Serendipity 2.0.1 released

Serendipity 2.0.1 has just been released. This is the first maintenance release which fixes a couple of minor issues, and one security-related issue where improper escaping of category names can lead to a possible XSS attack. This atnly be performed by authenticated editors, so we consider it medium-impact. If you run a multi-user blog with untrusted authors, you are urged to upgrade to the new release. Many thanks to Edric Teo for reporting this issue to us, which could then be fixed within the same day.

Some other notable bug fixes are:

  • Report errors, if inclusion of JavaScript files may throw PHP errors to help in diagnosing an installation
  • Support for user.css backend CSS additions, without needing to edit the 2k11 backend theme.
  • Some JavaScript fixes for the backend, better theme fallback methods.

As usual the complete list of changes can be see in our docs/NEWS-file. Upgrading is simple as always: Download the release, unpack, upload, say hi to our upgrader, done.

Trackbacks

Trackback specific URI for this entry

Comments

Display comments as (Linear | Threaded)

Hanno on at :

Does this issue also affect older versions (1.7.x) of serendipity?

And more generally: Are 1.7 versions to be considered not security supported in general and thus should all users of older versions upgrade to 2.x?

Garvin on at :

This does not affect

Garvin on at :

This does not affect versions lower than 2.0. if it had, we'd have released a new 1.7.x security fix release, too! (Check our recent blog post about how we support the 1.7 line in the future)

Tom De Pellet on at :

Thanks for this update of serendipity, I really appreciate it.

Greetings
Tom De Pellet

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed