Serendipity 2.0.5 is a maintenance security release which addresses these issues:
- [Security] Improve preventing fetching local files, thanks to Xu Yue.
- [Security] Prevent XSS in adding category and directory names, thanks to Edric Teo @smarterbitbybit, CVE-2016-9681.
Alongside a new Serendipity 2.1-beta3 version has been released, with the same fixes plus some more progress on the road to the 2.1 release.
Simply upgrade by unpacking and uploading the release file and confirming our web-based upgrader.