Serendipity v0.7-beta3 released (Security Fixes)

[garvinhicking]

Thanks to a considerate Serendipity-user, aCiDBiTS, we have been informed of a security issue related to Serendipity. Some missing validation of specially crafted variables could possibly lead to SQL injections.

We have fixed this issue in our latest 0.7-beta3 release, which has been made available today. Because of several changes since version 0.6-pl3 of Serendipity, it is not possible to offer an easy patch for older releases.

The Serendipity Team therefore STRONGLY advises you to update to the 0.7-beta3 release immediately, in order not to endanger any contents of your Blog. Even though this release is entitled "beta" we did not receive any serious bug reports, and the developers themselves have used this version in production for quite some time. Thus we do favor this beta release in terms of stability and security.

Updating from older versions of Serendipity is easy: Unpack the downloaded archive to your existing Serendipity directory, open your Blog page via HTTP and follow the automatted on-screen instructions. See http://www.s9y.org/35.html for detailed instructions. If you need further information or have questions to ask, please contact us

Of course, upgrading to our latest 0.7 release will allow you to use the many cool new features of Serendipity. Go, explore, and have fun!

Other Changes since the last 0.7-beta1 release are:

* PostgreSQL compatibility (quicksearch, comment moderation) and bug fixes
* Updated XML-RPC API
* Fixed exit tracking with SQLite
* Wrong entry count in footer
* Updated translations, added Italian and Norwegian