Entries by Garvin Hicking

Serendipity 1.3-beta1 has been released. This beta is considered a release candidate before the final 1.3 release, which is scheduled to be released at the end of this month.

The Freetag plugin has been updated to version 2.96 to fix a possible XSS to the tagcloud output.

XSS attacks can be used by visitors to display foreign HTML or JavaScript to visitors of the blog, if they visit specially crafted URLs. This attack basically allows for cookie stealing.

Users of the freetag plugin should upgrade to the latest version; upgrading via Spartacus-Plugin or Spartacus.s9y.org is just a matter of a few minutes. Thanks to Alex from Bitsploit.de for reporting this issue to us.

(This posting is written in german, as it currently only has relevance for german readers)

Wie man jetzt in meinem Blog auf der linken Seite erkennen kann, ist das von mir geschriebene offzielle Serendipity-Handbuch seit kurzem vorbestellbar.

Rund 700 Seiten liegen dem Verlag derzeit zur Korrektur und Verfeinerung vor, prall gefüllt mit ausführlichen Beschreibungen von allem, was mit Serendipity zu tun hat.

Viel Herzblut und Freizeit ist in das Buch geflossen, und ich hoffe damit sehr, den Nutzern endlich eine vollständige Dokumentation in die Hand geben zu können. Gleichermaßen ist es auch für Neulinge zum System gedacht, da alle Aspekte des Systems beschrieben werden.

Wer jetzt vorbestellt, kann dafür sorgen, dass das Buch etwas zügiger erscheint - und ihr es auch direkt in den Händen halten könnt. Der derzeitige Veröffentlichungstermin ist für Mai 2008 angepeilt. Vorbestellungen werden sowohl über Amazon, OpenSourcePress als auch bei jeder Bücherei angenommen.

Serendipity 1.2 has been well received by the community, there were only very few minor bugreports. Those have been addressed in the Serendipity 1.2.1 maintenance release, available now.

The new Serendipity version also includes some new Bulletproof Theme options (user-customized stylesheets) and addresses some very minor browser quirks. If you're using Bulletproof, it is suggested you perform the update.

Also this new version addresses a security issue in the Remote RSS sidebar plugin (reported by Hanno Böck), which did not properly treat links coming from an RSS feed, which could lead to possible XSS attack vectors, if you are showing foreign feeds that might distribute malicious content to you. If you're using this plugin with an unsafe RSS feed, you should upgrade Serendipity.

Serendipity 1.2.1 features a new WPXRSS importer and can import the new WordPress 2.3 database structure All bug fixes have also been applied to our current 1.3-release tree. This release currently features some new Smarty-Templating convenience features, a remote spartacus version information interface, full pingback support, a LifeType blog importer and support of SQLRelay.

Upgrading Serendipity is very easy, have a look at the FAQ. The new version is available on the Serendipity download page.

Enjoy Serendipity and have a nice Christmas time!

The Serendipity Anti-Spam plugin allows to utilize the blogg.de IP blacklist service to block spam. Their service seems to have ceased existence, or at least is rejecting connections. This can lead to comments to your serendipity blog to be rejected. You can easily disable the blogg.de blacklist service in your Anti-Spam plugin configuration.

Note that this option is by default disabled in Serendipity since blogg.de announced that they are no longer actively maintaining the blacklist. A well fit alternative to this service is the Akismet API, which the spamblock plugin also supports.

Some while ago, I announced an article about Serendipity in the German PHP Magazine (read here). This article was now made available as a PDF by the publisher, so you can feel free to download and read it:

PHP Magazin Mai 2007: "Blogging mit Biss" von Garvin Hicking (German/Deutsch)

Have fun reading!