Serendipity 2.3.1
20 September 2019
Serendipity version 2.3.1 is now available (major release).
Upgrading to Serendipity 2.3.1
Serendipity 2.3.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Serendipity updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Serendipity install to test the 2.3.1 upgrade prior to applying it live. Get started managing your Serendipity installations with Installatron
What's New in Serendipity 2.3.1
2.3.1
Highlights
- Fix: ML mass delete didn't work.
- Fix: Pagination (a feature of themes like Timeline and Bulletproof) didn't work with the new default "stable archives" sorting order.
- Change: Previous/next links and page numbers for archive pages with "stable archives" sorting order have been changed to match the pagination.
- Fix: Notices for moderated comments ("This comment needs approval before it will be displayed") didn't show (reliably) when more than one spamblock plugin was active (as these plugins mutually overwrote their "moderated" flags).
- Fix: Some internationalisation fixes and new German translations.
- New: Show links for each plugin installed from Spartacus to its Spartacus entry.
2.3.0
Security
- Security fixes for XSS in Editor Preview and Media Library by interpreted EXIF tags (thanks to Hanno Boeck!)
Highlights
- PHP 7.2 and 7.3 support - minimal PHP version is now PHP 7.0
- Smarty upgrade to 3.1.33
- Updates to the media manager and some bug fixes
- New function to add multiple images to an entry at once, creating a gallery
- Use figure/figcaption markup for media manager images with captions
- Ability to create responsive image thumbnails
- Set responsiveimages as default plugin
- Add rewrite to absolute url for srcsets to the feed generation
- Using voku/simple-cache for internal cache as bundled lib, which will allow to cache with memcached and redis instead of just on the filesystem
- Adding a maintenance mode option
- Improving the nl2br plugin
- Allowing to receive multiple trackbacks and pingbacks
- Changing (installation) defaults: disable entryproperties cache and enable internal cache, enable stable-archive option
Bug Fixes
- Fallback for $lang variable when configuration failed to load which evades some unuseful error messages
- Drop deprecated serendipity_purgeEntry function
- Bootstrap4 adaptations
- Fixes for plugin drag'n'drop
- Multiple minor bug fixes to core, bundled plugins and bundled themes.
2.1.6
Bug Fixes
- Prevent error in upgrader when $sqlfiles is NULL.
- Fix preview iframe in bulletproof.
2.1.5
Security
- Fix XSS in Editor Preview by interpreted EXIF tags.
- Fix XSS in Media Library by interpreted EXIF tags.
Bug Fixes
- Fix mispositioned button in media db directory list.
- Change default for comment subscription to full text.
- Display errors if comment coulnd't be deleted.
- Make it easier to drag plugins to other column.
- Add fallback for broken JS in configuration screens.
2.1.4
Security
- Fix XSS for pagination, when multi-category selection is used. Thanks to Brian Carpenter (geeknik) and Hanno Boeck!* Minor code fixes (proper PHP escaping for 'orderkey' SQL statement
Bug Fixes
- Sekelton, Timeline and Clean Blog templates: Add theme option to disable google webfonts
- Link to https s9y.org pages
2.1.3
Security
- Ensure URL parameter casting for RSS and blog entry limits to prevent possible SQL injection inside the LIMIT statement part
- Prevent XSS in the "Edit entries" panel
- Prevent sending comment notifications to more than one email address
- Disable exit.php-Tracking for open URL redirection, unless the trackexits plugin is specifically configured to do so
2.1.2
Bug Fixes
- Fixed a regression in Net/DNSBL regarding serendipity_event_spamblock_rbl and serendipity_event_spamblock_surbl by adding Net/DNS2 1.4.3 as a bundled library to core and patching Net/DNSBL.
- Fixed broken Akismet API calls
- Fixed comment preview for logged-in users
- Fixed message display after comment editing/deleting
2.1.1
Bug Fixes
- Rewrites in some older legacy parts of the core (URL routing, template fallback chain, experimental internal caching) as well as PHP 7 compatibility.
- New bundled responsive themes "Timeline" and "Clean-Blog"
- Improved usability of plugin upgrades by combining sidebar and event plugins and upgrading multiple plugins at once
- Permission checks for the dashboard output and comments
- Usability improvements to the media library, bulk moving support
- New API wrapper for URL downloads that plugins can use (serendipity_request_url)
- New Theme "Skeleton" (responsive, mobile first)
- Improved preview iframe handling
- Changes (simplifications) in template file routing for backend/frontend views, new smarty {getFile} function for theme authors
- Ability to set a default posting category for an author
- Improved security checks against CSRF attacks (comment moderation, comment toggling
- Improved security for referrer redirection
- Improved security for local file hotlinking
- Fixed sorting media database by filename
- Addressed some more PHP 7.1 issues, fixed bugs with missing token for installing plugins and deleting comments. We mainly tested PHP 7.0 compatibility, but PHP 7.1 should work too.
- Fixed displaying the proper plugin configuration value when set to false/empty.
2.1-rc1
Highlights
- Rewrites in some older legacy parts of the core (URL routing, template fallback chain, experimental internal caching) as well as PHP7 compatibility.
- New bundled responsive themes "Timeline" and "Clean-Blog"
- Improved usability of plugin upgrades by combining sidebar and event plugins and upgrading multiple plugins at once
- Permission checks for the dashboard output and comments
- Usability improvements to the media library, bulk moving support
- New API wrapper for URL downloads that plugins can use (serendipity_request_url)
- New Theme "Skeleton" (responsive, mobile first)
- Improved preview iframe handling
- Changes (simplifications) in template file routing for backend/frontend views, new smarty {getFile} function for theme authors
- Ability to set a default posting category for an author
- Improved security checks against CSRF attacks (comment moderation, comment toggling
- Improved security for referrer redirection
- Improved security for local file hotlinking
- Fixed sorting media database by filename