Serendipity - Announcements

Serendipity 1.5.2 released

mail@garv.in (Garvin Hicking) — Mon, 25 Jan 2010 12:17:39 +0100

Serendipity 1.5.2 has been released to address the outstanding issue of SQLite installations with Serendipity. Upgrading an earlier version of Serendipity prior to 1.5.1 to this version should work without any problems, fixing the database upgrades that were faulty in Serendipity 1.5.1. This is the same patch that has been advertised in the old blog posting.

Users who had upgraded to Serendipity 1.5 already can fix problems by checking the database table 'serendipity' and make sure to insert a md5 hashed password, with hashtype=0.

SQLite users should backup their database file (a random file name ending in .db) before updating. For users of other database systems, the Serendipity 1.5.2 update does not contain any changes and can be left out.

Serendipity 1.5.1 with SQLite

mail@garv.in (Garvin Hicking) — Wed, 23 Dec 2009 15:06:07 +0100

UPDATE: Serendipity 1.5.2 release

Some SQLite upgrades from Serendipity prior to 1.5 to the current version might create a problem, that the database update cannot properly update the serendipity_authors database table structure to insert the new "hashtype" (int) column. Due to that column missing, this can lead to the inability to log in.

Sadly SQLite does not easily allow to ALTER a table structure, so unless you have a SQLite admin tool to manually that column, and until the Serendipity Team can provide a proper fix, you should not yet update. Due to Christmas 2009.1 getting released soon, this might takes us a few more extra days.

If you have NOT yet uploaded the new serendipity release and executed the update, you can simply copy the file sql/db_update_1.5-alpha1_1.5-alpha2_sqlite.sql onto your installation, which fixes the upgrade procedure.

Side information: Hashtype defines whether md5 (value '0') or salted sha1 (value '1') is used for the stored encrypted password of the serendipity_authors table. Once you login with a hashtype=0, serendipity will automatically convert your password to sha1, and adjust the hashtype column. This is why once we fix this issue in 1.5.2, we must make sure that no manuall updates you might have used are overwritten, that could lead to Serendipity no longer knowing which hashtype was used for your column. That requires some thoughtful thinking, and a bit more time instead of a hotfix that might make the situation worse.

Note that this ONLY applies to users UPGRADING and using SQLite. A fresh installation as well as using other Database types is not affected.

Serendipity 1.5.1, bugfix release

mail@garv.in (Garvin Hicking) — Mon, 21 Dec 2009 20:12:20 +0100

It's been a long time, and the Serendipity Team is proud to present the Serendipity 1.5.1 release...

...All bad things come in triplets, except this one, which came in a duplet: First the uploaded release file contained the current development version, the second issue was found due to just 3 mixed up characters, which prevents any plugin that has a HTML/WYSIWYG-Config-item (like the HTML Nugget plugin) to be properly displayed.

The fix is quite easy: include/functions_plugins_admin.inc.php. The cause for this problem was introduced only a few days earlier and sadly slipped by unnoticed. We're awfully sorry for the trouble this may cause you.

Due to this version mixup earlier and this annoying bug, Serendipity 1.5.1 (Codename Colin AKA If everybody else is doing it, why can't we; but well, it could be worse) has been released.

If you're lazy and already upgraded to 1.5, you will only need to download and replace the file found here: include/functions_plugins_admin.inc.php.

Now have a merry christmas, and let's hope that our best friend Murphy has no surprises left for us freezing germans.

Serendipity 1.5 released

mail@garv.in (Garvin Hicking) — Mon, 21 Dec 2009 08:07:00 +0100

The Serendipity Team is proud to present the final release of Serendipity 1.5. While the earlier beta versions are proven to work fine for many people, it was finally time to package up a real release. ;)

This version mainly addresses login security by changing our method how passwords are stored to use salted SHA1 checksums instead of plain MD5 checksums. This makes password retrieval (rainbow attacks, see special blog posting) through the database virtually impossible. Another thing is improved PHP 5.3 compatibility.

For users of our Bundled WYSIWYG-Editor Xinha users now have the ability to easily customize the appearance of this panel through a "my_custom.js" file inside the template directory (a draft of such a file can be found as fallback default in the htmlarea/ subdirectory).

