Serendipity 2.3.0 released

We are very happy to present Serendipity 2.3.0, our new stable version, after more than two years of work.

Along with it, we have released Serendipity 2.1.6, most probably the last bugfix release for our old 2.1.x branch.

Serendipity 2.3.0 ...

  • ... has support for PHP 7.2 and 7.3 (minimal version is now PHP 7.0)!
  • ... will upgrade Smarty to 3.1.33!
  • ... has many updates and bug fixes to the media manager, adding a gallery function and responsive thumbnails!
  • ... uses voku/simple-cache for its internal cache!
  • ... has a new maintenance mode option!
  • ... will now receive multiple trackbacks and pingbacks!
  • ... has improved plugins, e.g. the nl2br plugin!
  • ... changed some installation defaults!
  • ... includes lots of other accumulated (security) fixes!

Please see the release statement on GitHub for more details.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

Serendipity 2.3.x will be our new stable branch; development will continue on Serendipity 2.4.

Many thanks to all our contributers, theme and plugin developers, all you bug reporters and testers and forum users! Without your help this would not have been possible.

We are happy to hear your feedback about our new release - as always - on our forums!

Serendipity 2.3 - First Release Candidate published!

We are happy to announce the availability of the first (and hopefully last) Release Candidate for Serendipity 2.3.

Please test it, if you can, especially on current PHP installations (PHP 7.2 up to PHP 7.4), and report all errors and (PHP) warnings. We feel comfortable with suggesting you to try out this release in a production environment, as long as you make a backup of your database and files first, as you should always do.

Serendipity 2.3 ...

  • ... has support for PHP 7.2 and 7.3 (minimal version is now PHP 7.0)!
  • ... will upgrade Smarty to 3.1.33!
  • ... has many updates and bug fixes to the media manager, adding a gallery function and responsive thumbnails!
  • ... uses voku/simple-cache for its internal cache!
  • ... has a new maintenance mode option!
  • ... will now receive multiple trackbacks and pingbacks!
  • ... has improved plugins, e.g. the nl2br plugin!
  • ... changed some installation defaults!
  • ... includes lots of other accumulated (security) fixes!

Please see the release statement on GitHub for more details.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

We are happy to hear your feedback about this release candidate on our forums! Thanks on behalf of the dev team.

Serendipity 2.1.5 released

This bugfix release Serendipity 2.1.5 contains fixes for security issues and some bug fixes backported from our recent 2.3-beta1 release:

  • Fix XSS in Editor Preview by interpreted EXIF tags (thanks to Hanno Boeck!).
  • Fix XSS in Media Library by interpreted EXIF tags (thanks to Hanno Boeck!).
  • Fix mispositioned button in media db directory list.
  • Change default for comment subscription to full text.
  • Display errors if comment coulnd't be deleted.
  • Make it easier to drag plugins to other column.
  • Add fallback for broken JS in configuration screens.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

Serendipity 2.3-beta1 released

Greetings from #s9ycamp2019! The first beta of Serendipity 2.3 has been released and we are happy for people to test our latest changes.

The main focus of Serendipity 2.3 is ensuring compatibility with PHP 7.2 and 7.3, some improvements to the media library (Image gallerys in entries! Responsive images!) as well as the usual bugfix here and there. Please see the release statement on GitHub for more details.

We are happy to hear your feedback about this beta release on our forums! Thanks on behalf of the dev team.

Serendipity 2.1.4 and 2.2.1-alpha1 released

Two new releases have been issued today. 2.1.4 is a security fix release which addresses these issues:

  • Security: Fix XSS for pagination, when multi-category selection is used. Thanks to Brian Carpenter (geeknik) and Hanno Boeck!
  • Minor code fixes (proper PHP escaping for 'orderkey' SQL statement)
  • Skeleton, Timeline and Clean Blog templates: Add theme option to disable google webfonts
  • Link to https s9y.org pages

The 2.2.1-alpha1 release addresses a few larger changes in Serendipity. These are the key points of the release:

  • PHP 7.2 support (including a new autologin token system and bcrypt password hashing)
  • Add function to add multiple images to an enty at once, creating a gallery
  • Added a maintenance mode option
  • Upgrade Smarty to 3.1.32
  • Bootstrap4 adaptations
  • Fixes for plugin drag'n'drop
  • Improvements to the p-mode of nl2br plugin
  • Ability to create responsive image thumbnails
  • Improvements to local caching
  • Rework of moving media items (work in progress)

We would love to get feedback from our users. Be sure to try out the new release only on test/development blogs yet. If you absolutely want to test it on production blogs, make sure to have a backup available.

Both releases can be downloaded from our GitHub release page.

serendipity_event_freetag: Security update

Together with the security-release of Serendipity 2.1.3, a possible SQL injection has been reported in the serendipity_event_freetag plugin, reported by Brian Carpenter (geeknik) and Hanno Böck. Many thanks for reporting this.

The issue has been fixed in version 3.69 of the plugin which you can install through Spartacus (or manually).