Serendipity 2.0.1 released

Serendipity 2.0.1 has just been released. This is the first maintenance release which fixes a couple of minor issues, and one security-related issue where improper escaping of category names can lead to a possible XSS attack. This atnly be performed by authenticated editors, so we consider it medium-impact. If you run a multi-user blog with untrusted authors, you are urged to upgrade to the new release. Many thanks to Edric Teo for reporting this issue to us, which could then be fixed within the same day.

Some other notable bug fixes are:

  • Report errors, if inclusion of JavaScript files may throw PHP errors to help in diagnosing an installation
  • Support for user.css backend CSS additions, without needing to edit the 2k11 backend theme.
  • Some JavaScript fixes for the backend, better theme fallback methods.

As usual the complete list of changes can be see in our docs/NEWS-file. Upgrading is simple as always: Download the release, unpack, upload, say hi to our upgrader, done.

Serendipity Camp 2015 and the near future of Serendipity

This weekend marked the first time a couple of developers and users finally shared a room and their faces with each other. We hope this was only be the first time, and will be repeated at least annually.

Our goal for this weekend was to connect names to faces, get to know each other and discuss the past and future of Serendipity. Seen from both viewpoints, users and developers.

Luckily, the kind people of the Linuxhotel in Essen (Germany) have a great offer for OpenSource projects like us: comfortable rooms, food, wifi and a special ambience for a price that is hard to beat. Thanks so much for having us!

Also, the city of Essen was a good middle ground for most of our people to meetup (from left to right):

Continue reading "Serendipity Camp 2015 and the near future of Serendipity"

Serendipity 2.0 released

After a long time of work, the Serendipity team is very proud to announce the final version of Serendipity 2.0.

This blog posting re-iterates the initial 2.0-beta release announcement. On top of these things, changes since the last release candidate contains minor bugfixes for CSS issues, filtering entries in the backend, further PHP 5.6 compatibility improvements and a few other things that are noted in the NEWS-file of the release.

Our main goal for Serendipity 2.0 was to clean up our backend structure, both in terms of coding and especially in terms of design and usability. We firmly believe to now be at a point where we want to show off our hard endeavours, and feel Serendipity 2.0 can now be properly used.

The new Backend

The most striking difference on the new Serendipity version will be the look of our new backend, patterned to match the 2k11 theme that you might already know from its frontend. We have replaced our old default backend theme with the new one. It looks fresh, is responsive, but still both easy to use and offering flexible customization.

In the technical structure of the backend, we have ported all output from internal PHP code to the Smarty template files, so everything you see is now much better separated from the underlying PHP code. Even though this enables our users to actually create their completely own backend-themes, we will NOT provide easy upgrading of the backend to customized themes. Every developer who adapts the backend will have the responsibility to adapt his theme to newer Serendipity versions. The reason for that is that we need to stay flexible with our backend and be able to add new features without thinking about compatibility to custom backend themes. However, we will try to modify backend template files with care, and always think about compatibility, an integral part of Serendipity.

Have a look at a few screenshots covering the new design:

Screenshot of Section: Plugins
Section: Plugins
Screenshot of Section: Comments
Section: Comments
Screenshot of Section: Dashboard
Section: Dashboard
Screenshot of Section: Entry-Editor
Section: Entry-Editor
Screenshot of Section: Media-DB
Section: Media-DB
Screenshot of Section: Themes
Section: Themes

Also there's a video tour available showcasing the backend, made by YellowLed:

Youtube Link

Here's a small feature list of the new backend:

  • Responsive theme, usable for desktop, tablet and mobile devices

  • Uses off-canvas navigation for small screens

  • A new frontpage (aka "Dashboard") shows you the most notable things on your blog

  • A redone navigation tries to structure the backend tasks in a better way

  • "Themes" is now the definitive word, where we previously used "Template", "Style" or "Theme". We're committed to stick with this now. ;-)

  • The bundled WYSIWYG editor has been changed to CKEditor, offering a more modern and flexible approach to easily edit your blog entries. The TinyMCE-Plugin only works with TinyMCE 2.x, since recent TinyMCE versions have changed too much of their API to adapt to. If there's some developer who like to add support for TinyMCE 3.x+, we'd be happy to help. The FCKEditor plugin has been outdated by CKEditor. So the currently available alternate option to CKEditor is serendipity_event_xinha, which provides basically the old editor - however, we really suggest you to use the bundled CKEditor, or its sibling serendipity_event_ckeditor, which provides the best integration. Since the WYSIWYG-implementation has been reworked, please report issues you might find with this.

