Serendipity 1.5.4 released

Serendipity 1.5.4 has been released and addresses some minor bugfixes as well as a XSS security issue discovered and reported by High-Tech Bridge. The XSS is only exploitable though, if you are using the "Remember me" feature in the Serendipity backend to login. Thanks to the quick notification by the team we were able to fix the issue within 24 hours, as with all past security issues.

The XSS-issue can easily be patched by only replace the file include/functions_config.inc.php with the new file (link), or by applying this patch.

Other bugfixes that come with the new Serendipity 1.5.4 release are:

  • Fix PHP 5.3.2 parse error in a file, thanks to fyremoon
  • Fix SQL query statement for deleting a category, which on some DB types (SQlite) might not return "true" and thus not really delete the category.
  • Include license output in plugin listing
  • Fix escaping when using ImageMagick to create PDF-thumbnail images
  • Add new template variable to feed*.tpl files to support new plugins like pubsubhubbub, so that plugins can embed data to the main XML element

The latest release can be found on our SourceForge repository and on the usual place on . To upgrade from any previous Serendipity version, simply extract and upload the new files to your server.

Trackbacks

Trackback-URL für diesen Eintrag

Kommentare

Ansicht der Kommentare: (Linear | Verschachtelt)

Fabien Chabreuil am um :

Hi, I am using Serndipity 1.5.2. If I just replace the functions_config.inc.php file, the previsualisation function (in the administration)doesn't work anymore.

Best regards, Fabien

Garvin am um :

Can you specify "doesn't work anymore" more exactly? Maybe you can come to the forum for a better support facility, and we can work it out.

Fabien Chabreuil am um :

I have the following message: "Votre navigateur n'a pas envoyé un HTTP-Referer (adresse référante) valide." (Your browser didn't send a valid HTTP-Referer) If I restore the previous version of functions_config.inc.php file, every thing is OK again.

Best regards, Fabien

Hanno am um :

I have a page where the update seems to make problems. I did it like always (got some info screen with a link to "Installation aktualisieren", clicked there), but the info screen stays, though I no longer get the upgrade screen, it just links to the admin login.

See http://www.eon-abmelden.de/

Hanno am um :

Hmm, it disappeared after a while. Though I definitely tried reloading... Sorry for the noise.

Kommentar schreiben

Die angegebene E-Mail-Adresse wird nicht dargestellt, sondern nur für eventuelle Benachrichtigungen verwendet.

Um maschinelle und automatische Übertragung von Spamkommentaren zu verhindern, bitte die Zeichenfolge im dargestellten Bild in der Eingabemaske eintragen. Nur wenn die Zeichenfolge richtig eingegeben wurde, kann der Kommentar angenommen werden. Bitte beachten Sie, dass Ihr Browser Cookies unterstützen muss, um dieses Verfahren anzuwenden.
CAPTCHA

BBCode-Formatierung erlaubt
Markdown-Formatierung erlaubt