Hosting Serendipity

Serendipity

Serendipity is an open source blog application. Serendipity was initially released in 2005.

1 click installation Serendipity

1 click installation

Easy update Serendipity

Easy update

Backup and restoration Serendipity

Backup and restoration

Information

Application
blog
Category
Content Management
Current version
2.3.2
Last update
28 November 2019
Languages
English + 27 others

System Requirements

Installation size
50.00 MB
Database
mysql
Licence
open source
Overview
What's new

2.3.2

(security release)
28 November 2019 - 50MB
  • Fix: [SECURITY] Only allow .txt and .log files for spamblock logging. Thanks to Gary O'Leary-Steele!
  • Fix: [SECURITY] Escape category images to avoid backend XSS (#639). Thanks to @hannob!
  • Fix: Pagination should now really be fixed for the new default "stable archives" sorting order.
  • Fix: Fix autologin when using MySQL (#632). Thanks to @erAck!
  • Fix: Properly display plugin save errors after validation.
  • Fix: The WYSIWYG editor stripped the figcaption element used for image captions.
  • Fix: Rotating an image did not rotate all responsive thumbnails.
  • Fix: Auto-generated mails where mangled by wrong linebreaks on some MTA (#644).
  • Fix: Prevent PHP warnings (#638, #642).
  • Thanks to @hannob!

Read more: https://github.com/s9y/Serendipity/releases

2.3.1

(major version)
20 September 2019 - 50MB2.3.1

Highlights
  • Fix: ML mass delete didn't work.
  • Fix: Pagination (a feature of themes like Timeline and Bulletproof) didn't work with the new default "stable archives" sorting order.
  • Change: Previous/next links and page numbers for archive pages with "stable archives" sorting order have been changed to match the pagination.
  • Fix: Notices for moderated comments ("This comment needs approval before it will be displayed") didn't show (reliably) when more than one spamblock plugin was active (as these plugins mutually overwrote their "moderated" flags).
  • Fix: Some internationalisation fixes and new German translations.
  • New: Show links for each plugin installed from Spartacus to its Spartacus entry.

2.3.0

Security
  • Security fixes for XSS in Editor Preview and Media Library by interpreted EXIF tags (thanks to Hanno Boeck!)

Highlights
  • PHP 7.2 and 7.3 support - minimal PHP version is now PHP 7.0
  • Smarty upgrade to 3.1.33
  • Updates to the media manager and some bug fixes
  • New function to add multiple images to an entry at once, creating a gallery
  • Use figure/figcaption markup for media manager images with captions
  • Ability to create responsive image thumbnails
  • Set responsiveimages as default plugin
  • Add rewrite to absolute url for srcsets to the feed generation
  • Using voku/simple-cache for internal cache as bundled lib, which will allow to cache with memcached and redis instead of just on the filesystem
  • Adding a maintenance mode option
  • Improving the nl2br plugin
  • Allowing to receive multiple trackbacks and pingbacks
  • Changing (installation) defaults: disable entryproperties cache and enable internal cache, enable stable-archive option

Bug Fixes
  • Fallback for $lang variable when configuration failed to load which evades some unuseful error messages
  • Drop deprecated serendipity_purgeEntry function
  • Bootstrap4 adaptations
  • Fixes for plugin drag'n'drop
  • Multiple minor bug fixes to core, bundled plugins and bundled themes.

2.1.6

Bug Fixes
  • Prevent error in upgrader when $sqlfiles is NULL.
  • Fix preview iframe in bulletproof.

2.1.5

Security
  • Fix XSS in Editor Preview by interpreted EXIF tags.
  • Fix XSS in Media Library by interpreted EXIF tags.

Bug Fixes
  • Fix mispositioned button in media db directory list.
  • Change default for comment subscription to full text.
  • Display errors if comment coulnd't be deleted.
  • Make it easier to drag plugins to other column.
  • Add fallback for broken JS in configuration screens.

