Serendipity 2.1.4 and 2.2.1-alpha1 released

Two new releases have been issued today. 2.1.4 is a security fix release which addresses these issues:

  • Security: Fix XSS for pagination, when multi-category selection is used. Thanks to Brian Carpenter (geeknik) and Hanno Boeck!
  • Minor code fixes (proper PHP escaping for 'orderkey' SQL statement)
  • Skeleton, Timeline and Clean Blog templates: Add theme option to disable google webfonts
  • Link to https s9y.org pages

The 2.2.1-alpha1 release addresses a few larger changes in Serendipity. These are the key points of the release:

  • PHP 7.2 support (including a new autologin token system and bcrypt password hashing)
  • Add function to add multiple images to an enty at once, creating a gallery
  • Added a maintenance mode option
  • Upgrade Smarty to 3.1.32
  • Bootstrap4 adaptations
  • Fixes for plugin drag'n'drop
  • Improvements to the p-mode of nl2br plugin
  • Ability to create responsive image thumbnails
  • Improvements to local caching
  • Rework of moving media items (work in progress)

We would love to get feedback from our users. Be sure to try out the new release only on test/development blogs yet. If you absolutely want to test it on production blogs, make sure to have a backup available.

Both releases can be downloaded from our GitHub release page.