  • The current Theme options now have their own configuration page. Also frontend and backend themes can now be chosen independently.

  • The entry editor now keeps a safety backup of your blog postings while writing them. If the browser crashes or you accidentally close the browser window, the next time you create a new entry, the saved content will be shown there.

  • A new option "simple filters" allows you to make filtering options for the media database or entry manager appear more focussed. You can still access the "power-user" filtering options, if this option is disabled. Simple filters are now by default enabled.

  • A conservative but thorough rework of the Media Library, with bigger thumbnails by default, nicer filter, fast type selection (Image/Video/Others), and use of an overlay for display the media item

  • Uses Modernizr for HTML5/CSS3 compatibility and feature detection.

  • Uses jQuery libraries: AccessibleTabs, MagnificPopup, Sortable, Cookie, Autoscroll, syncHeight

Core changes

In the PHP core, we restructured code and removed some older cruft. We introduced the ability to use Composer for packaging our external libraries, however those are still bundled within our repository, so that users who check out Serendipity do not need to care about installing or using Composer themselves.

We also added the opportunity to use the Zend::DB database framework. We still provide our own, simple Database API - available for PostgreSQL (PDO&native), MySQL, MySQLi, SQLite (PDO&native). The new Zend:DB framework can currently only be enabled by developers, but we will work in improving this layer so that it can be chosen during installation. If it works, this will then enable you to use any other database engine that is supported by Zend::DB.

A few things should be noted for plugin developers to take note off. If you have created custom plugins, you might need to take care of those changes. All available Serendipity Spartacus repository plugins have already been touched up to work together with Serendipity 2.0 already. Changes are:

  • JavaScript functions offered by the backend have been renamed:

    • SetCookie() to Serendipity.SetCookie()

    • spawn() to Serendipity.spawn()

    • The addLoadEvent() function is unchanged for important BC

    • All functions of serendipity_editor.js have been put into the "Serendipity" scope, so use Serendipity.getSelection() now instead of getSelection()

  • The static serendipity_editor.js file has been removed and is now part of the backend theme itself, and can be parsed by Smarty (templates/2k11/admin/serendipity_editor.js.tpl, with templates/default/admin/serendipity_editor.js as a fallback for other backends). It is automatically included in the backend.

  • The bundled and integrated jQuery no longer uses the noConflict mode in the backend.

  • The $serendipity["eyecandy"] option for advanced javascript usage has been removed. JavaScript is now everywhere, but we always provide fallback usage - the backend should also still work (of course with reduced functionality) without JavaScript enabled. But come on, it's 2014.

  • A new API function serendipity_smarty_show() is available to easier parse and return a template file

  • Internal serendipity functions that previously echo'd output now consistently always return the content.

  • The internal plugins that we stored in include/ now properly reside as individual plugin directories in the plugins/ directory tree. This allows us to possible maintain core plugins also through spartacus, to push updates to those plugins without needing to wait for new Serendipity releases. An upgrader task migration makes sure that the renamed plugins on the installation will be migrated to the new names.

  • A new plugin API event hook "js" has been introduced, similar to the "css" hook it can provide plugins an easy way to inject their JavaScript to a central file.

  • Internal JavaScript has been adapted to make use of jQuery's ease of use and creates leaner and more readable code.

  • The entryproperties-Plugin will now purge it's cache when it is uninstalled.

  • A new section called Maintenance now bundles administrative tasks like import, export on its own dashboard. This new section now also enables admins to purge compiled template files.

Compatibility Changes / Theme developer information

The support for themes using "layout.php" has finally been removed. Themes have not used this for ages, since Smarty was added to Serendipity. Previously the file added it's own "workflow" to the frontend display of entries, but that can be solved much easier through Smarty and a theme's now.

