Posted by Garvin Hicking in Announcements, Development, Security
Serendipity 2.0.1 has just been released. This is the first maintenance release which fixes a couple of minor issues, and one security-related issue where improper escaping of category names can lead to a possible XSS attack. This atnly be performed by authenticated editors, so we consider it medium-impact. If you run a multi-user blog with untrusted authors, you are urged to upgrade to the new release. Many thanks to Edric Teo for reporting this issue to us, which could then be fixed within the same day.
Some other notable bug fixes are:
- Support for user.css backend CSS additions, without needing to edit the 2k11 backend theme.
Heute wurde das erste kleinere Wartungsupdate von Serendipity veröffentlicht, das (Maintenance-)Release 2.0.1. Neben einer sicherheitsrelevanten Änderung, deren zugrundeliegende Schwachstelle aber nur durch eingeloggte Autoren ausgenutzt werden konnte, g
Tracked: Mar 12, 23:12
And more generally: Are 1.7 versions to be considered not security supported in general and thus should all users of older versions upgrade to 2.x?
Tom De Pellet