2.1.4

Security
  • Fix XSS for pagination, when multi-category selection is used. Thanks to Brian Carpenter (geeknik) and Hanno Boeck!* Minor code fixes (proper PHP escaping for 'orderkey' SQL statement

Bug Fixes
  • Sekelton, Timeline and Clean Blog templates: Add theme option to disable google webfonts
  • Link to https s9y.org pages

2.1.3

Security
  • Ensure URL parameter casting for RSS and blog entry limits to prevent possible SQL injection inside the LIMIT statement part
  • Prevent XSS in the "Edit entries" panel
  • Prevent sending comment notifications to more than one email address
  • Disable exit.php-Tracking for open URL redirection, unless the trackexits plugin is specifically configured to do so

2.1.2

Bug Fixes
  • Fixed a regression in Net/DNSBL regarding serendipity_event_spamblock_rbl and serendipity_event_spamblock_surbl by adding Net/DNS2 1.4.3 as a bundled library to core and patching Net/DNSBL.
  • Fixed broken Akismet API calls
  • Fixed comment preview for logged-in users
  • Fixed message display after comment editing/deleting

2.1.1

Bug Fixes
  • Rewrites in some older legacy parts of the core (URL routing, template fallback chain, experimental internal caching) as well as PHP 7 compatibility.
  • New bundled responsive themes "Timeline" and "Clean-Blog"
  • Improved usability of plugin upgrades by combining sidebar and event plugins and upgrading multiple plugins at once
  • Permission checks for the dashboard output and comments
  • Usability improvements to the media library, bulk moving support
  • New API wrapper for URL downloads that plugins can use (serendipity_request_url)
  • New Theme "Skeleton" (responsive, mobile first)
  • Improved preview iframe handling
  • Changes (simplifications) in template file routing for backend/frontend views, new smarty {getFile} function for theme authors
  • Ability to set a default posting category for an author
  • Improved security checks against CSRF attacks (comment moderation, comment toggling
  • Improved security for referrer redirection
  • Improved security for local file hotlinking
  • Fixed sorting media database by filename
  • Addressed some more PHP 7.1 issues, fixed bugs with missing token for installing plugins and deleting comments. We mainly tested PHP 7.0 compatibility, but PHP 7.1 should work too.
  • Fixed displaying the proper plugin configuration value when set to false/empty.

2.1-rc1

Highlights
  • Rewrites in some older legacy parts of the core (URL routing, template fallback chain, experimental internal caching) as well as PHP7 compatibility.
  • New bundled responsive themes "Timeline" and "Clean-Blog"
  • Improved usability of plugin upgrades by combining sidebar and event plugins and upgrading multiple plugins at once
  • Permission checks for the dashboard output and comments
  • Usability improvements to the media library, bulk moving support
  • New API wrapper for URL downloads that plugins can use (serendipity_request_url)
  • New Theme "Skeleton" (responsive, mobile first)
  • Improved preview iframe handling
  • Changes (simplifications) in template file routing for backend/frontend views, new smarty {getFile} function for theme authors
  • Ability to set a default posting category for an author
  • Improved security checks against CSRF attacks (comment moderation, comment toggling
  • Improved security for referrer redirection
  • Improved security for local file hotlinking
  • Fixed sorting media database by filename

Read more: https://github.com/s9y/Serendipity/releases

2.1.4

(major version)
18 December 2018 - 27MB
  • PHP 7.2 support (including a new autologin token system and bcrypt password hashing)
  • Add function to add multiple images to an enty at once, creating a gallery
  • Added a maintenance mode option
  • Upgrade Smarty to 3.1.32
  • Bootstrap4 adaptations
  • Fixes for plugin drag'n'drop
  • Improvements to the p-mode of nl2br plugin
  • Ability to create responsive image thumbnails
  • Improvements to local caching
  • Rework of moving media items (work in progress)

Read more: http://blog.s9y.org/archives/280-Serendipity-2.1.4-and-2.2.1-alpha1-released.html

2.0.5

(security release)
6 December 2016 - 27MB
  • [Security] Improve preventing fetching local files, thanks to Xu Yue.
  • [Security] Prevent XSS in adding category and directory names, thanks to Edric Teo @smarterbitbybit, CVE-2016-9681.

Read more: http://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html

display more versions

2.0.3

(security release)
4 January 2016 - 27MBHappy new Year! Serendipity 2.0.3 has just been released to address a XSS security issue found and reported by Onur Yilmaz and Robert Abela from Netsparker.com. Thanks a lot for contacting us and working with us to address the issue.

The issue only affects logged-in authors, where HTML can be inserted into the comment editing form when they click specially crafted links. Due to the required authentification we consider the issue of medium impact, but suggest everyone to perform the update.
Read more: http://blog.s9y.org/archives/266-Serendipity-2.0.3-released.html

2.0.1

(security release)
13 March 2015 - 27MBThis is the first maintenance release which fixes a couple of minor issues, and one security-related issue where improper escaping of category names can lead to a possible XSS attack. This atnly be performed by authenticated editors, so we consider it medium-impact. If you run a multi-user blog with untrusted authors, you are urged to upgrade to the new release. Many thanks to Edric Teo for reporting this issue to us, which could then be fixed within the same day.

