Serendipity

2.5.0

(versão principal) (versão de segurança)
4 Março 2024 - 50MB2.5.0

Security

• fixes a potential security issue by removing the prior included composer.phar.
  

Bug Fixes and Changes

• Now works with PHP 7.4 up to and including PHP 8.2.
  
• Fixes for an incompatibility with MySQL 5.7.
  
• Fixes for the usergroup permission display
  
• An improved russian translation.
  

2.5-beta1

Bug Fixes and Changes

• Made code changes to be compatible with PHP 8.2, including a polyfill for strftime, see #784.
  
• Fixed a bug where the usergroup permissions were displayed incorrectly. Please ensure after upgrading that any possible custom usergroup configurations have the wanted permission settings. If you have never saved a permission group setting, you will not be impacted.
  
• Let the theme 2k11 use local font files, avoiding privacy risks (and a legal risk in Germany).
  
• Improved the russian translation.
  
• Moved several bundled libs to composer, which will make future upgrades easier.
  
• Updated smarty, HTTP_Request2, Net/DNS2 and Onyx/RSS.
  
• Added several other changes.

Continuar lendo: https://github.com/s9y/Serendipity/releases/tag/2.5.0

2.4.0

(versão principal)
21 Novembro 2022 - 50MBMajor Improvements

• PHP 8.0 (fully) and 8.1 support (partly), with PHP 8.0 being the recommended version to run Serendipity with
  
• Update of bundled libs, improving the way we use composer
  
• Fixes and extensions to the multi language system
  
• Use of full UTF8 in MySQL/MariaDB by default
  

Improvements

• Plugin update notifications in the dashboard
  
• Fixes to the .htaccess-blocking SQL statement
  
• Changes to the responsive images srcset, improving edge cases where unexpected image sizes leading lead to blurry thumbnails
  
• Rework of the error handler, resulting in this behaviour: Warnings will not be shown in production blogs, but will be properly shown in alpha versions (this was important for PHP 8 compatibility)
  
• A cleanup of the WYSIWYG configuration options, as shown in the personal settings
  
• A plethora of changes related to PHP 8 support

Continuar lendo: https://github.com/s9y/Serendipity/releases/tag/2.4.0

2.3.5

27 Abril 2020 - 50MB

• Fix: Truncate extension of media items to 5 chars which ist the max length of the corresponding database field (#609). Thanks to @mmitch!
  
• Fix: Unconditionally keep upgraded_version in plugin cache (64b5d56).
  
• Fix: Entry title in backend list of entries was double escaped (c66451e).
  
• Fix: serendipity_plugin_history would error out (and prevent display of the sidebar) since 2.3.3 (#694).
  
• Fix: Don't delete extend properties from the entryproperties plugin when publishing from dashboard or sending delayed trackbacks (#695).
  
• Fix: CKE: Don't remove <details> and <summary> elements from WYSIWYG editor (6c15c80).
  
• Fix: Don't strip HTML from comments body in serendipity_plugin_comments before serendipity_event_unstrip_tags can convert the HTML tags (#702).

Continuar lendo: https://github.com/s9y/Serendipity/releases

2.3.2

(versão de segurança)
28 Novembro 2019 - 50MB

• Fix: [SECURITY] Only allow .txt and .log files for spamblock logging. Thanks to Gary O'Leary-Steele!
  
• Fix: [SECURITY] Escape category images to avoid backend XSS (#639). Thanks to @hannob!
  
• Fix: Pagination should now really be fixed for the new default "stable archives" sorting order.
  
• Fix: Fix autologin when using MySQL (#632). Thanks to @erAck!
  
• Fix: Properly display plugin save errors after validation.
  
• Fix: The WYSIWYG editor stripped the figcaption element used for image captions.
  
• Fix: Rotating an image did not rotate all responsive thumbnails.
  
• Fix: Auto-generated mails where mangled by wrong linebreaks on some MTA (#644).
  
