Serendipity 1.0.2 and 1.1-beta5 released

Time again for a new release!

Serendipity 1.0.2 mainly features a XSS injection attack on the admin backend which could happen if registered authors can be tricked into following a specially crafted URL. This bug was detected by the ever-restless Stefan Esser, many thanks for notifying us. Users of previous version of Serendipity are urged to upgrade to be secure. Note though that this bug requires your own interaction and thus exploits of this depend on how well you can stay away from clicking links that you do not know what they do exactly. ;-)

Serendipity 1.1-beta5 features the following new changes since 1.1-beta1:

  1. Prevent XSS backend injection attack (see above)
  2. Themes can now support custom amounts and positions of any number of sidebars (top, bottom, left, right etc.) (more)
  3. Usergroups can now configure which plugins/events a group is allowed to execute (more)
  4. Added the options to use HTTP-Authentication for your login, which enables you to use secured RSS-Feeds with login credentials
  5. Some permalinks oddities when using % in URLs and some other minor fixes

Serendipity 1.1 is getting very close to getting finalized (targets mid-December). New major features will be added to a 1.2 version branch, so expect no more major changes here. Please help us by trying out the latest version and report bugs/issues!

Upgrading is easy as ever: Download, unpack, go to your Admin panel, done. Read more here: Serendipity FAQ. The download is available here: Serendipity Download Page

Have fun!

New plugin "QuickNotes"

I've committed a new plugin to Spartacus that allows users to use a very simply Notification System.

Users can create text (HTML formatting configurable) that will appear on the Admin Backend. A small goodie is a feature that notifications are subject to specific usergroups - only the usergroups for which the creator intentionally posted the message will see it.

The plugin also allows to configure whether normal users are allowed to use the messaging system. In the future this could be enhanced for more granular control, but for the time being it should proove a nice tool. The display of the messages can be controlled via a bundled notes.css CSS file.

CSS formatting also allows to format new incoming messages differently. Now try it out and have fun