Veni, Vidi, VISA

Serendipity 1.5.4 has been released and addresses some minor bugfixes as well as a XSS security issue discovered and reported by High-Tech Bridge. The XSS is only exploitable though, if you are using the "Remember me" feature in the Serendipity backend to login. Thanks to the quick notification by the team we were able to fix the issue within 24 hours, as with all past security issues.

The XSS-issue can easily be patched by only replace the file include/functions_config.inc.php with the new file (link), or by applying this patch.

Other bugfixes that come with the new Serendipity 1.5.4 release are:

• Fix PHP 5.3.2 parse error in a file, thanks to fyremoon
• Fix SQL query statement for deleting a category, which on some DB types (SQlite) might not return "true" and thus not really delete the category.
• Include license output in plugin listing
• Fix escaping when using ImageMagick to create PDF-thumbnail images
• Add new template variable to feed*.tpl files to support new plugins like pubsubhubbub, so that plugins can embed data to the main XML element

The latest release can be found on our SourceForge repository and on the usual place on . To upgrade from any previous Serendipity version, simply extract and upload the new files to your server.

Quelle: blog.s9y.org

Vim 7.3 Announcement. Was genau geändert wurde, kann man unter :h version-7.3 nachlesen.. mehr oder weniger.. eigentlich mehr weniger, weil es wieder mal keinen brauchbaren Changelog gibt *sigh*


Und eine Sicherheitslücke im Linuxkernel wurde geschlossen. Nach zwei Monaten. Und selbstverständlich ohne irgendeinen Hinweis darauf das es eine Sicherheitslücke war. Hey.. geht ja nur um das kleine Problem das lokale User root-Rechte erreichen können. Langsam wird es echt mal Zeit das jemand einen funktionierenden Fork von Linux rausbringt; allein schon deswegen damit ich nicht ständig *BSD anstelle von Linux installieren muss wenn es sich um sicherheitsrelevante Systeme dreht.

We just released the new stable version 2010.04 with Codename Grmlmonster, available as all the different flavours: grml, grml64,
grml-medium, grml64-medium, grml-small and grml64-small.

Quelle: grml.supersized.org

Serendipity 1.5.2 has been released to address the outstanding issue of SQLite installations with Serendipity. Upgrading an earlier version of Serendipity prior to 1.5.1 to this version should work without any problems, fixing the database upgrades that were faulty in Serendipity 1.5.1. This is the same patch that has been advertised in the old blog posting

Users who had upgraded to Serendipity 1.5 already can fix problems by checking the database table 'serendipity' and make sure to insert a md5 hashed password, with hashtype=0.

SQLite users should backup their database file (a random file name ending in .db) before updating. For users of other database systems, the Serendipity 1.5.2 update does not contain any changes and can be left out.

(via blog.s9y.org)

http://blog.s9y.org/archives/211-Serendipity-1.5-released.html

The Serendipity Team is proud to present the final release of Serendipity 1.5. While the earlier beta versions are proven to work fine for many people, it was finally time to package up a real release.

This version mainly addresses login security by changing our method how passwords are stored to use salted SHA1 checksums instead of plain MD5 checksums. This makes password retrieval (rainbow attacks, see special blog posting) through the database virtually impossible. Another thing is improved PHP 5.3 compatibility.

For users of our Bundled WYSIWYG-Editor Xinha users now have the ability to easily customize the appearance of this panel through a "my_custom.js" file inside the template directory (a draft of such a file can be found as fallback default in the htmlarea/ subdirectory).

One cool new feature for developers is that now also templates can register themselves inside the plugin API hooks to execute specific things, that don't require installation of an event plugin.

Other news include:

• new event API hooks
• fixed PDF thumbnail generation
• ability to auto-scroll on borders when Drag/Dropping plugins
• UTC server time zone support
• improvements in the Smarty functions to easier use Serendipity as a CMS for individual entry output.
• quicksearch improvements for doing a wildcard-search when too few searchresults were found on a fixed searchterm
• support for Typepad anti-spam server-checks, additionally to Akismet

Minor improvements since the 1.5-beta1 release:

• more PHP 5.3.0 compatibility improvements
• Disallow uploading any files that contain ".php." in the filename for extra security with Apache MimeMagic-Modules
• expermiental PDO:SQlite support
• usability improvements for the comment moderation panel (bottom-navigation, removed border increase)

The current release can be easily installed on any previous Serendipity installation. Just unpack, upload and visit your admin panel to perform possible database upgrades. Upon first login with an old password, Serendipity will store your old password in the new format - please be sure to make a backup of your Database prior to upgrading, and read the upgrade pointers on Upgrading Serendipity.


Have fun using Serendipity, and let us know on the Forums if you have any issues!