• Fix: Prevent PHP warnings (#638, #642).
  
• Thanks to @hannob!

Continuar lendo: https://github.com/s9y/Serendipity/releases

2.3.1

(versão principal)
20 Setembro 2019 - 50MB2.3.1

Highlights

• Fix: ML mass delete didn't work.
  
• Fix: Pagination (a feature of themes like Timeline and Bulletproof) didn't work with the new default "stable archives" sorting order.
  
• Change: Previous/next links and page numbers for archive pages with "stable archives" sorting order have been changed to match the pagination.
  
• Fix: Notices for moderated comments ("This comment needs approval before it will be displayed") didn't show (reliably) when more than one spamblock plugin was active (as these plugins mutually overwrote their "moderated" flags).
  
• Fix: Some internationalisation fixes and new German translations.
  
• New: Show links for each plugin installed from Spartacus to its Spartacus entry.
  

2.3.0

Security

• Security fixes for XSS in Editor Preview and Media Library by interpreted EXIF tags (thanks to Hanno Boeck!)
  

Highlights

• PHP 7.2 and 7.3 support - minimal PHP version is now PHP 7.0
  
• Smarty upgrade to 3.1.33
  
• Updates to the media manager and some bug fixes
  
• New function to add multiple images to an entry at once, creating a gallery
  
• Use figure/figcaption markup for media manager images with captions
  
• Ability to create responsive image thumbnails
  
• Set responsiveimages as default plugin
  
• Add rewrite to absolute url for srcsets to the feed generation
  
• Using voku/simple-cache for internal cache as bundled lib, which will allow to cache with memcached and redis instead of just on the filesystem
  
• Adding a maintenance mode option
  
• Improving the nl2br plugin
  
• Allowing to receive multiple trackbacks and pingbacks
  
• Changing (installation) defaults: disable entryproperties cache and enable internal cache, enable stable-archive option
  

Bug Fixes

• Fallback for $lang variable when configuration failed to load which evades some unuseful error messages
  
• Drop deprecated serendipity_purgeEntry function
  
• Bootstrap4 adaptations
  
• Fixes for plugin drag'n'drop
  
• Multiple minor bug fixes to core, bundled plugins and bundled themes.
  

2.1.6

Bug Fixes

• Prevent error in upgrader when $sqlfiles is NULL.
  
• Fix preview iframe in bulletproof.
  

2.1.5

Security

• Fix XSS in Editor Preview by interpreted EXIF tags.
  
• Fix XSS in Media Library by interpreted EXIF tags.
  

Bug Fixes

• Fix mispositioned button in media db directory list.
  
• Change default for comment subscription to full text.
  
• Display errors if comment coulnd't be deleted.
  
• Make it easier to drag plugins to other column.
  
• Add fallback for broken JS in configuration screens.
  

2.1.4

Security

• Fix XSS for pagination, when multi-category selection is used. Thanks to Brian Carpenter (geeknik) and Hanno Boeck!* Minor code fixes (proper PHP escaping for 'orderkey' SQL statement
  

Bug Fixes

• Sekelton, Timeline and Clean Blog templates: Add theme option to disable google webfonts
  
• Link to https s9y.org pages
  

2.1.3

Security

• Ensure URL parameter casting for RSS and blog entry limits to prevent possible SQL injection inside the LIMIT statement part
  
• Prevent XSS in the "Edit entries" panel
  
• Prevent sending comment notifications to more than one email address
  
• Disable exit.php-Tracking for open URL redirection, unless the trackexits plugin is specifically configured to do so
  

2.1.2

Bug Fixes

• Fixed a regression in Net/DNSBL regarding serendipity_event_spamblock_rbl and serendipity_event_spamblock_surbl by adding Net/DNS2 1.4.3 as a bundled library to core and patching Net/DNSBL.
  