One cool new feature for developers is that now also templates can register themselves inside the plugin API hooks to execute specific things, that don't require installation of an event plugin.

Other news include:

new event API hooks
fixed PDF thumbnail generation
ability to auto-scroll on borders when Drag/Dropping plugins
UTC server time zone support
improvements in the Smarty functions to easier use Serendipity as a CMS for individual entry output.
quicksearch improvements for doing a wildcard-search when too few searchresults were found on a fixed searchterm
support for Typepad anti-spam server-checks, additionally to Akismet

Minor improvements since the 1.5-beta1 release:

more PHP 5.3.0 compatibility improvements
Disallow uploading any files that contain ".php." in the filename for extra security with Apache MimeMagic-Modules
expermiental PDO:SQlite support
usability improvements for the comment moderation panel (bottom-navigation, removed border increase)

The current release can be easily installed on any previous Serendipity installation. Just unpack, upload and visit your admin panel to perform possible database upgrades. Upon first login with an old password, Serendipity will store your old password in the new format - please be sure to make a backup of your Database prior to upgrading, and read the upgrade pointers on Upgrading Serendipity.

Have fun using Serendipity, and let us know on the Forums if you have any issues!

Update: Accidentaly, the 1.6-alpha release file was uploaded with the wrong file name. This has been fixed, the real files are now available -- users who had already downloaded this 1.6 release can either re-download the new release bundle, or stay at their current version. 1.6 has only 2 minor changes yet, and is 99,9% identical with 1.5 at this point. The most major difference would only be the version number. ;-)
I'm sorry for this fault, I blame it on the german weather...

Security update for Freetag Plugin

mail@garv.in (Garvin Hicking) — Thu, 27 Aug 2009 09:52:00 +0200

Thanks to Niels Provos we have been informed of a security issue in the Serendipity Freetag plugin (serendipity_event_freetag). Versions up to 3.08 contained a bug that was not properly escaping a GET variable used in an SQL statement, leading to a possible SQL injection attack.

The impact of this is considered to be low, as the query used is only for displaying Meta keywords inside a blog entry, and usual mysql-Client libraries to not allow to execute multiple stacked SQL queries to drop tables etc.

Nevertheless, you should upgrade this plugin version. It is available on Spartacus, or for manual download.

Serendipity 1.5-beta1 released

mail@garv.in (Garvin Hicking) — Mon, 24 Aug 2009 09:59:00 +0200

Serendipity 1.5-beta1 is the first public beta release of the upcoming Serendipity 1.5 version. Some important things have changed under the hood, that we would like to ask our users to try out and report back to us.

This version mainly addresses login security by changing our method how passwords are stored to use salted SHA1 chacksums instead of plain MD5 checksums. This makes password retrieval (rainbow attacks) through the database virtually impossible. Another thing is improved PHP 5.3 compatibility. See more about this in a special blog posting some time ago.

One cool new feature for developers is that now also templates can register themselves inside the plugin API hooks to execute specific things, that don't require installation of an event plugin.

Other news include:

new event API hooks
fixed PDF thumbnail generation
ability to auto-scroll on borders when Drag/Dropping plugins
UTC server time zone support
improvements in the Smarty functions to easier use Serendipity as a CMS for individual entry output.
quicksearch improvements for doing a wildcard-search when too few searchresults were found on a fixed searchterm
support for Typepad anti-spam server-checks, additionally to Akismet

The current release can be easily installed on any previous Serendipity installation. Just unpack, upload and visit your admin panel to perform possible database upgrades. Upon first login with an old password, Serendipity will store your old password in the new format - please be sure to make a backup of your Database prior to upgrading. Apart from that, the current beta release is already in production use on many blogs and there are no known problems/issues with this.

Serendipity Packages for Softaculous

mail@garv.in (Garvin Hicking) — Tue, 11 Aug 2009 09:26:33 +0200

Softaculous is a provider for automatted web-application installations on cPanel/DirectAdmin environments. They have an automatted API for software vendors like Serendipity to be able to setup and install their applications.