All new backend admin Smarty files can currently be found in templates/2k11/admin/. The alternate XML/XSLT and PHP templates (templates/default-xml, templates/default-php) are still proof-of-concept. Those themes use a "" file to allow substituting the Smarty template API to a custom one. An example for that can be found in include/ - however this API is so rarely used, that we did not yet properly test it with Serendipity 2.0 and our Smarty3-Framework. Theoretically it still works. So anyone who actually uses it, please tell us if you find issues with it.

A couple of new language constants have been added. If you are a translator, please check the lang/ file of your own language (also the file in the UTF-8 subdirectory) and contribute translations. Be also aware that we plan to soon rephrase some of the language constants currently used in 1.7, which will be put to the bottom of the language file for translators to check if they still match properly.


Accompanying Serendipity 2.0 is our new tool Metatron which can perform a number of administrative tasks on the command line. Still in its early stages, Metatron can be helpful for administrators and Serendipity developers. It currently prints out a lot of information about a Serendipity installation, flushes the file cache, and can be used to moderate comments. More features are planned according to user feedback. Metatron is based on the Symfony2 Console component.


Upgrading to Serendipity 2.0 from older versions still works the same like in any other upgrade. Before you upgrade, you should make sure to update all used plugins, so that they work fine with Serendipity 2.0. If you do hit problems, have suggestions or get errors, please do report them on the Serendipity Forums ( If you are using your blog from a github "master" checkout, this now represents our development branch for a future 2.1 version, on top of that the branch "2.0" (that existed before for the development) will be maintained for future 2.0.x patch versions. Check out this board posting about commit policy for information.

Serendipity 2.0 requires at least PHP 5.3.

Many, many thanks to the team (in no specific order): onli, YellowLed, mattsches, Ian, and many users on the forums giving feedback and their testing.

Serendipity 2.0-beta3 release

The Serendipity Team has made good progress on the road to the 2.0 final release. We have tackled issues reported on our Github Issue-Tracker. There are still a few ones left open, especially still dealing with the CKEditor and plugins being adapted to the new look and feel of Serendipity 2.0's default theme. But we feel confident to have reached a stage where the current work is much more usable than beta2, so we urge users of that release to upgrade to beta3.

The main changes of beta3 are:

  • Create a distinction of backend and frontend themes. They can now be chosen independently, and we have introduced theme compatibility to make it easy for developers to create their own backend theme by falling back on the default template files the new 2.0 theme provides.

  • The syndication plugin has been upgraded to provider clearer options, and moves several configuration items into the global serendipity configuration (like custom feed URL forwarding).

  • fixes bugs in thumbnail creation.

  • added optional toggle for users to either pick modal layers (i.e. for the media database) or popup windows

  • Use browser cache to store blog entries, so a browser crash lets you restore those. Replaces the now incompatible autosave plugin.

  • other issues that are mostly interesting to developers or interested people are listed in the docs/NEWS file of this release.

Please give us feedback on this new beta which can be downloaded at the Download-section. We will address the outstanding issues and put up a final release candidate before the actual 2.0 release.

Have fun and a nice summer :-)

Serendipity 1.7.5 released

As promised, we just released a minor maintenance release 1.7.5 that addresses a singular bug with the textile plugin preventing some plugin operations, but only on PHP < 5.3 servers. So if you are running a recent PHP version (like you should...) you will be unaffected by this issue and don't need to upgrade.

The only other change to the previous release is that the spamblock plugin will now add required fields to comments (the comment and the comment's author) when installed for the first time.

Have a nice weekend and greetings from our team :)

Serendipity 1.7.4 released

Serendipity 1.7.4 has just been released, addressing a few PHP 5.3+ compatibility issues for plugins and libraries, the most relevant changes are::

  • Updated textile plugin for PHP 5.3+ compatibility
  • Updated spamblock captcha creation for PHP 5.3+
  • Updated Smarty library
  • Improved .htaccess "deny" method for the Spamblock plugin

You can upgrade as usual by downloading the release files and uploading them to your webspace.

PLEASE NOTE - Due to a bug in the textile plugin, it currently requires PHP 5.3 to operate. Also, loading the list of plugins in environments with PHP < 5.3 can fail. We are working on an update and will release this fix in 1.7.5.

Have fun using Serendipity, and thanks to users who report issues like these to the forums, and of course to our hardworking developers like Yellowled, mattsches, onli and Ian who quickly address these issues (says Garvin, who was on winter vacation *g*).