Serendipity 1.3 released (addresses security)

Serendipity 1.3 has finally been released. The new release is mainly a feature consolidation release, but also contains XSS security fixes:

  • The karma rating plugin has been upgraded to support nice, CSS-based rating graphics (see this post) and an overall rehaul on the its coding.
  • Make the Spartacus plugin be able to use FTP upload, a workaround for SafeMode PHP restrictions. Also add a remote backend for plugin update checks.
  • An importer for phpNuke and lifetype has been added.
  • Support for pingbacks has been improved a lot. Trackbacks can now be blocked based on Sender IP checks.
  • Add better CSS styling for some internal plugins and the embedding of images. Also made the Remote-RSS plugin to be capable of Smarty-Templating.
  • Increased Smarty templating features for the {serendipity_fetchPrintEntries} function, to be able to check for entry properties.
  • Add support for SQRelay.
  • Minor CSS and graphic updates to the Bulletproof template.

The full list of 41 changes to this release are documented within the NEWS file.

Regarding Security, the bundled Smarty library has been updated to version 2.6.19 and adresses an issue in environments where the PHP security mode is required. Also, the new Serendipity release contains tighter backend XSS checks so that environments with untrusted authors can be more secure - many thanks to Hanno Böck for addressing this. Most importantly, an issue with XSS attacks within received trackbacks has been discovered by Peter Hüwe and was fixed.

The update is easy as usual, and recommended for Serendipity users - especially if you do not regularly moderate or check your incoming trackbacks.

Upgrade pointers can be found in the FAQ and is as easy as just to upload the new files.

Have fun!

Trackbacks

Trackback-URL für diesen Eintrag

  • Keine Trackbacks

Kommentare

Ansicht der Kommentare: (Linear | Verschachtelt)

Hokey am um :

Nice! Thanks a lot for all the work!

maxfli55 am um :

Danke Garvin...der Zeitpunkt passt: neuer webspace & neue s9y-version!

JCG am um :

Great job! Thanks a lot for 1.3 Final!

Upgrading (from 1.2.1) was very smooth. Like always. :-)

Robert am um :

Thx Garvin and the s9y-Team!

Especially the improved pingback support is something I will certainly love! As my S9y Version is currently pretty old with this update I will find many new features to s9y, that are actually not new ;).

Rob A am um :

Thx Garvin!

Is there another post in the forums that explains the sparticus FTP mode and back end in greater depth?

-Rob A>

Bernd am um :

Yes great Work Guys ! Thanks !

macdet am um :

Yes, great. I stumble opften :(but that great!

Sascha am um :

Fine, maybe now more people should change from Wordpress to s9y! :)

Robert am um :

Thanks a zillion. Upgrading worked without any flaw.

Kommentar schreiben

Die angegebene E-Mail-Adresse wird nicht dargestellt, sondern nur für eventuelle Benachrichtigungen verwendet.

Um maschinelle und automatische Übertragung von Spamkommentaren zu verhindern, bitte die Zeichenfolge im dargestellten Bild in der Eingabemaske eintragen. Nur wenn die Zeichenfolge richtig eingegeben wurde, kann der Kommentar angenommen werden. Bitte beachten Sie, dass Ihr Browser Cookies unterstützen muss, um dieses Verfahren anzuwenden.
CAPTCHA

BBCode-Formatierung erlaubt
Markdown-Formatierung erlaubt