Serendipity 1.5.4 released

Serendipity 1.5.4 has been released and addresses some minor bugfixes as well as a XSS security issue discovered and reported by High-Tech Bridge. The XSS is only exploitable though, if you are using the "Remember me" feature in the Serendipity backend to login. Thanks to the quick notification by the team we were able to fix the issue within 24 hours, as with all past security issues.

The XSS-issue can easily be patched by only replace the file include/functions_config.inc.php with the new file (link), or by applying this patch.

Other bugfixes that come with the new Serendipity 1.5.4 release are:

  • Fix PHP 5.3.2 parse error in a file, thanks to fyremoon
  • Fix SQL query statement for deleting a category, which on some DB types (SQlite) might not return "true" and thus not really delete the category.
  • Include license output in plugin listing
  • Fix escaping when using ImageMagick to create PDF-thumbnail images
  • Add new template variable to feed*.tpl files to support new plugins like pubsubhubbub, so that plugins can embed data to the main XML element

The latest release can be found on our SourceForge repository and on the usual place on . To upgrade from any previous Serendipity version, simply extract and upload the new files to your server.

Trackbacks

Trackback specific URI for this entry

  • No Trackbacks

Comments

Display comments as (Linear | Threaded)

Fabien Chabreuil on at :

Hi, I am using Serndipity 1.5.2. If I just replace the functions_config.inc.php file, the previsualisation function (in the administration)doesn't work anymore.

Best regards, Fabien

Garvin on at :

Can you specify "doesn't work anymore" more exactly? Maybe you can come to the forum for a better support facility, and we can work it out.

Fabien Chabreuil on at :

I have the following message: "Votre navigateur n'a pas envoyé un HTTP-Referer (adresse référante) valide." (Your browser didn't send a valid HTTP-Referer) If I restore the previous version of functions_config.inc.php file, every thing is OK again.

Best regards, Fabien

Hanno on at :

I have a page where the update seems to make problems. I did it like always (got some info screen with a link to "Installation aktualisieren", clicked there), but the info screen stays, though I no longer get the upgrade screen, it just links to the admin login.

See http://www.eon-abmelden.de/

Hanno on at :

Hmm, it disappeared after a while. Though I definitely tried reloading...
Sorry for the noise.

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed