Serendipity 1.5-beta1 released

Monday, August 24. 2009
Posted by Garvin Hicking in Announcements, Development

Comments (9)
Trackbacks (0)

Serendipity 1.5-beta1 is the first public beta release of the upcoming Serendipity 1.5 version. Some important things have changed under the hood, that we would like to ask our users to try out and report back to us.

This version mainly addresses login security by changing our method how passwords are stored to use salted SHA1 chacksums instead of plain MD5 checksums. This makes password retrieval (rainbow attacks) through the database virtually impossible. Another thing is improved PHP 5.3 compatibility. See more about this in a special blog posting some time ago.

For users of our Bundled WYSIWYG-Editor Xinha users now have the ability to easily customize the appearance of this panel through a "my_custom.js" file inside the template directory (a draft of such a file can be found as fallback default in the htmlarea/ subdirectory).

One cool new feature for developers is that now also templates can register themselves inside the plugin API hooks to execute specific things, that don't require installation of an event plugin.

Other news include:

  • new event API hooks
  • fixed PDF thumbnail generation
  • ability to auto-scroll on borders when Drag/Dropping plugins
  • UTC server time zone support
  • improvements in the Smarty functions to easier use Serendipity as a CMS for individual entry output.
  • quicksearch improvements for doing a wildcard-search when too few searchresults were found on a fixed searchterm
  • support for Typepad anti-spam server-checks, additionally to Akismet

The current release can be easily installed on any previous Serendipity installation. Just unpack, upload and visit your admin panel to perform possible database upgrades. Upon first login with an old password, Serendipity will store your old password in the new format - please be sure to make a backup of your Database prior to upgrading. Apart from that, the current beta release is already in production use on many blogs and there are no known problems/issues with this.


Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

I have upgrade my blog http://www.rollenc.com to 1.5 beta-1,
No bug found

Thanks for your good job.
#1 rollenc (Homepage) on 2009-08-24 16:55 (Reply)
One bug found:

Searching doesn't work any more.


URL:

http://www.rollenc.com/index.php?serendipity[action]=search&serendipity[searchTerm]=ubuntu&serendipity[searchButton]=Quicksearch


Error:

Unknown column 'orderkey' in 'order clause'
#2 rollenc (Homepage) on 2009-08-24 17:05 (Reply)
The search function did not work as expected. Notice for the administrator of this blog: This may happen because of missing index keys in your database. On MySQL systems your database user account needs to be privileged to execute this query:

CREATE FULLTEXT INDEX entry_idx on serendipity_entries (title,body,extended)

The specific error returned by the database was:

SELECT
e.id,
e.authorid,
a.realname AS author,
e.allow_comments,
e.moderate_comments,
a.email,
e.timestamp,
e.comments,
e.title,
e.body,
e.extended,
e.trackbacks,
e.exflag,
e.isdraft,
e.last_modified,
a.username AS loginname

FROM
serendipity_entries e
LEFT JOIN serendipity_authors a
ON e.authorid = a.authorid
LEFT JOIN serendipity_entrycat ec
ON e.id = ec.entryid
LEFT OUTER JOIN serendipity_entryproperties ep_access
ON (e.id = ep_access.entryid AND ep_access.property = 'ep_access')
LEFT JOIN serendipity_entryproperties ep_sticky
ON (e.id = ep_sticky.entryid AND ep_sticky.property = 'ep_is_sticky')
WHERE
(MATCH(title,body,extended) AGAINST('ubuntu*' IN BOOLEAN MODE))
AND isdraft = 'false' AND timestamp
#2.1 rollenc (Homepage) on 2009-08-24 17:07 (Reply)
Thanks for that bugreport. Sadly this was caused by a last minute change.

Please download this file:

http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/include/functions_entries.inc.php

and overwrite the include/functions_entries.inc.php file with that.
#3 Garvin (Homepage) on 2009-08-24 17:14 (Reply)
Thanks for your quick reply and fix.
#3.1 Bectrade (Homepage) on 2009-08-24 18:20 (Reply)
Why do you switch to sha1, knowing this is already under attack similar to md5?
While it may take some time till sha1-attacks reach a state where this will matter for password storage, it'd be a safety measure to switch to sha256 with salt.
#4 Hanno (Homepage) on 2009-09-12 12:00 (Reply)
It's salted, so we could've even stuck to md5.
#4.1 Garvin on 2009-09-12 12:50 (Reply)
Is there any eta on a release candidate or new beta?
#5 mike johnston on 2009-12-16 13:19 (Reply)
Yes, as soon as our SMTP is up again, the release will be posted.
#5.1 Garvin (Homepage) on 2009-12-16 20:16 (Reply)

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed
 
 
 
 

Frontpage - Top level

 

Quicksearch


Categories


All categories

Archives


SVN/CVS state

The current nightly/SVN trunk state is: testing 1.6

Recommendation(s): Use 1.5.3 release

Please report issues and bugs on our Bugtracker. Your help is very much appreciated.


Syndicate This Blog


More RSS Feeds

Event Plugins
Sidebar Plugins
SVN/CVS commits
Serendipity around the world

Handbuch für Serendipity


Das offizielle, umfassende Serendipity-Handbuch für Einsteiger und Profis ist nun im Handel und kann online bei Amazon oder Open Source Press bestellt werden, oder auch bei jedem Buchhändler.