Ich werde demnächst das neue Release einspiele, aber wie man das ja von mir erwartet und auch gewohnt ist, gibts wieder 'n DATABASE_ERROR *sigh*

Guckst Du auf http://grml.supersized.org/archives/320-grml-2009.05-released.html und @zsh-users#14181

Nachdem ich es hier schonmal angedroht hab, konnt ich mich vorhin dazu aufraffen und S9Y aktualisieren. Verlief auch (wider Erwarten) ohne Probleme.. mehr oder weniger zumindest. Ich bekomme zwar in der Admin-Oberfläche (nach einiger Ladezeit) einen 500 wenn ich auf Styles Verwalten oder auf Neue Versionen von Seitenleisten-Plugins bzw. Neue Versionen von Ereignis-Plugins klicke, aber rein theoretisch sollte alles funktionieren. Wer irgendwelche Fehler findet, kann mir die im Kommentar beschreiben oder per Mail an drecksupdate@strcat.de schicken.

Serendipity 1.4.1 has been released. This is mainly a bugfix release for the updated of the bundled Smarty library, which fixes issues with Serendipity 1.4.
Other small fixes include better antispam checks for pingbacks (they were too strict before), an update to the sql index key creation of the statistics plugin and removal of error messages on open_basedir enabled servers.
You only need to upgrade to Serendipity 1.4.1 if one of the mentioned bugs affect you. Updating is easy and documented online.

(via blog.s9y.org)

Und wenn ich mich endlich dazu aufraffen könnte dieses Blog zu aktualisieren, dann würd ich das sogar machen. Aber irgendwie hab ich keine Lust auf 'n DATABASE_ERROR

http://blog.s9y.org/archives/202-Serendipity-1.4-released.html

The Serendipity-Team is proud to provide the final release of Serendipity 1.4,
conveniently codenamed "Post-Christmas-Monk-Miles-Moondog".

There have been some larger improvements since the 1.4-beta release, so these
are the highlights of this release in short:

• (new since 1.4-beta1) References to online plugin documentation have been added (if
  existing) and the display of the short plugin names has been added to the plugin configuration menus/
• (new since 1.4-beta1) Firefox now no longer autoremembers passwords at the wrong places
• (new since 1.4-beta1) Added SMF importer
• (new since 1.4-beta1) Added a new %parentname% permalink option for category links
• (new since 1.4-beta1) Fix to properly, longer (30 days) sstrong>remember the user settings in cookies, like for media insertion
• Improvements in the now Double-Opt-In comment subscription (plus support for fulltext comment notifications)
• new bundled default WYSIWYG editing component (Xinha, the successor of HTMLArea). This new component is more reliable and cross-browser capable than the old version, by still supporting everything that worked with HTMLArea previously.
• The Entryproperties plugin now uses the new widget-style configuration option to allow for custom arrangement of the entry-related features of this plugin to your liking.
• The bulletproof template has been enabled as the new default template. The frontend imitates the look of Carl Galloways Serendipity 1.0 relaunch template, while the backend is much improved with a fresh, distinct look.
• The Remote RSS-Feed sidebar plugin now is templated, so that you can achieve distinct look for certain feeds on the sidebar.

Serendipity also addresses some minor bugs usually only affecting very
special environments. Other changes include new PostgreSQL ts_vector fulltext
search, comment approval-by-mail for the spamblock plugin, better HTTP header
status updates for CGI environments. For developers, some API improvements and
new variables/parameters have been added. The performance of the
entryroperties plugin can be enhanced by new configuration options that let
you fiddle with the involved SQL generation.

The complete list of all changes is documented within the
docs/NEWS file of the release. This serendipity release is also the first
one to include checksums to verify your installation integrity.

Updating is easy and documented
online: Just upload the new files onto your web, possibly refresh/purge
your browser cache (and if you upgrade from Serendipity older than 1.2, you
might need to purge your old cookies), go to the admin panel and you're done.
For shared installations, make sure all deployed htmlarea directories
are updated with the new files (if not, the old htmlarea will still be there,
not Xinha).

Also, the new version contains release checksums. This makes sure that the
files you uploaded correspond with the checksums generated through the
release. This way, bad FTP uploads will no longer be driving you nuts. If this
makes any trouble for you, try to upload the files in BINARY mode in your FTP
client.

For the future, Serendipity is still planning on minor and major features.
We always keep a close ear to the wishes of our users, some of those that
cannot be solved instantly have been documented here: Future of Serendipity. If you're a
developer or designer, and want to help in proving that Serendipity is a
flexible and easy to use Blogging/CMS-application - your help is needed and
appreciated! Speaking of which: Many thanks to all current developers and forum users, especially
Don Chambers, YellowLED and Judebert. Your help has been, and is vital to the project.

On behalf of the team: Happy new year and have fun with the release,

Garvin

Also dann.. demnaechst ist dieses Blog mal wieder mit einem DATABASE_ERROR offline.

http://www.zsh.org/mla/users/2008/msg01041.html
I've uploaded 4.3.9 to ftp.zsh.org. The main changes are a few fixes to
the internals of the completion system which turned up at the last
minute, plus a fix to deconfuse argument handling for builtins that do
there own option handling; otherwise it will behave like 4.3.8.