Thanks to the hard work of the Softaculous-Team, they have created a package for Serendipity on their own efforts - many thanks for that!

So you can easily install Serendipity on a Softaculous-Platform and be able to upgrade to later installations easily. Check out their Demo site to see an auto-installed Serendipity at work. You can also use this as a free demo of Serendipity, including the backend. Also Softaculous itself has a admin-demo, if you want to have a look on how to automate your installations of web-applications.

On the Serendipity@Softaculous-Site, you can also rate Serendipity or contribute reviews. Currently there are none available, so please feel free to both vote and spread the word on Serendipity there!

Serendipity 1.4.1 released

mail@garv.in (Garvin Hicking) — Fri, 16 Jan 2009 11:33:05 +0100

Serendipity 1.4.1 has been released. This is mainly a bugfix release for the updated of the bundled Smarty library, which fixes issues with Serendipity 1.4.

Other small fixes include better antispam checks for pingbacks (they were too strict before), an update to the sql index key creation of the statistics plugin and removal of error messages on open_basedir enabled servers.

You only need to upgrade to Serendipity 1.4.1 if one of the mentioned bugs affect you. Updating is easy and documented online.

Smarty problem with Serendipity 1.4

mail@garv.in (Garvin Hicking) — Tue, 30 Dec 2008 11:15:15 +0100

Due to some feedback on the forums, we were made aware of a bug of the bundled Smarty templating engine that can happen in some PHP environments and lead to PHP warning/error messages.

If this occurs for you, please simply download an updated version of the file bundled-libs/Smarty/libs/Smarty_Compiler.class.php and upload it to your blog directory. Of course we will integrate this update to a future point release of Serendipity.

Serendipity 1.4 released

mail@garv.in (Garvin Hicking) — Mon, 29 Dec 2008 10:43:00 +0100

The Serendipity-Team is proud to provide the final release of Serendipity 1.4, conveniently codenamed "Post-Christmas-Monk-Miles-Moondog".

There have been some larger improvements since the 1.4-beta release, so these are the highlights of this release in short:

(new since 1.4-beta1) References to online plugin documentation have been added (if existing) and the display of the short plugin names has been added to the plugin configuration menus.
(new since 1.4-beta1) Firefox now no longer autoremembers passwords at the wrong places
(new since 1.4-beta1) Added SMF importer
(new since 1.4-beta1) Added a new %parentname% permalink option for category links
(new since 1.4-beta1) Fix to properly, longer (30 days) sstrong>remember the user settings in cookies, like for media insertion
Improvements in the now Double-Opt-In comment subscription (plus support for fulltext comment notifications)
new bundled default WYSIWYG editing component (Xinha, the successor of HTMLArea). This new component is more reliable and cross-browser capable than the old version, by still supporting everything that worked with HTMLArea previously.
The Entryproperties plugin now uses the new widget-style configuration option to allow for custom arrangement of the entry-related features of this plugin to your liking.
The bulletproof template has been enabled as the new default template. The frontend imitates the look of Carl Galloways Serendipity 1.0 relaunch template, while the backend is much improved with a fresh, distinct look.
The Remote RSS-Feed sidebar plugin now is templated, so that you can achieve distinct look for certain feeds on the sidebar.

Serendipity also addresses some minor bugs usually only affecting very special environments. Other changes include new PostgreSQL ts_vector fulltext search, comment approval-by-mail for the spamblock plugin, better HTTP header status updates for CGI environments. For developers, some API improvements and new variables/parameters have been added. The performance of the entryroperties plugin can be enhanced by new configuration options that let you fiddle with the involved SQL generation.

The complete list of all changes is documented within the docs/NEWS file of the release. This serendipity release is also the first one to include checksums to verify your installation integrity.

Updating is easy and documented online: Just upload the new files onto your web, possibly refresh/purge your browser cache (and if you upgrade from Serendipity older than 1.2, you might need to purge your old cookies), go to the admin panel and you're done. For shared installations, make sure all deployed htmlarea directories are updated with the new files (if not, the old htmlarea will still be there, not Xinha).

