Serendipity 1.1.4 and 1.2-beta5 released

Post Reply
User avatar
garvinhicking
Core Developer
Posts: 30014
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Serendipity 1.1.4 and 1.2-beta5 released

Post by garvinhicking » Wed Aug 08, 2007 12:04 pm

Thanks to Erich Schubert, we were made aware of a bug and security
issue in the Plugin "Extended properties for entries". Since this
plugin is delivered with the core release, we have created a new
Serendipity release for both the current stable 1.1 version tree,
as well as a new 1.2 beta version.

Serendipity Users that are using the mentioned plugin do not need
to upgrade the full release, they can just fetch the updated version
of the plugin through this link:

http://svn.berlios.de/viewcvs/*checkout ... p?rev=1831

Put that updated file into your plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php file.

The actual bug was, that people were able to deliver custom
entryproperties settings to the Serendipity Frontend via a
HTTP-Request, which made them able to bypass a possibly used password
protection. Any other restriction of viewability of entries done via
category read-privileges were not affected, though.

Bottom line is: If you are using password protection for entries,
this security update is mandatory for you. Also if you were generally
using the entryproperties plugin (which is not installed by default
in Serendipity), you are urged to update your plugin. Only people not
using this plugin need not care about this issue.

You can download the new full releases as always on http://www.s9y.org/12.html.
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/

jdrodrigues
Regular
Posts: 36
Joined: Sun Feb 12, 2006 10:27 pm
Location: London
Contact:

Release of 1.2 final?

Post by jdrodrigues » Fri Aug 10, 2007 9:59 am

Hi Garvin,

Not trying to be a pain or anything, but do you have any idea when 1.2 may be out of beta?

Also, if I did try and use 1.2beta5 live, how hard would it be to update it with any changes between beta5 and the final release?

I understand you may not be able to give any precise reply, but a reasonable guess would be a big help.

Right now, my major issue with 1.1.3 is not having the "activate strict RFC2616 RSS-Feed compliance" option. Feeds do not update on many popular readers. And, with a news & information website that is a big problem.

Thank you!
- Joel

User avatar
garvinhicking
Core Developer
Posts: 30014
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Release of 1.2 final?

Post by garvinhicking » Fri Aug 10, 2007 12:02 pm

Hi!

Not trying to be a pain or anything, but do you have any idea when 1.2 may be out of beta?


Yes, my plan is to release 1.2 on August 26th.

Also, if I did try and use 1.2beta5 live, how hard would it be to update it with any changes between beta5 and the final release?


As easy as updating from any other s9y version to the latest one. Only very few files/things should be changed until then. There might not even be any real changes made to 1.2 final compared to 1.2-beta5.

Right now, my major issue with 1.1.3 is not having the "activate strict RFC2616 RSS-Feed compliance" option. Feeds do not update on many popular readers. And, with a news & information website that is a big problem.


Really? In which readers do such feeds not update? The only problem I'm aware on with the s9y feeds is with the Planet Aggregator software. All RSS Readers I know, apart from a buggy Firefox/Thunderbird interrim release, can properly deal with the feeds!

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/

jdrodrigues
Regular
Posts: 36
Joined: Sun Feb 12, 2006 10:27 pm
Location: London
Contact:

Post by jdrodrigues » Mon Aug 13, 2007 12:05 am

Hi Garvin,

Thank you for the information!

I'm not quite sure what to say about the news feed issue. I tried NetNewsWire Lite & Vienna (on Mac OS X). NetNewsWire Lite definitely had an issue where it would not display a new post, or reflect the change in number of posts in my feed. It required me to delete the feed and then add it again.

Vienna seems to work OK. I thought at first that it didn't, but now that it seems to be fine, I'm not going to fret over it.

I still need to check this with other news readers.

Thanks!
- Joel

Post Reply