Plugins – Einträge für August 2007

Like announced earlier on the serendipity blog, fellow usability expert Joachim Harloff is currently trying to improve the listing of Serendipity Plugins so that they are more accessible to users.

He needs your help to fulfill them. Initially he planned to personally meet with serendipity users, but this proved more complex than initially hoped. Thus he has created a smaller, text-based version of it.

You can download the file at http://www.softuse.com/serendipity_sorting.zip. It contains detailed instructions. You can also feel free to personally contact Joachim about any questions you have.

Joachim estimates this questionnaire to take you about 1,5 hours of your time. You could greatly help to improve the serendipity usability, so please participate! Joachim wants to evaluate your responses starting on September the 8th.

Thanks to Erich Schubert, we were made aware of a bug and security issue in the Plugin Extended properties for entries. Since this plugin is delivered with the core release, we have created a new Serendipity release for both the current stable 1.1 version tree, as well as a new 1.2 beta version.

Serendipity Users that are using the mentioned plugin do not need to upgrade the full release, they can just fetch the updated version of the plugin through this direct link. Put that updated file into your plugins/ serendipity_event_entryproperties/ serendipity_event_entryproperties.php file.

The actual bug was, that people were able to deliver custom entryproperties settings to the Serendipity Frontend via a HTTP-Request, which made them able to bypass a possibly used passwort protection. Any other restriction of viewability of entries done via category read-privileges were not affected, though.

Bottom line is: If you are using password protection for entries, this security update is mandatory for you. Also if you were generally using the entryproperties plugin (which is not installed by default in Serendipity), you are urged to update your plugin. Only people not using this plugin need not care about this issue.

You can download the new full releases as always on the Serendipity download page.