• Fixed broken Akismet API calls
  
• Fixed comment preview for logged-in users
  
• Fixed message display after comment editing/deleting
  

2.1.1

Bug Fixes

• Rewrites in some older legacy parts of the core (URL routing, template fallback chain, experimental internal caching) as well as PHP 7 compatibility.
  
• New bundled responsive themes "Timeline" and "Clean-Blog"
  
• Improved usability of plugin upgrades by combining sidebar and event plugins and upgrading multiple plugins at once
  
• Permission checks for the dashboard output and comments
  
• Usability improvements to the media library, bulk moving support
  
• New API wrapper for URL downloads that plugins can use (serendipity_request_url)
  
• New Theme "Skeleton" (responsive, mobile first)
  
• Improved preview iframe handling
  
• Changes (simplifications) in template file routing for backend/frontend views, new smarty {getFile} function for theme authors
  
• Ability to set a default posting category for an author
  
• Improved security checks against CSRF attacks (comment moderation, comment toggling
  
• Improved security for referrer redirection
  
• Improved security for local file hotlinking
  
• Fixed sorting media database by filename
  
• Addressed some more PHP 7.1 issues, fixed bugs with missing token for installing plugins and deleting comments. We mainly tested PHP 7.0 compatibility, but PHP 7.1 should work too.
  
• Fixed displaying the proper plugin configuration value when set to false/empty.
  

2.1-rc1

Highlights

• Rewrites in some older legacy parts of the core (URL routing, template fallback chain, experimental internal caching) as well as PHP7 compatibility.
  
• New bundled responsive themes "Timeline" and "Clean-Blog"
  
• Improved usability of plugin upgrades by combining sidebar and event plugins and upgrading multiple plugins at once
  
• Permission checks for the dashboard output and comments
  
• Usability improvements to the media library, bulk moving support
  
• New API wrapper for URL downloads that plugins can use (serendipity_request_url)
  
• New Theme "Skeleton" (responsive, mobile first)
  
• Improved preview iframe handling
  
• Changes (simplifications) in template file routing for backend/frontend views, new smarty {getFile} function for theme authors
  
• Ability to set a default posting category for an author
  
• Improved security checks against CSRF attacks (comment moderation, comment toggling
  
• Improved security for referrer redirection
  
• Improved security for local file hotlinking
  
• Fixed sorting media database by filename

Continuar lendo: https://github.com/s9y/Serendipity/releases

2.1.4

(versão principal)
18 Dezembro 2018 - 27MB

• PHP 7.2 support (including a new autologin token system and bcrypt password hashing)
  
• Add function to add multiple images to an enty at once, creating a gallery
  
• Added a maintenance mode option
  
• Upgrade Smarty to 3.1.32
  
• Bootstrap4 adaptations
  
• Fixes for plugin drag'n'drop
  
• Improvements to the p-mode of nl2br plugin
  
• Ability to create responsive image thumbnails
  
• Improvements to local caching
  
• Rework of moving media items (work in progress)

Continuar lendo: http://blog.s9y.org/archives/280-Serendipity-2.1.4-and-2.2.1-alpha1-released.html

2.0.5

(versão de segurança)
6 Dezembro 2016 - 27MB

• [Security] Improve preventing fetching local files, thanks to Xu Yue.
• [Security] Prevent XSS in adding category and directory names, thanks to Edric Teo @smarterbitbybit, CVE-2016-9681.

Continuar lendo: http://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html

2.0.3

(versão de segurança)
4 Janeiro 2016 - 27MBHappy new Year! Serendipity 2.0.3 has just been released to address a XSS security issue found and reported by Onur Yilmaz and Robert Abela from Netsparker.com. Thanks a lot for contacting us and working with us to address the issue.

