Happy new Year! Serendipity 2.0.3 has just been released to address a XSS security issue found and reported by Onur Yilmaz and Robert Abela from Netsparker.com. Thanks a lot for contacting us and working with us to address the issue.
The issue only affects logged-in authors, where HTML can be inserted into the comment editing form when they click specially crafted links. Due to the required authentification we consider the issue of medium impact, but suggest everyone to perform the update.
We are currently still working on an improved s9y.org presentation page and its documentation, as well as on the 2.1 branch of Serendipity - check out our current 2.1 changelog, if you are interested and willing to help testing!
- No Trackbacks