Some other notable bug fixes are:
  • Report errors, if inclusion of JavaScript files may throw PHP errors to help in diagnosing an installation
  • Support for user.css backend CSS additions, without needing to edit the 2k11 backend theme.
  • Some JavaScript fixes for the backend, better theme fallback methods.

Read more: http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html

2.0

(major version)
27 January 2015 - 27MBOur main goal for Serendipity 2.0 was to clean up our backend structure, both in terms of coding and especially in terms of design and usability. We firmly believe to now be at a point where we want to show off our hard endeavours, and feel Serendipity 2.0 can now be properly used.

Highlights
  • New Responsive theme, usable for desktop, tablet and mobile devices.
  • A new frontpage (aka "Dashboard") shows you the most notable things on your blog
  • A redone navigation tries to structure the backend tasks in a better way
  • "Themes" is now the definitive word, where we previously used "Template", "Style" or "Theme". We're committed to stick with this now. ;-)
  • The bundled WYSIWYG editor has been changed to CKEditor.
  • A conservative but thorough rework of the Media Library.
  • Restructured core and removed some older cruft.
  • New Metatron tool which can perform a number of administrative tasks on the command line.

Read more: http://blog.s9y.org/archives/261-Serendipity-2.0-released.html

1.7.8


9 February 2014 - 27MB
  • Fixed a regression caused by the prior 1.7.6/1.7.7 release.

Read more: http://blog.s9y.org/archives/254-Serendipity-1.7.8-released.html

1.7.7

(security release)
6 February 2014 - 27MB
  • Fixed an XSS by using a specially crafted username can happen when viewing the "Manage users" screen
  • Fixed an XSS when creating an entry with specially crafted id/timestamp values
  • Fixed a SQL injection when installing a plugin with a specially crafted name

Read more: http://blog.s9y.org/archives/253-Serendipity-1.7.7-released.html

1.7.5


20 January 2014 - 27MB
  • Fixed textile PHP 5.2 (namespace) compat issue
  • Added default value to spamblocks required_fields option [name,comment]

Read more: http://blog.s9y.org/archives/252-Serendipity-1.7.5-released.html

1.7.4


11 January 2014 - 27MB
  • Updated textile plugin for PHP 5.3+ compatibility
  • Updated spamblock captcha creation for PHP 5.3+
  • Updated Smarty library
  • Improved .htaccess "deny" method for the Spamblock plugin

Read more: http://blog.s9y.org/archives/251-Serendipity-1.7.4-released.html

1.7.3

(security release)
29 August 2013 - 27MBThis release only addresses a bugfix for one functional issue (trackbacks to SSL-servers) and a security issue in the bundled htmlarea spellchecker module (see http://osvdb.org/87395). Thanks to Henri Salo for pointing out this issue.
Read more: http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html

1.7.2


28 July 2013 - 27MB
  • Serendipity will switch to mysqli if PHP >= 5.5 is used (mysql is deprecated in that version)
  • Upgrade Smarty to 3.1.14
  • The outdated browsercompatibility plugin will be uninstalled
  • Properly migrate a "baseURL" option which might be set to an empty value on installations where the configuration has never been saved after the update.
  • The name of a authorgroup was empty when editing a usergroup

Read more: http://blog.s9y.org/archives/249-Serendipity-1.7.1-and-1.7.2-released.html

1.7


23 May 2013 - 27MB

Our Web hostings are compatible with
Serendipity

Web

Only the Web hosting

100% SSD Web Hosting
100 GB and +
Multi-site management
Advanced management of EV and DV SSL certificates
Anti-DDoS protection
10 GB of VOD


Learn more

from 5.75 € / month

Classic

The complete Web+Mail offer

100% SSD Web Hosting
100 GB and +
Multi-site management
Advanced management of EV and DV SSL certificates
Anti-DDoS protection
10 GB of VOD


Professional messaging
25 email addresses with unlimited storage


WorkSpace
Online messaging
Instant messaging
Syncing contacts and calendars


Learn more

from 7.42 € / month

Cloud Server

Managed

100% SSD Web Hosting
100 GB and +
Multi-site management
Advanced management of EV and DV SSL certificates
Anti-DDoS protection
10 GB of VOD


Power
2 CPU and +
6 Gb (RAM) and +
100% SSD
100% dedicated resources


Management
Infomaniak manages your server


Learn more

from 29 € / month

Prices in EUR

Assistance

Useful guides