Thanks to Erich Schubert, we were made aware of a bug and security
issue in the Plugin "Extended properties for entries". Since this
plugin is delivered with the core release, we have created a new
Serendipity release for both the current stable 1.1 version tree,
as well as a new 1.2 beta version.
Serendipity Users that are using the mentioned plugin do not need
to upgrade the full release, they can just fetch the updated version
of the plugin through this link:
http://svn.berlios.de/viewcvs/*checkout ... p?rev=1831
Put that updated file into your plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php file.
The actual bug was, that people were able to deliver custom
entryproperties settings to the Serendipity Frontend via a
HTTP-Request, which made them able to bypass a possibly used password
protection. Any other restriction of viewability of entries done via
category read-privileges were not affected, though.
Bottom line is: If you are using password protection for entries,
this security update is mandatory for you. Also if you were generally
using the entryproperties plugin (which is not installed by default
in Serendipity), you are urged to update your plugin. Only people not
using this plugin need not care about this issue.
You can download the new full releases as always on http://www.s9y.org/12.html.
Serendipity 1.1.4 and 1.2-beta5 released
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Serendipity 1.1.4 and 1.2-beta5 released
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
-
- Regular
- Posts: 36
- Joined: Sun Feb 12, 2006 9:27 pm
- Location: London
- Contact:
Release of 1.2 final?
Hi Garvin,
Not trying to be a pain or anything, but do you have any idea when 1.2 may be out of beta?
Also, if I did try and use 1.2beta5 live, how hard would it be to update it with any changes between beta5 and the final release?
I understand you may not be able to give any precise reply, but a reasonable guess would be a big help.
Right now, my major issue with 1.1.3 is not having the "activate strict RFC2616 RSS-Feed compliance" option. Feeds do not update on many popular readers. And, with a news & information website that is a big problem.
Thank you!
- Joel
Not trying to be a pain or anything, but do you have any idea when 1.2 may be out of beta?
Also, if I did try and use 1.2beta5 live, how hard would it be to update it with any changes between beta5 and the final release?
I understand you may not be able to give any precise reply, but a reasonable guess would be a big help.
Right now, my major issue with 1.1.3 is not having the "activate strict RFC2616 RSS-Feed compliance" option. Feeds do not update on many popular readers. And, with a news & information website that is a big problem.
Thank you!
- Joel
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Release of 1.2 final?
Hi!
Regards,
Garvin
Yes, my plan is to release 1.2 on August 26th.Not trying to be a pain or anything, but do you have any idea when 1.2 may be out of beta?
As easy as updating from any other s9y version to the latest one. Only very few files/things should be changed until then. There might not even be any real changes made to 1.2 final compared to 1.2-beta5.Also, if I did try and use 1.2beta5 live, how hard would it be to update it with any changes between beta5 and the final release?
Really? In which readers do such feeds not update? The only problem I'm aware on with the s9y feeds is with the Planet Aggregator software. All RSS Readers I know, apart from a buggy Firefox/Thunderbird interrim release, can properly deal with the feeds!Right now, my major issue with 1.1.3 is not having the "activate strict RFC2616 RSS-Feed compliance" option. Feeds do not update on many popular readers. And, with a news & information website that is a big problem.
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
-
- Regular
- Posts: 36
- Joined: Sun Feb 12, 2006 9:27 pm
- Location: London
- Contact:
Hi Garvin,
Thank you for the information!
I'm not quite sure what to say about the news feed issue. I tried NetNewsWire Lite & Vienna (on Mac OS X). NetNewsWire Lite definitely had an issue where it would not display a new post, or reflect the change in number of posts in my feed. It required me to delete the feed and then add it again.
Vienna seems to work OK. I thought at first that it didn't, but now that it seems to be fine, I'm not going to fret over it.
I still need to check this with other news readers.
Thanks!
- Joel
Thank you for the information!
I'm not quite sure what to say about the news feed issue. I tried NetNewsWire Lite & Vienna (on Mac OS X). NetNewsWire Lite definitely had an issue where it would not display a new post, or reflect the change in number of posts in my feed. It required me to delete the feed and then add it again.
Vienna seems to work OK. I thought at first that it didn't, but now that it seems to be fine, I'm not going to fret over it.
I still need to check this with other news readers.
Thanks!
- Joel