Two new releases have been issued today. 2.1.4 is a security fix release which addresses these issues:
- Security: Fix XSS for pagination, when multi-category selection is used. Thanks to Brian Carpenter (geeknik) and Hanno Boeck!
- Minor code fixes (proper PHP escaping for 'orderkey' SQL statement)
- Skeleton, Timeline and Clean Blog templates: Add theme option to disable google webfonts
- Link to https s9y.org pages
The 2.2.1-alpha1 release addresses a few larger changes in Serendipity. These are the key points of the release:
- PHP 7.2 support (including a new autologin token system and bcrypt password hashing)
- Add function to add multiple images to an enty at once, creating a gallery
- Added a maintenance mode option
- Upgrade Smarty to 3.1.32
- Bootstrap4 adaptations
- Fixes for plugin drag'n'drop
- Improvements to the p-mode of nl2br plugin
- Ability to create responsive image thumbnails
- Improvements to local caching
- Rework of moving media items (work in progress)
We would love to get feedback from our users. Be sure to try out the new release only on test/development blogs yet. If you absolutely want to test it on production blogs, make sure to have a backup available.
Both releases can be downloaded from our GitHub release page.