Serendipity 2.0.1 released

Serendipity 2.0.1 has just been released. This is the first maintenance release which fixes a couple of minor issues, and one security-related issue where improper escaping of category names can lead to a possible XSS attack. This atnly be performed by authenticated editors, so we consider it medium-impact. If you run a multi-user blog with untrusted authors, you are urged to upgrade to the new release. Many thanks to Edric Teo for reporting this issue to us, which could then be fixed within the same day.

Some other notable bug fixes are:

  • Report errors, if inclusion of JavaScript files may throw PHP errors to help in diagnosing an installation
  • Support for user.css backend CSS additions, without needing to edit the 2k11 backend theme.
  • Some JavaScript fixes for the backend, better theme fallback methods.

As usual the complete list of changes can be see in our docs/NEWS-file. Upgrading is simple as always: Download the release, unpack, upload, say hi to our upgrader, done.

Trackbacks

Trackback-URL für diesen Eintrag

Kommentare

Ansicht der Kommentare: (Linear | Verschachtelt)

Hanno am um :

Does this issue also affect older versions (1.7.x) of serendipity?

And more generally: Are 1.7 versions to be considered not security supported in general and thus should all users of older versions upgrade to 2.x?

Tom De Pellet am um :

Thanks for this update of serendipity, I really appreciate it.

Greetings Tom De Pellet

Kommentar schreiben

Die angegebene E-Mail-Adresse wird nicht dargestellt, sondern nur für eventuelle Benachrichtigungen verwendet.

Um maschinelle und automatische Übertragung von Spamkommentaren zu verhindern, bitte die Zeichenfolge im dargestellten Bild in der Eingabemaske eintragen. Nur wenn die Zeichenfolge richtig eingegeben wurde, kann der Kommentar angenommen werden. Bitte beachten Sie, dass Ihr Browser Cookies unterstützen muss, um dieses Verfahren anzuwenden.
CAPTCHA

BBCode-Formatierung erlaubt
Markdown-Formatierung erlaubt