Serendipity 2.3.4 released (security update)

Just a few days after Serendipity Camp and our last patch release we have to release Serendipity 2.3.4, fixing a security flaw (present on Windows installations only and exploitable only for users with upload rights on the Media library).

Unfortunately, it was possible to upload a malicious file "file" (e.g. a PHP script or other executable content) without a file extension and then rename it afterwards to "file.php" on Windows. Thanks to Junyu Zhang for spotting and reporting this!

As we had to do a patch release anyway, we added some other fixes around Media Library file renaming and improved the display of installable plugins by adding the plugin source (Spartacus, bundled with Serendipity core or local).

Please see the release statement on GitHub for more (technical) details.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

Please do install the update on Windows systems running Serendipity due to the security fix.

Serendipity 2.3.3 released

About half a year after our last patch release we present Serendipity 2.3.3, the next bugfix release for our current stable branch.

We made some small changes and fixed some bugs in our Media Library (including a nasty bug where renaming a file using an already existing file name deleted both files). We don't show non-existing (empty) archive pages any longer and don't render the whole page when just some JS should be rendered, speeding things up a bit. Deleting trackbacks from the frontend - when logged in - should now work again, and (last but not least) we updated some bundled plugins: serendipity_event_mailer got some enhancements (you can add an introductory text to the generated mails and send them not just when publishing your entry, but for each change, too), serendipity_plugin_comments won't add spurious whitespace in the middle of words any more, and serendipity_event_bbcode has now (working) support for roman numerals in ordered lists.

Please see the release statement on GitHub for more (technical) details.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

And please don't hesitate to report bugs in our forums!