Also, the new version contains release checksums. This makes sure that the files you uploaded correspond with the checksums generated through the release. This way, bad FTP uploads will no longer be driving you nuts. If this makes any trouble for you, try to upload the files in BINARY mode in your FTP client.

For the future, Serendipity is still planning on minor and major features. We always keep a close ear to the wishes of our users, some of those that cannot be solved instantly have been documented here: Future of Serendipity. If you're a developer or designer, and want to help in proving that Serendipity is a flexible and easy to use Blogging/CMS-application - your help is needed and appreciated! Speaking of which: Many thanks to all current developers and forum users, especially Don Chambers, YellowLED and Judebert. Your help has been, and is vital to the project.

On behalf of the team: Happy new year and have fun with the release,
Garvin

Serendipity 1.4-beta1 released

mail@garv.in (Garvin Hicking) — Tue, 11 Nov 2008 14:48:00 +0100

The first release candidate for Serendipity 1.4 can now be downloaded.

Serendipity 1.4 mainly addresses improvements in the now Double-Opt-In comment subscription (plus support for fulltext comment notifications) and ships with a new bundled default WYSIWYG editing component (Xinha, the successor of HTMLArea). This new component is more reliable and cross-browser capable than the old version, by still supporting everything that worked with HTMLArea previously.

Things that are visually noticeable include a new "widget-style" configuration option for the "Entryproperties"-Plugin, so that you can arrange and enable/disable each feature of that plugin to your own liking. Also you can now configure each sidebar plugin directly from your frontend.

Also, the Bulletproof has now been promted as new default template, imitating the design of the previous default template - but offering a now completely new distinct default look to the admin panel.

The Remote RSS-Feed sidebar plugin now is templated, so that you can achieve distinct look for certain feeds on the sidebar.

Serendipity also addresses some minor bugs usually only affecting very special environments. Other changes include new PostgreSQL ts_vector fulltext search, comment approval-by-mail for the spamblock plugin, better HTTP header status updates for CGI environments. For developers, some API improvements and new variables/parameters have been added. The performance of the entryroperties plugin can be enhanced by new configuration options that let you fiddle with the involved SQL generation.

The complete list of all changes is documented within the docs/NEWS file of the release. This serendipity release is also the first one to include checksums to verify your installation integrity.

Also, the new version contains release checksums. This makes sure that the files you uploaded correspond with the checksums generated through the release. This way, bad FTP uploads will no longer be driving you nuts. If this makes any trouble for you, try to upload the files in BINARY mode in your FTP client.

Please report any trouble with this new release candidate on the Serendipity Forums or here on this blog. Even though we find this release quite stable and generally believe it production ready, feedback is much required. If all goes well, the final version will be released in december.

Serendipity at FrOsCon 2008

mail@garv.in (Garvin Hicking) — Fri, 11 Jul 2008 13:08:31 +0200

I will be holding a talk about Serendipity's Multi-User and Shared-Install-Capabilites at this year's FrOscon in St. Augustin, Germany.

I'd be happy to meet any of the fellow Serendipity user's at the weekend of 23./24. August 2008. Also have a look at the other very interesting panels at this convention!

Die Sieger des Gewinnspiels zum Serendipity Handbuch

mail@garv.in (Garvin Hicking) — Thu, 19 Jun 2008 10:20:25 +0200

(Announcement of the winners for the german book - this will be the last german entry for some time!)

Das Gewinnspiel zum Serendipity Handbuch: Individuelle Weblogs für Einsteiger und Profis ist nun beendet. Herzlichen Dank an alle Teilnehmer, die mit Interesse und Begeisterung auf das Erscheinen des Buches reagiert haben, und auch vielen Dank für die persönlichen Glückwünsche. Es freut mich sehr zu sehen, dass die neue umfangreiche Dokumentation so angenommen wird, wie ich mir das erhofft habe.

Kommen wir daher direkt zum offiziellen Teil: Die Bekanntgabe der Gewinner!

Als glückliche Gewinner eines Serendipity-Buches wurden ausgelost:

Weitaus schwerer war es, aus den vielen Beiträgen die originellsten zu bestimmen. Letztlich fiel die Wahl auf:

Alle Gewinner möchte ich bitten, mir ihre Post-Anschrift per E-Mail an gh %at% faktor-e.de zukommen zu lassen. Diese werde ich ausschließlich an den Verlag Open Source Press weiterleiten, damit die Bücher den richtigen Weg zu euch finden.

