The folks at Serendipity have released version 1.0.2 to address cross-site scripting (XSS) vulnerabilities "on the admin backend which could happen if registered authors can be tricked into following a specially crafted URL." The 1.1 Beta 5 also contains this fix along with the following new changes since Beta 1:
- Themes can now support custom amounts and positions of any number of sidebars (top, bottom, left, right etc.) (more)
- Usergroups can now configure which plugins/events a group is allowed to execute (more)
- Added the options to use HTTP-Authentication for your login, which enables you to use secured RSS-Feeds with login credentials
- Some permalinks oddities when using % in URLs and some other minor fixes.
You can read more details about this release at Serendipity.