New Serendipity Releases: 1.0.1 and 1.1-beta1

The Serendipity Team is proud to offer two new releases:

Serendipity 1.0.1 addresses a few minor bugfixes in the otherwise very well-received 1.0 stable release. Those are related to utf8-iconv conversion on older PHP setups, sending comment mails to users without an email address and a WYSIWYG image insertion issue.

The most important fix and reasing for the 1.0.1 release is a security issue that has been reported by Sebastian Nohn using the cool new Security-Scanner Chorizo. The only reported issue by Chorizo was the possibility of Users who could add plugins to the installation (usually only Administrators) to insert file references to other arbitrary PHP files that are then included. We feel this is a minor impact, because usually all administrators already would have full access to the PHP filebase and could include remote files with different means. Also note that users with safemode/open_basedir restrictions would not be affected by this.

Users with multi-users installations, giving plugin access to untrusted users are urged to upgrade to the latest release!

Serendipity 1.1-beta1 brings the long awaited new features to a first public release. The 1.1-alpha versions have been tested in the past quite well and are thought to run quite stable.

The 1.1 version brings those major new features (also see an earlier blog entry for details):

  • Completely overhauled Media Gallery. Serendipity has always been a major player in providing easy media database access, and is now enhancing it for even more usability and flexibility. You can now assign privileges for every media directory. You can now retrieve and store meta properties like descriptions, EXIF-Data, keywords - and filter/search for them easily. Plus, the media gallery is now Smarty Template-driven, so you can customize it to your needs. You can now move images/whole directories within the filestructure, and existing entries will be edited to suit that new location. The media database can now be synchronized on-the-fly with contents on the webspace - means you can upload files via FTP and they will automagically be imported. A explorer-like view on the directories completes the featureset.
  • You can enable/disable certain markup plugins per-entry. Ever wanted to create a Full HTML posting, but were annoyed by automatic nl2br conversion? Now you can turn it off for specific entries.
  • Support for Template Options. All Themes can now offer specific configuration options for using a theme, like specifying which colorset you want to use, which navigational items you'd like to see and even fine-control banner options. See Carl Galloways Page for some sneak previews on the functionality to come!
  • Finally, you can now use Drag And Drop to re-order your sidebar/event plugins much more intuitively than in the past. It uses enhanced JavaScripts (from Cyberdummy.co.uk / tool-man - great script!), that works on all major browsers. For those browsers that don't offer support for that, or for users without JavaScript, the old method is still working seamlessly. This means, that Serendipity continually strifes to both deliver top-usability to our users, as well as satisfy people who are paying close attention to security issues.
  • You can now use an URL scheme to view comments and entries by individual users/authors (with date-filtering and pagination)
  • new "comments and trackbacks" RSS feed for your entries
  • A new LiveJournal XML importer
  • New plugin manager button to check for new versions of all installed plugins
  • Entryproperties plugin now supports setting passwords for entries
  • Performance improvements: Smarty API now passes more variables by references, which largely reduces the memory footprint
  • New Template Engines: PHP and XML/XSLT-Drivers
  • Make use of possible existing PEAR-Installations already existing on your server
  • Improved Security of the "auto-login" feature
  • Fix blocking site during file requests by writing session data to disk before making trackbacks etc.
  • New Language: Arabic
  • ...and many more!

Both releases can be found in the Download-Section on www.s9y.org. As always, just unpack them over your current installation to upgrade. More details can be found in the FAQ on www.s9y.org.

Have fun -- and please report any bugs you find on our Forums!

Trackbacks

Trackback-URL für diesen Eintrag

Kommentare

Ansicht der Kommentare: (Linear | Verschachtelt)

Andre Heinrichs am um :

PS: The downloads for 1.0.1 also don't work right now. They, too, return 404.

Garvin am um :

Sorry, should be fixed now.

If that happens again, try http://prdownloads.sourceforge.net/php-blog/

Andy Rambling am um :

There's still a 404 of a problem for the 1.1 downloads from the main site.

Anna am um :

Sei du und leb dein Leben, sonst lebt jemand anderes deine schönen Momente...

Kommentar schreiben

Die angegebene E-Mail-Adresse wird nicht dargestellt, sondern nur für eventuelle Benachrichtigungen verwendet.

Um maschinelle und automatische Übertragung von Spamkommentaren zu verhindern, bitte die Zeichenfolge im dargestellten Bild in der Eingabemaske eintragen. Nur wenn die Zeichenfolge richtig eingegeben wurde, kann der Kommentar angenommen werden. Bitte beachten Sie, dass Ihr Browser Cookies unterstützen muss, um dieses Verfahren anzuwenden.
CAPTCHA

BBCode-Formatierung erlaubt
Markdown-Formatierung erlaubt