Update effort of Serendipity 3.0

There is yet work to be done!

We are trying to move Serendipity to properly utilizing composer and being installable via composer, as well as allowing official Docker images for Serendipity, so that it can be easily tried out or maintained.

That is a lot of work, and we can use any help we get.

Please check out the GitHub issue about this and the Git Repository with README on the planned changes.

The easiest way to get in touch with us about this is via the GitHub issue, if you are interested. Cheerio, onward and upward! To Serendipity and beyond! .... the class? anyone? anyone? Bueller?

Serendipity 2.5.0 released (Maintenance and security)

We are very happy to announce the availability of the final release for Serendipity 2.5.0, our new stable version! 2.5.0 contains the changes that were part of the 2.5-beta1, plus some additional changes.

With this version 2.5.0, Serendipity works with PHP 7.4 up to and including PHP 8.2. We also got positive reports about the compatibility with PHP 8.3, but this newest PHP version is not yet officially supported by us. The compatibility with PHP 8.2 is the main purpose of this release.

In this version, we further worked on how the bundled dependencies are managed. They got updated for PHP 8.x support, including some legacy dependencies where it was missed before, and more of them are now managed by the dependency management system composer. For those changes the file placement under bundled-libs/ has changed a bit, with wrappers added for compatibility. Despite those wrappers for backwards compatibility, authors of custom plugins that relied manually on files under bundled-libs/ are advised to check that their plugins still work.

The release contains some additional changes to 2.4.0, like bundling the webfonts used by the default theme 2k11, to avoid legal issues in Germany, fixes for an incompatibility with MySQL 5.7, fixes for the usergroup permission display and an improved russian translation.

It also fixes a potential security issue discovered for this project by @hannob, by removing the prior included composer.phar. That file was only useful for developers, but could be misused in some specific server environments. Though the necessary conditions for the attack are not a given, since this is a security fix a timely upgrade to 2.5.0 is highly recommended to all existing serendipity installations. As another possible mitigation, you can safely delete the file "composer.phar" in your root directory.

Upgrade hints: If you see errors when extracting this release archive that mention bundled-libs/, delete said folder in your old installation and extract the archive again. If you run an older version of serendipity than 2.4.0 and/or if you are not using PHP 8.x yet, please have a look at the PHP 8 upgrade guide.

If you encounter bugs, please report an issue here at Github or open a thread in our forum. The forum is also the right place for general questions and support.

The project thanks all contributors to the release, including the testers and issue reporters.

MD5: 1dfb1f34483038179ac511666de60b8f

Link: https://github.com/s9y/Serendipity/releases/tag/2.5.0