serendipity

Serendipty 1.3 has been released. This new version of the blogging applications introduces 41 changes. Not only are enhancements and additional features introduced, but also changes to address a nasty cross site scripting issue (security exploit).

Some of the more significant features and enhancements for Serenditpity 1.3 include:

• The karma rating plugin has been upgraded to support nice, CSS-based rating graphics (see this post) and an overall rehaul on the its coding.
• Make the Spartacus plugin be able to use FTP upload, a workaround for SafeMode PHP restrictions. Also add a remote backend for plugin update checks.
• Import scripts for phpNuke and lifetype.

The following is a list of some of the new enhancements according to the Serendipity 1.2-beta1 announcement since Serendipity 1.1:

• Templates for Backend (Entry Editor, Master Template) via Smarty
• New session/login system
• Improved database support for SQLite3 and PDO::Postgresql
  
• IPv6 support

• Windows IIS server cookie/session authentication problem when not running via HTTPS
• Change execution order of trackbacks to properly send them when a failure occurs
• Display proper plugin permissionship restrictions when the admin user is not part of the group that is restricted
• Fixed a bug that some plugins were not able to properly execute in the entry detail view

The start of compatibility fixes for PHP applications. Serendipity 1.0.3 released to so the blogging application can properly run under PHP 5.2.0.

Because of the issue with PHP 5.2.0 mentioned before, and the 1.1 release not hastily being pushed out the barnyard, the Serendipity Team has decided to release a 1.0.3 version that fixes the mentioned problem. Complete Story

"Serendipity 1.0.x an PHP 5.2.0 currently do not go well together because of the new PHP ext/filter extension. In the early PHP 5.2.0 cycles this provided a function 'input_name_to_filter' which was later dropped, but not removed from Serendipity 1.0."

Complete Story

The folks at Serendipity have released version 1.0.2 to address cross-site scripting (XSS) vulnerabilities "on the admin backend which could happen if registered authors can be tricked into following a specially crafted URL." The 1.1 Beta 5 also contains this fix along with the following new changes since Beta 1:

1. Themes can now support custom amounts and positions of any number of sidebars (top, bottom, left, right etc.) (more)
2. Usergroups can now configure which plugins/events a group is allowed to execute (more)
3. Added the options to use HTTP-Authentication for your login, which enables you to use secured RSS-Feeds with login credentials
4. Some permalinks oddities when using % in URLs and some other minor fixes.

You can read more details about this release at Serendipity.