serendipity_event_freetag: Plugin update, XSS bug

Thanks to Stefan Schurtz, who reported a XSS issue in the serendipity_event_freetag plugin (SSCHADV2011-004). The issue was fixed in version 3.22 of the plugin, you can fetch the update through Spartacus or download via

The bug was introduced in version 3.20 of the plugin. Users of the plugin should upgrade, as it allows malicious users to trick people into visiting a specially crafted link on your blog to steal cookie login information for example, if you click on such a link.

New Plugin: Disqus comments

Even though the comment integration is easily integratable inside a serendipity template already, the need for a specific plugin was raised on the forums.

serendipity_event_disqus is now available on Spartacus and provides exactly this - a plug and play component to enable disqus comments on your blog, and it even allows you to only use this system for more recent blog entries, so that your old comments can be preserved.

Currently the plugin hides the Serendipity-internal comments and trackbacks through CSS. The plugin provides instructions on how to modify that, if you have a custom template.

Have fun using the plugin, and if you have issues or recommendations for it, feel free to discuss this on the Serendipity forums. :-)

Podcast plugin update

The podcast plugin has recently been improved to offer a much more flexible configuration with custom player and HTML5 audio/video support. The flowplayer has been added as a new, more flexible flash-video player replacement.

You can now specify custom feed options, and the RSS podcast format should now be iTunes compatible., as well as the Flowplayer replacement for Flash-Videos. Also, custom feed options that you can add to the RSS-Feed (rss.php?podcast_format=XXX) allow you to filter the enclosures only to specific file extensions.

The update should be compatible to older versions so that you can simply use the new features. If you customized any of the player files, you can now do that much easier through the configuration; be sure to backup any files you might have changed before upgrading.

Please report any issues you might have with this updates on the forums!