Serendipity 1.5.4 released

Serendipity 1.5.4 has been released and addresses some minor bugfixes as well as a XSS security issue discovered and reported by High-Tech Bridge. The XSS is only exploitable though, if you are using the "Remember me" feature in the Serendipity backend to login. Thanks to the quick notification by the team we were able to fix the issue within 24 hours, as with all past security issues.

The XSS-issue can easily be patched by only replace the file include/functions_config.inc.php with the new file (link), or by applying this patch.

Other bugfixes that come with the new Serendipity 1.5.4 release are:

  • Fix PHP 5.3.2 parse error in a file, thanks to fyremoon
  • Fix SQL query statement for deleting a category, which on some DB types (SQlite) might not return "true" and thus not really delete the category.
  • Include license output in plugin listing
  • Fix escaping when using ImageMagick to create PDF-thumbnail images
  • Add new template variable to feed*.tpl files to support new plugins like pubsubhubbub, so that plugins can embed data to the main XML element

The latest release can be found on our SourceForge repository and on the usual place on . To upgrade from any previous Serendipity version, simply extract and upload the new files to your server.