Serendipity 2.3.4 released (security update)

Just a few days after Serendipity Camp and our last patch release we have to release Serendipity 2.3.4, fixing a security flaw (present on Windows installations only and exploitable only for users with upload rights on the Media library).

Unfortunately, it was possible to upload a malicious file "file" (e.g. a PHP script or other executable content) without a file extension and then rename it afterwards to "file.php" on Windows. Thanks to Junyu Zhang for spotting and reporting this!

As we had to do a patch release anyway, we added some other fixes around Media Library file renaming and improved the display of installable plugins by adding the plugin source (Spartacus, bundled with Serendipity core or local).

Please see the release statement on GitHub for more (technical) details.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

Please do install the update on Windows systems running Serendipity due to the security fix.

Greetings from #s9ycamp 2020 (virtual edition)

As every year since 2015, we'd already booked our rooms at the Linux-Hotel located in Essen (Germany) for our community meeting and developer retreat Serendipity Camp (or sy9camp for short).

We were looking forward to this great event very much, but unfortunately we had to cancel our plans to #flattenthecurve.

Meeting online instead at Essen.

So we decided to have a virtual meeting instead. It's not the same, especially as we were limited to audio only due to bandwith constraints, and we missed the chatter at breakfast and some deep thoughts over a glas (or two) of wine in the evenings, but we got something done nevertheless.

  • Serendipity 2.3.3 has been released (after fixing some last bugs).

  • We moved this blog and some of our infrastructure to a new host, getting the Spartacus build process unstuck and moving to PHP 7.2 and a current version of s9y here.

  • And we made some progress on our plans for Serendipity 2.4, our next feature release!

Stay tuned - and if you want to drop by for our next camp, please see the forums and the camp info page (currently German only).

Serendipity 2.3.3 released

About half a year after our last patch release we present Serendipity 2.3.3, the next bugfix release for our current stable branch.

We made some small changes and fixed some bugs in our Media Library (including a nasty bug where renaming a file using an already existing file name deleted both files). We don't show non-existing (empty) archive pages any longer and don't render the whole page when just some JS should be rendered, speeding things up a bit. Deleting trackbacks from the frontend - when logged in - should now work again, and (last but not least) we updated some bundled plugins: serendipity_event_mailer got some enhancements (you can add an introductory text to the generated mails and send them not just when publishing your entry, but for each change, too), serendipity_plugin_comments won't add spurious whitespace in the middle of words any more, and serendipity_event_bbcode has now (working) support for roman numerals in ordered lists.

Please see the release statement on GitHub for more (technical) details.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

And please don't hesitate to report bugs in our forums!