CMS Development Tracking

Serendipity 1.3.1 has been released. This is a bugfix and security related release, basically adressing a potential XSS issue within the Top Referrers plugin as well as hypothetical XSS issues with the installer.

This release also adresses some basic PostgreSQL8 related problems, because implicit type casts have been removed from this version, causing breakage with several Serendipity core features. The fix for this is only partial and will still happen in (less common) functions of Serendipity. There is no ultimate solution to this because implicit type casts are required for certain entryproperty operations. Maybe the PostgreSQL8 team will think about if implicit type casts are not also quite helpful.

The only new feature addition is the exposition of a new smarty {serendipity_getImageSize} function.

This upgrade is recommended for users that use the Top Referrers plugin and new installations of Serendipity. Many thanks to Hanno B?ck, once again, for reporting (and fixing) the two XSS issues (CVE-2008-1385 and " onclick="javascript:urchinTracker('/outbound/cve.mitre.org');">CVE-2008-1386)!

You can find the new release on the s9y.org download page. Upgrade by simply uploading the deflated archive files to your webspace.

Related CMS news:

Serendipity 1.1.4 released, security bug in entryproperties plugin

Serendipity 1.2.1 released

Serendipity 1.2 release date

Posted on Tuesday, April 22nd, 2008. Filed under Serendipity. You can skip to the end and leave a response. Pinging is currently not allowed.

April 22nd, 2008

Serendipity 1.3.1 released

Leave a Reply

About AllCMS.org

CMS in development:

b2evolution

Dragonfly

Drupal

e107

Exponent

Geeklog

Joomla!

Mambo

Nucleus

Nuke-Evolution

PostNuke

Serendipity

TextPattern

Wordpress

Xaraya

XOOPS

XOOPS Cube

CMS in development: