Skip to content

@th-h th-h released this Apr 25, 2020 · 245 commits to master since this release

This is a bugfix release with some fixes backported from our master branch:

  • Fix: Truncate extension of media items to 5 chars which ist the max length of the corresponding database field (#609). Thanks to @mmitch!
  • Fix: Unconditionally keep upgraded_version in plugin cache (64b5d56).
  • Fix: Entry title in backend list of entries was double escaped (c66451e).
  • Fix: serendipity_plugin_history would error out (and prevent display of the sidebar) since 2.3.3 (#694).
  • Fix: Don't delete extend properties from the entryproperties plugin when publishing from dashboard or sending delayed trackbacks (#695).
  • Fix: CKE: Don't remove <details> and <summary> elements from WYSIWYG editor (6c15c80).
  • Fix: Don't strip HTML from comments body in serendipity_plugin_comments before serendipity_event_unstrip_tags can convert the HTML tags (#702).

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

(MD5: e9d6937ffb06533de9566d600e1ffdc2)

Assets 3

@th-h th-h released this Mar 25, 2020 · 245 commits to master since this release

This bugfix and security release Serendipity 2.3.4 fixes a potential remote code execution exploit for users with upload rights (on Windows systems only), some bugs in the Media Library renaming code and adds some other small fixes and enhancements backported from our master branch:

  • Add plugin source (Spartacus, bundled or local) to list of installable plugins and show plugin author(s) on plugin managament page.

  • Fix: Add "more info" link to Spartacus for all plugins there (was missing for already installed plugins).

  • Fix: [SECURITY]: Media Library: The file name of renamed files may not end with one or more dot(s). This is not problematic on Linux, but on Windows file names ending with a dot will lose this dot on disk, making it possible to rename a file without extension ("file") to "file.php." which morphes to "file.php" on Windows, creating an executable PHP file in a remotely accessable directory and a possible remote code execution vulnerability. Thanks to Junyu Zhang for spotting this!

  • Fix: Media Library: Renaming files without extension caused a discrepancy between the file name on disk and in the media library database so the database entry was deleted, making the file disappear from the Media library (while it was still in disk).

  • Fix: Media Library: Add some more checking and proper error messages.

  • Fix: Wrap comments with very long words on the backend dashboard.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

(MD5: 0b203494571997a3ac5093a21c3d855e)

Assets 3

@th-h th-h released this Mar 22, 2020 · 245 commits to master since this release

This bugfix release Serendipity 2.3.3 will bring you quite some smaller and larger fixes and minor enhancements backported from our master branch:

  • Update bundled event_mailer plugin to support forcibly sending mails on published blog entries and add the ability to prepend a mail body. Also fixes missing "keep strip tags" configuration option.

  • Media Library: Checkboxes allow you to insert multiple media files in a kind of gallery. Fall back to single-asset view when just one file has been selected. Let checkboxes be selected when clicking on the asset title, and hide the the 'Insert all' button when no assets are selected.

  • Media Library: Use the <video> tag for videos in the library and for inserting them into an entry.

  • Media Library: Allow plugins to skip HTML block insertion to use their own markup.

  • Fix: Media Library: Items that are not images now get the correct link.

  • Fix: Media Library: Prevent renaming an asset into an existing file, resulting in deletion of both from disk and database.

  • Fix: Media Library: Remember directory from last upload.

  • Fix: Media Library: Missing variable initialisation when removing empty folders.

  • Fix: Stop generation of default page every time when serving JS (functions_routing.php).

  • Fix: Don't allow requesting an archive page that doesn't exist.
    Thanks to @lotharsm!

  • Fix: Add valid HTTP referrer when trying to delete a trackback from the frontend.

  • Fix: Update bundled plugin plugin_comments to wrap text at word boundaries only, removing spurious whitespace in comment output.

  • Fix: Update bundled plugin event_bbcode to get roman numerals working.
    Thanks to Fabien Chabreuil!

  • Fix: Force positive limits for number of entries shown on title page and in RSS feed and fix potential SQL error with limit set to 0 in serendipity_fetchEntries().

  • Fix: Escape version string in update notifier to avoid potential for XSS.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

(MD5: a25fa2d0484538fb2c07ea2e670787b9)

Assets 3

@th-h th-h released this Oct 16, 2019 · 245 commits to master since this release

This bugfix release Serendipity 2.3.2 contains some bug fixes backported from our master branch:

  • Fix: [SECURITY] Only allow .txt and .log files for spamblock logging.
    Thanks to Gary O'Leary-Steele!
  • Fix: [SECURITY] Escape category images to avoid backend XSS (#639).
    Thanks to @hannob!
  • Fix: Pagination should now really be fixed for the new default "stable archives" sorting order.
  • Fix: Fix autologin when using MySQL (#632).
    Thanks to @erAck!
  • Fix: Properly display plugin save errors after validation.
  • Fix: The WYSIWYG editor stripped the figcaption element used for image captions.
  • Fix: Rotating an image did not rotate all responsive thumbnails.
  • Fix: Auto-generated mails where mangled by wrong linebreaks on some MTA (#644).
  • Fix: Prevent PHP warnings (#638, #642).
    Thanks to @hannob!

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

(MD5: b81c97851afdb9c9fe3b7bd5b6765d29)

Assets 3

@th-h th-h released this Aug 21, 2019 · 245 commits to master since this release

This bugfix release Serendipity 2.3.1 contains some bug fixes and small feature updates backported from our master branch:

  • Fix: ML mass delete didn't work.
    (Added a question mark to a dialog and another language constant, incidentally.)
  • Fix: Pagination (a feature of themes like Timeline and Bulletproof) didn't work with the new default "stable archives" sorting order.
  • Change: Previous/next links and page numbers for archive pages with "stable archives" sorting order have been changed to match the pagination.
  • Fix: Notices for moderated comments ("This comment needs approval before it will be displayed") didn't show (reliably) when more than one spamblock plugin was active (as these plugins mutually overwrote their "moderated" flags).
  • Fix: Some internationalisation fixes and new German translations.
  • New: Show links for each plugin installed from Spartacus to its Spartacus entry.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

(MD5: c0b1cc96277e15d61440f5c6891a8ef0)

Assets 3

@th-h th-h released this Aug 10, 2019 · 245 commits to master since this release

We are very happy to announce the availability of the final release for Serendipity 2.3, our new stable version, after more than two years of work!

Serendipity 2.3 focuses on

  • PHP 7.2 and 7.3 support - minimal PHP version is now PHP 7.0
  • Smarty upgrade to 3.1.33
  • Updates to the media manager and some bug fixes
    • New function to add multiple images to an entry at once, creating a gallery
    • Use figure/figcaption markup for media manager images with captions
    • Ability to create responsive image thumbnails
    • Set responsiveimages as default plugin
    • Add rewrite to absolute url for srcsets to the feed generation
  • Using voku/simple-cache for internal cache as bundled lib, which will allow to cache with memcached and redis instead of just on the filesystem
  • Adding a maintenance mode option
  • Improving the nl2br plugin (thanks to Stephan Brunker!)
  • Allowing to receive multiple trackbacks and pingbacks (thanks to @mmitch!)
  • Changing (installation) defaults: disable entryproperties cache and enable internal cache, enable stable-archive option

Other changes include:

  • Security fixes for XSS in Editor Preview and Media Library by interpreted EXIF tags (thanks to Hanno Boeck!)
  • Fallback for $lang variable when configuration failed to load which evades some unuseful error messages (thanks @HQJaTu!)
  • Drop deprecated serendipity_purgeEntry function
  • Bootstrap4 adaptations
  • Fixes for plugin drag'n'drop
  • Multiple minor bug fixes to core, bundled plugins and bundled themes.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

Have fun!

(MD5: f5e2fa7fdabb738586600086a02c3c89)

Assets 3

@th-h th-h released this Aug 9, 2019 · 503 commits to master since this release

This bugfix release Serendipity 2.1.6 contains some (very few) bug fixes backported from our master branch:

  • Prevent error in upgrader when $sqlfiles is NULL.
  • Fix preview iframe in bulletproof.

This is planned to be the last bugfix release for our 2.1 branch.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

(MD5: 7b05ae263fdeeb631a815d182d0b175e)

Assets 3

@th-h th-h released this Aug 3, 2019 · 251 commits to master since this release

We are happy to announce the availibility of the first (and hopefully last) Release Candidate for Serendipity 2.3!