Serendipity-Handbuch

mail@garv.in (Garvin Hicking) — Wed, 04 Jun 2008 11:20:27 +0200

(Announcement for the german book. English users have to please stay patient for a possible translation!)

Nach beinahe einem Jahr harter Arbeit kann nun die umfassende Dokumentation zu Serendipity sowohl online wie auch beim netten Buchhändler um die Ecke bestellt werden:

Serendipity: Individuelle Weblogs
für Einsteiger und Profis
(ISBN 978-3-937514-54-3, Amazon).

Das Buch behandelt auf 750 Seiten sowohl die ersten Schritte mit Serendipity (inklusive Installation und Bedienungsanleitung) als auch die Benutzung von Plugins, Templates und einer sehr ausführlichen API-Dokumentation. Ein gutes Schlagwortregister hilft zudem beim täglichen Nachschlagen.

Ein Probekapitel sowie das vollständige Inhaltsverzeichnis kann unter dem oben angegebenen Link eingesehen werden.

Kurzum, ein Buch dass sich jeder deutschsprachige Serendipity-Enthusiast einmal ansehen sollte. Leser des Buches sind natürlich herzlich eingeladen, ihre Meinung oder konstruktive Kritik zu dem Buch im Serendipity-Forum, mir persönlich oder als Amazon-Rezension mitzuteilen.

Zur Feier der Veröffentlichung gibt es ein Gewinnspiel mit 5 Exemplaren des Buches, die uns vom Verlag Open Source Press zur Verfügung gestellt werden. Um ein solches Exemplar kostenlos zu ergattern, könnt ihr folgendes tun:

Bloggen.

Wenn ihr ein eigenes Blog habt, erstellt einfach einen Beitrag bei dem ihr bitte folgenden Link einbaut:

<a href="http://blog.s9y.org/archives/195-Serendipity-Handbuch.html">
Serendipity-Handbuch
</a>

Dadurch wird, falls in eurem Blog aktiviert, auch automatisch ein Trackback gesetzt. Falls das nicht klappt und ihr eure URL hier nicht sofort seht, hinterlasst bitte hier im Blog einen Kommentar mit eurer URL (ohne HTML-Code, hier ist nur BBCode zugelassen).
Kreativ sein.

In eurem Artikel könnt ihr die folgenden zwei Fragen beantworten. Wer kein Blog besitzt, kann die Fragen auch gerne hier als Kommentar beantworten:

Aus welchem Grund sollte man sich das Buch eigentlich kaufen, wenn man es nicht gerade gewinnt?

Was gefällt euch am besten an Serendipity?
Gewinnen.

Der Einsendeschluss ist am 18.06.2008, der Rechtsweg ist ausgeschlossen. 3 Gewinner werden zufällig ausgelost, 2 Gewinner werden anhand der subjektiv originellsten Antworten auf die Fragen entschieden. Die Gewinner werden hier im Blog angekündigt und gebeten, mir ihre Post-Adresse per E-Mail zuzusenden. Teilnahme per Pseudonym ist vollkommen okay, eure Postdaten werden ausschließlich an den Verlag zur Versendung der Gewinne weitergegeben und danach wieder gelöscht.

Viel Spaß und Erfolg,
Garvin Hicking

Netmirror.org Outage, Spartacus affected.

mail@garv.in (Garvin Hicking) — Fri, 16 May 2008 16:33:42 +0200

As of today, the netmirror.org server seems to be having a hiccup. The serendipity Plugin Spartacus by default requires this server to provide automatic plugin and theme updates and downloads. The inavailibility of this server can lead to timeouts and not being able to install new plugins.

The issue should resolve itself once netmirror.org is up again. Temporarily you can either reconfigure your Spartacus-plugin to use the SourceForge-Mirrors, or completely disable the Spartacus plugin. Using the s9y.org mirror will not help you, as this server is currently not hosting any files.

I will post an update once the server is up again. Sorry for the inconvenience.