Releases · s9y/Serendipity

28 Nov 14:53

2.0.5

787546d

Serendipity 2.0.5 and 2.1-beta3 released

Serendipity 2.0.5 is a maintenance security release which addresses these issues:

* [Security] Improve preventing fetching local files, thanks to
  Xu Yue.

* [Security] Prevent XSS in adding category and directory names, 
  thanks to Edric Teo @smarterbitbybit.

Alongside a new Serendipity 2.1-beta3 version has been released, with the same fixes plus some more progress on the road to the 2.1 release.

Simply upgrade by unpacking and uploading the release file and confirming our web-based upgrader.

(MD5: ea6034d854f5f74a3e472f7f7122bf3f)

Assets 3

26 Sep 08:48

garvinhicking

2.0.4

55d0cc2

Serendipity 2.0.4 and 2.1-beta2 released

Serendipity 2.0.4 is a maintenance security release which addresses these issues:

* [Security] Prevent moving files by using their directory name.
  [Security] Possible SQL injection for entry category assignment
  [Security] Possible SQL injection for removing&adding a plugin

  All issues require a valid backend login.
  Thanks to Hendrik Buchwald for finding this via their
  RIPS source code analyzer (www.ripstech.com)

* [Security] Add new configuration option to enable fetching 
  local files for the media uploader. By default this is now
  disabled to prevent Server Side Request Forgery (SSRF).
  Thanks to Xu Yue for pointing this out!

Alongside a new Serendipity 2.1-beta2 version has been released, with the same fixes plus some more progress on the road to the 2.1 release. Features like these have been added:

* New API wrapper for URL downloads that plugins can use (serendipity_request_url)
* Added new Theme "Skeleton" (responsive, mobile first)
* Improved preview iframe handling
* Changes (simplifications) in template file routing for backend/frontend views, new smarty {getFile} function for theme authors

Simply upgrade by unpacking and uploading the release file and confirming our web-based upgrader.

(MD5: edf8bf832bd1835fb4f769b682d37514)

Assets 3

08 Jun 07:28

garvinhicking

2.1-beta1

fb7896b

Serendipity 2.1-beta1

The first beta of Serendpity 2.1 has been released and we are happy for people to test our latest changes.

The main focus of Serendipity 2.1 are rewrites in some older legacy parts of the core (URL routing, template fallback chain, experimental internal caching) as well as PHP7 compatibility.

Other notable changes include:

New bundled responsive themes "Timeline" and "Clean-Blog"
Improved usability of plugin upgrades by combining sidebar and event plugins and upgrading multiple plugins at once
Permission checks for the dashboard output and comments
Usability improvements to the media library, bulk moving support

The full list of changes can be found as usual in our docs/NEWS file.

We are happy to hear your feedback about this beta release on our forums (http://board.s9y.org/)!

Assets 2