The issue only affects logged-in authors, where HTML can be inserted into the comment editing form when they click specially crafted links. Due to the required authentification we consider the issue of medium impact, but suggest everyone to perform the update.
Continuar lendo: http://blog.s9y.org/archives/266-Serendipity-2.0.3-released.html

2.0.1

(versão de segurança)
13 Março 2015 - 27MBThis is the first maintenance release which fixes a couple of minor issues, and one security-related issue where improper escaping of category names can lead to a possible XSS attack. This atnly be performed by authenticated editors, so we consider it medium-impact. If you run a multi-user blog with untrusted authors, you are urged to upgrade to the new release. Many thanks to Edric Teo for reporting this issue to us, which could then be fixed within the same day.

Some other notable bug fixes are:

• Report errors, if inclusion of JavaScript files may throw PHP errors to help in diagnosing an installation
• Support for user.css backend CSS additions, without needing to edit the 2k11 backend theme.
• Some JavaScript fixes for the backend, better theme fallback methods.

Continuar lendo: http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html

2.0

(versão principal)
27 Janeiro 2015 - 27MBOur main goal for Serendipity 2.0 was to clean up our backend structure, both in terms of coding and especially in terms of design and usability. We firmly believe to now be at a point where we want to show off our hard endeavours, and feel Serendipity 2.0 can now be properly used.

Highlights

• New Responsive theme, usable for desktop, tablet and mobile devices.
• A new frontpage (aka "Dashboard") shows you the most notable things on your blog
• A redone navigation tries to structure the backend tasks in a better way
• "Themes" is now the definitive word, where we previously used "Template", "Style" or "Theme". We're committed to stick with this now. ;-)
• The bundled WYSIWYG editor has been changed to CKEditor.
• A conservative but thorough rework of the Media Library.
• Restructured core and removed some older cruft.
• New Metatron tool which can perform a number of administrative tasks on the command line.

Continuar lendo: http://blog.s9y.org/archives/261-Serendipity-2.0-released.html

1.7.8

9 Fevereiro 2014 - 27MB

• Fixed a regression caused by the prior 1.7.6/1.7.7 release.

Continuar lendo: http://blog.s9y.org/archives/254-Serendipity-1.7.8-released.html

1.7.7

(versão de segurança)
6 Fevereiro 2014 - 27MB

• Fixed an XSS by using a specially crafted username can happen when viewing the "Manage users" screen
• Fixed an XSS when creating an entry with specially crafted id/timestamp values
• Fixed a SQL injection when installing a plugin with a specially crafted name

Continuar lendo: http://blog.s9y.org/archives/253-Serendipity-1.7.7-released.html

1.7.5

20 Janeiro 2014 - 27MB

• Fixed textile PHP 5.2 (namespace) compat issue
• Added default value to spamblocks required_fields option [name,comment]

Continuar lendo: http://blog.s9y.org/archives/252-Serendipity-1.7.5-released.html

1.7.4

11 Janeiro 2014 - 27MB

• Updated textile plugin for PHP 5.3+ compatibility
• Updated spamblock captcha creation for PHP 5.3+
• Updated Smarty library
• Improved .htaccess "deny" method for the Spamblock plugin

Continuar lendo: http://blog.s9y.org/archives/251-Serendipity-1.7.4-released.html

1.7.3

(versão de segurança)
29 Agosto 2013 - 27MBThis release only addresses a bugfix for one functional issue (trackbacks to SSL-servers) and a security issue in the bundled htmlarea spellchecker module (see http://osvdb.org/87395). Thanks to Henri Salo for pointing out this issue.
Continuar lendo: http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html

1.7.2

28 Julho 2013 - 27MB

• Serendipity will switch to mysqli if PHP >= 5.5 is used (mysql is deprecated in that version)
• Upgrade Smarty to 3.1.14
• The outdated browsercompatibility plugin will be uninstalled
• Properly migrate a "baseURL" option which might be set to an empty value on installations where the configuration has never been saved after the update.
• The name of a authorgroup was empty when editing a usergroup

Continuar lendo: http://blog.s9y.org/archives/249-Serendipity-1.7.1-and-1.7.2-released.html

1.7

23 Maio 2013 - 27MB