Translate plugins into your preferred language!

We have just added new German translations to 22 plugins, and you can do the same for your preferred language!

Translating Plugins

And that's actually pretty easy:

  1. Find the code for your plugin and download it.
    Most plugins are available via Spartacus; you can find them in our corresponding Github repository. The few plugins that are provided directly with Serendipity can be found in the Serendipity repository on Github in the plugins directory.

  2. Copy the English language file and rename it.
    The English language file is always called Copy the file and change the name of the copy to, where XX stands for the abbreviation of your language (in lower case). A complete list of the abbreviations can be found in our online documentation.

  3. Translate the texts into your preferred language.
    If you find examples or HTML or the placeholder %s in the English text, you should keep them.

  4. Create a UTF-8 version.
    Copy your language file into the UTF-8/ directory and convert this copy to UTF-8. If necessary, ask for advice in our Forums!

  5. Test your new translation.
    You can now upload the language files - the file in the plugin directory and the second file in the UTF-8/ subdirectory - to the plugin directory on your blog and test your new language version.

  6. Share your work with the Serendipity community!
    Send us a pull request on Github, or contact us via our Forums to send us your new translation. If the plugin you have translated is available on Spartacus, your new translation may be available to all users the next day!

"Translate plugins into your preferred language!" vollständig lesen

Announcing deprecated plugins

The s9y team has opted to deprecate a group of event and sidebar plugins and remove them from the spartacus plugin repository. These plugins use services that no longer exist, are no longer required, no longer maintained etc. We may deprecate more plugins in the future in order to consolidate our plugin base further, but they need to be tested first.

Note that you can still use these plugins if you already have them installed or install them manually, but they will no longer be available through spartacus. You could also volunteer to “save” an umaintained plugin.

See the extended entry for a full list of plugins deprecated in this “wave”.

"Announcing deprecated plugins" vollständig lesen

Serendipity Camp 2015 and the near future of Serendipity

This weekend marked the first time a couple of developers and users finally shared a room and their faces with each other. We hope this was only be the first time, and will be repeated at least annually.

Our goal for this weekend was to connect names to faces, get to know each other and discuss the past and future of Serendipity. Seen from both viewpoints, users and developers.

Luckily, the kind people of the Linuxhotel in Essen (Germany) have a great offer for OpenSource projects like us: comfortable rooms, food, wifi and a special ambience for a price that is hard to beat. Thanks so much for having us!

Also, the city of Essen was a good middle ground for most of our people to meetup (from left to right):

"Serendipity Camp 2015 and the near future of Serendipity" vollständig lesen

Update for the XML-RPC Plugin

An issue has been reported to the CMS/Blog systems Drupal and Wordpress which allows for a Denial of Service (DOS) through invalid XML injection to the XML-RPC service.

Serendipity has uncoupled the XML-RPC possibilities into an external plugin a long time ago, so an update of the core Serendipity version is luckily not available. Only users who have installed serendipity_event_xmlrpc (through Spartacus, for example) are are actually also affected by this issue, since it uses default PHP XML parsing facilities.

We have applied the same patch to the parsing routines to detect this invalid XML (see Drupal commit) to version 1.53 of the mentioned plugin. Users who have enabled this plugins should either update or remove this plugin to prevent possible DOS attacks to their servers. This version will be available in Spartacus within 24 hours, or can be downloaded manually through github: Source Link.

If the update generates problems with your valid XML-RPC calls, please report them either on our forums or in the Serendipity issue tracker on GitHub. Thanks a lot also to Ian for bringing this issue to our attention, so that we were able to provide a quick fix as well.

Spartacus infrastructure change, Developers please read

Since the core Serendipity project is now maintained on and every developer is quite happy about that, we decided to go the jquery-plugins route and delete all Serendipity plugins.

No, just kidding. We actually imported all data from the CVS servers into the github infrastructure. The short version for normal end-users: Nothing should change for you!

All current Serendipity developers also have access to those repositories to contribute code. Developers now no longer should commit code to CVS (actually, they can't, because I took all their committing karma *eg*).

The harder task for the Spartacus infrastructure service is the actual publishing of data. The Spartacus plugin operates on a PEAR-like XML format for each plugin, which luckily is automatically generated by a small shellscript which runs once daily on one of our webservers ( That script iterates on a checkout of all plugins and templates, creates the XML and uploads it to all mirror servers (currently, and now also

Downloading the files also either works via the files that are uploaded daily to and, or you always could use the server, that published the file via a nasty ViewVC oddity. The spartacus plugin of the current github core code (version 2.25) now can also retrieve those files from the servers.

For all users that currently use the Spartacus plugin with the SourceForge.Net mirror, our daily script now pushes all changes in the GitHub tree also to CVS, so that both repositories *should* be kept in sync. This is done via the and gitclone.php scripts in the additional_plugins repository, for anyone that's interested.

Most likely, something in this script won't work properly, so in the next days it might be that some glitches in the matrix can occur. In that case, please report issues and remain seated. Or buy christmas presents for your beloved. Or your beloved developers.

Security fix for flash-based cloud in Freetag plugin

MustLive discovered a HTML-injection vulnerability in the tagcloud.swf Flashfile that the Freetag-Plugin bundles and makes optionally available.

The issue is fixed in version 1.23 of the flashfile, which has now been committed to the Serendipity plugin (in version 3.30).

Since the swf-File is always bundled with the update, it is recommended to update to the latest version of the plugin for all users, or to delete that specific .swf file.

Thanks to MustLive for sharing the information with us.