found and reported by Onur Yilmaz and Robert Abela from Netsparker.com. Thanks a lot for contacting us and working with us to address the issue.



The issue only affects logged-in authors, where HTML can be inserted into the comment editing form when they click specially crafted links. Due to the required authentification we consider the issue of medium impact, but suggest everyone to perform the update.
Lesen Sie mehr: http://blog.s9y.org/archives/266-Serendipity-2.0.3-released.html






2.0.1
 (Sicherheitsupdate)
13 März 2015 - 27MBThis is the first maintenance release which fixes a couple of minor issues, and one security-related issue where improper escaping of category names can lead to a possible XSS attack. This atnly be performed by authenticated editors, so we consider it medium-impact. If you run a multi-user blog with untrusted authors, you are urged to upgrade to the new release. Many thanks to Edric Teo for reporting this issue to us, which could then be fixed within the same day.



Some other notable bug fixes are:

Report errors, if inclusion of JavaScript files may throw PHP errors to help in diagnosing an installation
Support for user.css backend CSS additions, without needing to edit the 2k11 backend theme.
Some JavaScript fixes for the backend, better theme fallback methods.

Lesen Sie mehr: http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html






2.0
 (Hauptversion)
27 Januar 2015 - 27MBOur main goal for Serendipity 2.0 was to clean up our backend structure, both in terms of coding and especially in terms of design and usability. We firmly believe to now be at a point where we want to show off our hard endeavours, and feel Serendipity 2.0 can now be properly used.



Highlights

New Responsive theme, usable for desktop, tablet and mobile devices.
A new frontpage (aka "Dashboard") shows you the most notable things on your blog
A redone navigation tries to structure the backend tasks in a better way
"Themes" is now the definitive word, where we previously used "Template", "Style" or "Theme". We're committed to stick with this now. ;-)
The bundled WYSIWYG editor has been changed to CKEditor.
A conservative but thorough rework of the Media Library.
Restructured core and removed some older cruft.
New Metatron tool which can perform a number of administrative tasks on the command line.

Lesen Sie mehr: http://blog.s9y.org/archives/261-Serendipity-2.0-released.html






1.7.8

9 Februar 2014 - 27MB
Fixed a regression caused by the prior 1.7.6/1.7.7 release.

Lesen Sie mehr: http://blog.s9y.org/archives/254-Serendipity-1.7.8-released.html






1.7.7
 (Sicherheitsupdate)
6 Februar 2014 - 27MB
Fixed an XSS by using a specially crafted username can happen when viewing the "Manage users" screen
Fixed an XSS when creating an entry with specially crafted id/timestamp values
Fixed a SQL injection when installing a plugin with a specially crafted name

Lesen Sie mehr: http://blog.s9y.org/archives/253-Serendipity-1.7.7-released.html






1.7.5

20 Januar 2014 - 27MB
Fixed textile PHP 5.2 (namespace) compat issue
Added default value to spamblocks required_fields option [name,comment]

Lesen Sie mehr: http://blog.s9y.org/archives/252-Serendipity-1.7.5-released.html






1.7.4

11 Januar 2014 - 27MB
Updated textile plugin for PHP 5.3+ compatibility
Updated spamblock captcha creation for PHP 5.3+
Updated Smarty library
Improved .htaccess "deny" method for the Spamblock plugin

Lesen Sie mehr: http://blog.s9y.org/archives/251-Serendipity-1.7.4-released.html






1.7.3
 (Sicherheitsupdate)
29 August 2013 - 27MBThis release only addresses a bugfix for one functional issue (trackbacks to SSL-servers) and a security issue in the bundled htmlarea spellchecker module (see http://osvdb.org/87395). Thanks to Henri Salo for pointing out this issue.
Lesen Sie mehr: http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html






1.7.2

28 Juli 2013 - 27MB
Serendipity will switch to mysqli if PHP >= 5.5 is used (mysql is deprecated in that version)
Upgrade Smarty to 3.1.14
The outdated browsercompatibility plugin will be uninstalled
Properly migrate a "baseURL" option which might be set to an empty value on installations where the configuration has never been saved after the update.
The name of a authorgroup was empty when editing a usergroup

Lesen Sie mehr: http://blog.s9y.org/archives/249-Serendipity-1.7.1-and-1.7.2-released.html






1.7

23 Mai 2013 - 27MB