Serendipity 1.0.2 and 1.1-beta5 released

Time again for a new release!

Serendipity 1.0.2 mainly features a XSS injection attack on the admin backend which could happen if registered authors can be tricked into following a specially crafted URL. This bug was detected by the ever-restless Stefan Esser, many thanks for notifying us. Users of previous version of Serendipity are urged to upgrade to be secure. Note though that this bug requires your own interaction and thus exploits of this depend on how well you can stay away from clicking links that you do not know what they do exactly. ;-)

Serendipity 1.1-beta5 features the following new changes since 1.1-beta1:

  1. Prevent XSS backend injection attack (see above)
  2. Themes can now support custom amounts and positions of any number of sidebars (top, bottom, left, right etc.) (more)
  3. Usergroups can now configure which plugins/events a group is allowed to execute (more)
  4. Added the options to use HTTP-Authentication for your login, which enables you to use secured RSS-Feeds with login credentials
  5. Some permalinks oddities when using % in URLs and some other minor fixes

Serendipity 1.1 is getting very close to getting finalized (targets mid-December). New major features will be added to a 1.2 version branch, so expect no more major changes here. Please help us by trying out the latest version and report bugs/issues!

Upgrading is easy as ever: Download, unpack, go to your Admin panel, done. Read more here: Serendipity FAQ. The download is available here: Serendipity Download Page

Have fun!

Trackbacks

Trackback specific URI for this entry

  • No Trackbacks

Comments

Display comments as (Linear | Threaded)

David on at :

Hello,

I run 1.1-beta1 and upgrade to 1.1beta5 and I can't connect to admin now...
Any idea ?

David.

David on at :

forget my previous comment... I close Firefox and start it again, and the authentication works.
David.

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed