The Serendipity team is happy to announce the immediate availability of a maintaineance release of Serendipity 0.7.1.
This release only fixes three little issues:
* The captcha plugin may on certain system not create enough "randomness" to the string displayed in the graphic
* Fixed a possible cross site scripting vulnerability. Thanks to Stefan Esser for reporting this issue.
* Entries to be published in the future could be accessed by their future URL before being shown on the mainpage.
Upgrading from any version to 0.7.1 is very easy: Just extract the files of our release into your existing directory, open your blog and the automatic upgrader will do the rest. Creating a backup before is still a good idea for any software, though.
For users who want to easily patch their 0.7 release, you only need to copy over those files:
* serendipity_config.inc.php
* compat.inc.php
* NEWS
* serendipity_functions.inc.php
* plugins/serendipity_event_spamblock/serendipity_event_spamblock.php
Meanwhile we are heavily working on our upcoming 0.8 release, which already has a huge list of changes (http://cvs.sourceforge.net/viewcvs.py/p ... iew=markup).
We are also happy to announce that finally the DNS issues of www.s9y.org are resolved, and the ressource is up and running again. For the future, a backup DNS name 'www.s9y.info' is available.
Have fun,
the Serendipity Team
Serendipity 0.7.1 released
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Serendipity 0.7.1 released
Last edited by garvinhicking on Sat Mar 05, 2005 1:45 pm, edited 2 times in total.
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Re: Serendipity 0.7.1 released
Many thanks to the whole team for reacting so quickly!garvinhicking wrote:For users who want to easily patch their 0.7 release, you only need to copy over those files:
* serendipity_config.inc.php
* compact.inc.php
* NEWS
* serendipity_functions.inc.php
* plugins/serendipity_event_spamblock/serendipity_event_spamblock.php
Two notes, though: copying the files above is not sufficient to protect against the cross site scripting vulnerability. The layout.php of the templates default, moz-modern and newspaper have to be copied over also. And it is include/compat.inc.php, not compact.inc.php - small typo.
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Serendipity 0.7.1 released
Hi sil53r!
Thanks for the typo-notice, I fixed it!
Regards,
Garvin.
In fact, this is not true. The variable is fixed in compat.inc.php, so no need to fix it in layout.php. We fixed it there by intention, so that nobody needs to fix their templates!Two notes, though: copying the files above is not sufficient to protect against the cross site scripting vulnerability. The layout.php of the templates default, moz-modern and newspaper have to be copied over also. And it is include/compat.inc.php, not compact.inc.php - small typo.
Thanks for the typo-notice, I fixed it!
Regards,
Garvin.
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/