Categories
Security & Updates

Serendipity 1.7.7 Update Released

Serendipity logo - Miami Hoster - Domains, hosting, websites and marketing

“Serendipity 1.7.7, three security issues which are fixed, upgrade as soon as you can”

Serendipity 1.7.7 logo - Miami Hoster - Domains, hosting, websites and marketing

Serendipity is a PHP-powered weblog application which gives the user an easy way to maintain an online diary, weblog or even a complete homepage.

While the default package is designed for the casual blogger, Serendipity offers a flexible, expandable and easy-to-use framework with the power for professional applications.

Casual users appreciate the way Serendipity’s sophisticated plugin architecture allows you to easily modify both the appearance of your blog and its features. You can install more than120 plugins with just one click, instantly enhancing your blog’s functionality. No need to edit code!

Changes Details

  • An XSS by using a specially crafted username can happen when viewing the “Manage users” screen
  • An XSS when creating an entry with specially crafted id/timestamp values
  • SQL injection when installing a plugin with a specially crafted name

Notes:

Now, all these issues can only be exploited in the backend, so it means someone would need to send you a maliciously crafted link which you click on (or your own blog editors, if you have them, want to target you).

Since today, people can be easily tricked into “clicking” crafted links (by using URL shorteners like bit.ly), they regard this issue as critical, and you should upgrade as soon as you can. Remember you can always improve the chances of not being affected by XSS attacks like these by logging out of Serendipity when you are no longer working in it; then XSS attacks through those links will not be executed, since you would first need to login to your backend. This also applies to any web application, so make use of this Logout-Button.

This release also addresses an issue with the nl2br plugin in conjunction with the WYISWYG editor. The plugin will show you some useful information in its configuration screen on how to use it, if you also use WYSIWYG editors or other markup plugins. Also, the templatechooser plugin will now work properly again with some older templates. The PHP < 5.3 fix for the textile plugin not properly working has also been adressed (again).

[otw_is sidebar=otw-sidebar-8]

More Information

  • Start Serendipity 1.7.7
    Run Serendipity 1.7.7 from your domain and hosting service. Register a Domain Name if you don’t have one and choose one of our Hosting Plans to install Serendipity 1.7.7
  • Hosted Serendipity 1.7.7
    Contact us if you don’t need a domain or hosting service, but want the Serendipity 1.7.7 anyway.
 [otw_is sidebar=otw-sidebar-7]