Serendipity 1.0.2 and 1.1-beta5 released

Time again for a new release!

Serendipity 1.0.2 mainly features a XSS injection attack on the admin backend which could happen if registered authors can be tricked into following a specially crafted URL. This bug was detected by the ever-restless Stefan Esser, many thanks for notifying us. Users of previous version of Serendipity are urged to upgrade to be secure. Note though that this bug requires your own interaction and thus exploits of this depend on how well you can stay away from clicking links that you do not know what they do exactly. ;-)

Serendipity 1.1-beta5 features the following new changes since 1.1-beta1:

  1. Prevent XSS backend injection attack (see above)
  2. Themes can now support custom amounts and positions of any number of sidebars (top, bottom, left, right etc.) (more)
  3. Usergroups can now configure which plugins/events a group is allowed to execute (more)
  4. Added the options to use HTTP-Authentication for your login, which enables you to use secured RSS-Feeds with login credentials
  5. Some permalinks oddities when using % in URLs and some other minor fixes

Serendipity 1.1 is getting very close to getting finalized (targets mid-December). New major features will be added to a 1.2 version branch, so expect no more major changes here. Please help us by trying out the latest version and report bugs/issues!

Upgrading is easy as ever: Download, unpack, go to your Admin panel, done. Read more here: Serendipity FAQ. The download is available here: Serendipity Download Page

Have fun!

Trackbacks

Trackback-URL für diesen Eintrag

Kommentare

Ansicht der Kommentare: (Linear | Verschachtelt)

David am um :

Hello,

I run 1.1-beta1 and upgrade to 1.1beta5 and I can't connect to admin now... Any idea ?

David.

David am um :

forget my previous comment... I close Firefox and start it again, and the authentication works. David.

Kommentar schreiben

Die angegebene E-Mail-Adresse wird nicht dargestellt, sondern nur für eventuelle Benachrichtigungen verwendet.

Um maschinelle und automatische Übertragung von Spamkommentaren zu verhindern, bitte die Zeichenfolge im dargestellten Bild in der Eingabemaske eintragen. Nur wenn die Zeichenfolge richtig eingegeben wurde, kann der Kommentar angenommen werden. Bitte beachten Sie, dass Ihr Browser Cookies unterstützen muss, um dieses Verfahren anzuwenden.
CAPTCHA

BBCode-Formatierung erlaubt
Markdown-Formatierung erlaubt