Serendipity 2.5.0 released (Maintenance and security)

We are very happy to announce the availability of the final release for Serendipity 2.5.0, our new stable version! 2.5.0 contains the changes that were part of the 2.5-beta1, plus some additional changes.

With this version 2.5.0, Serendipity works with PHP 7.4 up to and including PHP 8.2. We also got positive reports about the compatibility with PHP 8.3, but this newest PHP version is not yet officially supported by us. The compatibility with PHP 8.2 is the main purpose of this release.

In this version, we further worked on how the bundled dependencies are managed. They got updated for PHP 8.x support, including some legacy dependencies where it was missed before, and more of them are now managed by the dependency management system composer. For those changes the file placement under bundled-libs/ has changed a bit, with wrappers added for compatibility. Despite those wrappers for backwards compatibility, authors of custom plugins that relied manually on files under bundled-libs/ are advised to check that their plugins still work.

The release contains some additional changes to 2.4.0, like bundling the webfonts used by the default theme 2k11, to avoid legal issues in Germany, fixes for an incompatibility with MySQL 5.7, fixes for the usergroup permission display and an improved russian translation.

It also fixes a potential security issue discovered for this project by @hannob, by removing the prior included composer.phar. That file was only useful for developers, but could be misused in some specific server environments. Though the necessary conditions for the attack are not a given, since this is a security fix a timely upgrade to 2.5.0 is highly recommended to all existing serendipity installations. As another possible mitigation, you can safely delete the file "composer.phar" in your root directory.

Upgrade hints: If you see errors when extracting this release archive that mention bundled-libs/, delete said folder in your old installation and extract the archive again. If you run an older version of serendipity than 2.4.0 and/or if you are not using PHP 8.x yet, please have a look at the PHP 8 upgrade guide.

If you encounter bugs, please report an issue here at Github or open a thread in our forum. The forum is also the right place for general questions and support.

The project thanks all contributors to the release, including the testers and issue reporters.

MD5: 1dfb1f34483038179ac511666de60b8f

Link: https://github.com/s9y/Serendipity/releases/tag/2.5.0

Trackbacks

Trackback-URL für diesen Eintrag

  • Keine Trackbacks

Kommentare

Ansicht der Kommentare: (Linear | Verschachtelt)

Noch keine Kommentare

Kommentar schreiben

Die angegebene E-Mail-Adresse wird nicht dargestellt, sondern nur für eventuelle Benachrichtigungen verwendet.

Um maschinelle und automatische Übertragung von Spamkommentaren zu verhindern, bitte die Zeichenfolge im dargestellten Bild in der Eingabemaske eintragen. Nur wenn die Zeichenfolge richtig eingegeben wurde, kann der Kommentar angenommen werden. Bitte beachten Sie, dass Ihr Browser Cookies unterstützen muss, um dieses Verfahren anzuwenden.
CAPTCHA

BBCode-Formatierung erlaubt
Markdown-Formatierung erlaubt