Serendipity 1.6.1 released
Posted by Garvin Hicking in Announcements, Development, Security
Comment (1)
Trackbacks (6)
Serendipity 1.6.1 has just been released. As usual you can simply download from s9y.org, extract the archive, upload it to your webspace and accept the upgrader when visiting your blog.
This release mainly addresses two security issues found by Stefan Schurtz (thanks a lot, again!). One is a XSS issue in the media database panel, the other an SQL injection in the media database section. Both issues can only be exploited if you are logged in to your blog and you click a specially crafted link. The SQL injection cannot be used to extract sensitive information from the database or delete data.
Either way you are urged to upgrade your Blog to the latest version. Development versions of 2.0 and 1.7 on github have these bugs fixed as well.
Other bugfixes in this version include:
- Updated spamblock plugin for better wordfiltering on specific scenarios
- Fixed draft/future entries preview links in backend
- Fixed an issue where template-specific configuration options were not overwritten by the new global ones
You might also want to check out our quite stable 1.7 development version which uses Smarty3, or even our 2.0 development version which contains major rewrites so that Smarty is used in the backend!
Serendipity 1.6.1 has just been released. As usual you can simply download from s9y.org, extract the archive, upload it to your webspace and accept the upgrader when visiting your blog. This release mainly addresses two security issues found by Stefan Schurtz (thanks a lot, again!). One is a XSS issue in the media database panel, the other an SQL injection in the media database section. Both issues can only be exploited if you are logged in to your blog and you click a specially crafted link. The SQL injection cannot be used to extract sensitive information from the database or delete data. Either way you are urged to upgrade your Blog to the latest version. Development versions of 2.0 and 1.7 on github have these bugs fixed as well. Other bugfixes in this version include: Updated spamblock plugin for better wordfiltering on specific scenarios Fixed draft/future entries preview links in backend Fixed an issue where template-specific configuration options were not overwr
Ein Update des besten Blogs der Welt auf Version 1.6.1 steht bereit. Das Update wird strengstens empfohlen, da es zwei kleinere "unkritische" Sicherheitslücken schliesst. Da muss ich heute Abend mal ran. Update vermutlich wie immer durch überkopieren und
Tracked: May 08, 10:28
Garvin hat heute Serendipity 1.6.1 veröffentlicht. Während der Release primär zwei Sicherheitslücken fixt, ist es zudem die erste s9y-Version, die 2k11, das mögliche neue Standard-Template für s9y, enthält. Das bedeutet auch, 2k11 wird in gewisser Weise „
Tracked: May 08, 11:06
Tracked: May 08, 17:44
Advisory: Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability Advisory ID: KORAMIS-AD
Tracked: May 08, 19:57
Mit heutigen Tag wurde die Version 1.6.1 der besten Blogsoftware veröffentlicht – siehe Artikel im S9y Blog. Aufgrund der Beseitigung von Sicherheitslücken (nur in ganz gewissen Fällen schlagend) ist ein Update auf alle Fälle angebracht. Diese V
Tracked: May 08, 22:42
Tracked: May 16, 14:31