We feel comfortable with suggesting you to try out this release in a production environment. Please don't forget to make a backup of your database and files first, as you should always do!

Tests on current PHP installations (PHP 7.2 up to PHP 7.4) would be much appreciated!

Serendipity 2.3 focuses on

  • PHP 7.2 and 7.3 support - minimal PHP version is now PHP 7.0
  • Smarty upgrade to 3.1.33
  • Updates to the media manager and some bug fixes
    • New function to add multiple images to an entry at once, creating a gallery
    • Use figure/figcaption markup for media manager images with captions
    • Ability to create responsive image thumbnails
    • Set responsiveimages as default plugin
    • Add rewrite to absolute url for srcsets to the feed generation
  • Use voku/simple-cache for internal cache as bundled lib, which will allow to cache with memcached and redis instead of just on the filesystem
  • Added a maintenance mode option
  • Improve the nl2br plugin (thanks to Stephan Brunker!)
  • Allow to receive multiple trackbacks and pingbacks (thanks to @mmitch!)
  • Change (installation) defaults: disable entryproperties cache and enable internal cache, enable stable-archive option

Other changes include:

  • Security fixes for XSS in Editor Preview and Media Library by interpreted EXIF tags (thanks to Hanno Boeck!)
  • Fallback for $lang variable when configuration failed to load which evades some unuseful error messages (thanks @HQJaTu!)
  • Drop deprecated serendipity_purgeEntry function
  • Bootstrap4 adaptations
  • Fixes for plugin drag'n'drop

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

(MD5: 45487cebd084b2f452329f0cd2303691)

Assets 3

@th-h th-h released this May 1, 2019 · 503 commits to master since this release

This bugfix release Serendipity 2.1.5 contains fixes for security issues and some bug fixes backported from our recent 2.3-beta1 release:

  • Fix XSS in Editor Preview by interpreted EXIF tags (thanks to @hannob!).
  • Fix XSS in Media Library by interpreted EXIF tags (thanks to @hannob!).
  • Fix mispositioned button in media db directory list.
  • Change default for comment subscription to full text.
  • Display errors if comment coulnd't be deleted.
  • Make it easier to drag plugins to other column.
  • Add fallback for broken JS in configuration screens.

You can download the release file and unzip it to your installation as usual, or update from within Serendipity using the Serendipity Autoupdate Plugin (serendipity_event_autoupdate).

(MD5: 67d55af6738137c0646268590f21397f)

Assets 3

@th-h th-h released this Apr 27, 2019 · 261 commits to master since this release

This first beta release of our new version 2.3 has a number of changes above and beyond the last 2.2.1-alpha1 release. These are:

  • PHP 7.2 and 7.3 support (with some fixes for the clean-blog and timeline themes)
  • Minimal PHP version is now PHP 7.0
  • Update Smarty to 3.1.33
  • Use voku/simple-cache for internal cache as bundled lib, which will allow to cache with memcached and redis instead of just on the filesystem (with updates to 4.0.1, fixing opcache warning on hosted environments, thanks @voku and Hanno Boeck)
  • Security fixes for XSS in Editor Preview and Media Library by interpreted EXIF tags (thanks to Hanno Boeck!)
  • Improve the nl2br plugin (thanks to Stephan Brunker!)
  • Allow to receive multiple trackbacks and pingbacks (thanks to @Mitch!)
  • Update media manager and fix some bugs (e.g. re-add ACLS and plugin API event hook backend_media_rename, fix mispositioned button in media manager directory list)
  • Use figure/figcaption markup for media manager images with captions
  • Add rewrite to absolute url for srcsets to the feed generation
  • Fallback for $lang variable when configuration failed to load which evades some unuseful error messages (thanks @HQJaTu!)
  • Drop deprecated serendipity_purgeEntry function
  • Set responsiveimages as default plugin
  • Change (installation) defaults: disable entryproperties cache and enable internal cache, enable stable-archive option

We would really love to get feedback from our users. If you want to test it on production blogs, make sure to have a backup available - that's always a good idea.

(MD5: 46e662fd5c992d95d69b9479034ee9b7)

Assets 3
You can’t perform that action at this time.