Serendipity 2.1.3 released

This release addresses several security issues that have been reported to us by Hanno Boeck, Brian Carpenter, oreamnos and Julio Cesar. Many thanks for this!

More specifically:

  • Ensure URL parameter casting for RSS and blog entry limits to prevent possible SQL injection inside the LIMIT statement part Prevent XSS in the "Edit entries" panel
  • Prevent sending comment notifications to more than one email address
  • Disable exit.php-Tracking for open URL redirection, unless the trackexits plugin is specifically configured to do so
  • The release also addresses a new feature for a "legal" plugin property bag attribute (usable for GDPR/DSGVO plugin information) and by default disables subToMe service to prevent GDPR issues.

    Simply download the release and update your blog.

Trackbacks

Trackback specific URI for this entry

  • No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed