Serendipity 2.0.1 released
Serendipity 2.0.1 has just been released. This is the first maintenance release which fixes a couple of minor issues, and one security-related issue where improper escaping of category names can lead to a possible XSS attack. This atnly be performed by authenticated editors, so we consider it medium-impact. If you run a multi-user blog with untrusted authors, you are urged to upgrade to the new release. Many thanks to Edric Teo for reporting this issue to us, which could then be fixed within the same day.
Some other notable bug fixes are:
- Support for user.css backend CSS additions, without needing to edit the 2k11 backend theme.
As usual the complete list of changes can be see in our docs/NEWS-file. Upgrading is simple as always: Download the release, unpack, upload, say hi to our upgrader, done.
Trackback-URL für diesen Eintrag
- Netz - Rettung - Recht am : Serendipity 2.0.1
- Dirks Logbuch am : Serendipity 2.0.1 ...
Ansicht der Kommentare: (Linear | Verschachtelt)
Hanno am um :
Does this issue also affect older versions (1.7.x) of serendipity?
And more generally: Are 1.7 versions to be considered not security supported in general and thus should all users of older versions upgrade to 2.x?
Tom De Pellet am um :
Thanks for this update of serendipity, I really appreciate it.
Greetings Tom De Pellet