Security fix: Serendipity 0.8-beta6 Snapshot

Post Reply
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Security fix: Serendipity 0.8-beta6 Snapshot

Post by garvinhicking »

Today a possible SQL injection in the URL Tracking mechanisms of Serendipity was made public in our forums. To quickly hotfix this issue I have just released a fixed Serendipity 0.8-beta6 snapshot (http://www.s9y.org/12.html) which contains an updated exit.php file. Serendipity 0.7.1 is NOT affected, as this issue had been fixed in 0.7.1 already, but the fix had sadly not been merged properly to the 0.8 sourcecode branches.

The final Serendipity 0.8 release is scheduled to be released this Friday, which is the reason why we will not release a new maintenance/beta release of 0.8, but urge the users to use 0.8-beta6 for the time being.

For 0.8 migration notes, please read the Please read the Notes on http://www.s9y.org/63.html.

If you want to wait for the 0.8 final release on friday, it is suggested you just remove the "Markup: Track Exits" Plugin and delete your exit.php file from your blog installation.

On behalf of the team,
/Garvin/
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Guest

Where?

Post by Guest »

Today a possible SQL injection in the URL Tracking mechanisms of Serendipity was made public in our forums. To quickly hotfix this issue I have just released a fixed Serendipity 0.8-beta6 snapshot (http://www.s9y.org/12.html) which contains an updated exit.php file. Serendipity 0.7.1 is NOT affected, as this issue had been fixed in 0.7.1 already, but the fix had sadly not been merged properly to the 0.8 sourcecode branches.
Okay I get that but where is all of this going?
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Where?

Post by garvinhicking »

Guest, please be more specific. What are you asking?

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Post Reply