Security fix: Serendipity 0.8-beta6 Snapshot

Post Reply
User avatar
garvinhicking
Core Developer
Posts: 30020
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Security fix: Serendipity 0.8-beta6 Snapshot

Post by garvinhicking » Wed Apr 13, 2005 7:29 pm

Today a possible SQL injection in the URL Tracking mechanisms of Serendipity was made public in our forums. To quickly hotfix this issue I have just released a fixed Serendipity 0.8-beta6 snapshot (http://www.s9y.org/12.html) which contains an updated exit.php file. Serendipity 0.7.1 is NOT affected, as this issue had been fixed in 0.7.1 already, but the fix had sadly not been merged properly to the 0.8 sourcecode branches.

The final Serendipity 0.8 release is scheduled to be released this Friday, which is the reason why we will not release a new maintenance/beta release of 0.8, but urge the users to use 0.8-beta6 for the time being.

For 0.8 migration notes, please read the Please read the Notes on http://www.s9y.org/63.html.

If you want to wait for the 0.8 final release on friday, it is suggested you just remove the "Markup: Track Exits" Plugin and delete your exit.php file from your blog installation.

On behalf of the team,
/Garvin/
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/

Guest

Where?

Post by Guest » Fri Sep 23, 2005 2:08 pm

Today a possible SQL injection in the URL Tracking mechanisms of Serendipity was made public in our forums. To quickly hotfix this issue I have just released a fixed Serendipity 0.8-beta6 snapshot (http://www.s9y.org/12.html) which contains an updated exit.php file. Serendipity 0.7.1 is NOT affected, as this issue had been fixed in 0.7.1 already, but the fix had sadly not been merged properly to the 0.8 sourcecode branches.


Okay I get that but where is all of this going?

User avatar
garvinhicking
Core Developer
Posts: 30020
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Where?

Post by garvinhicking » Fri Sep 23, 2005 2:15 pm

Guest, please be more specific. What are you asking?

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/

Post Reply