Veni, Vidi, VISA

Serendipity 1.5.2 has been released to address the outstanding issue of SQLite installations with Serendipity. Upgrading an earlier version of Serendipity prior to 1.5.1 to this version should work without any problems, fixing the database upgrades that were faulty in Serendipity 1.5.1. This is the same patch that has been advertised in the old blog posting

Users who had upgraded to Serendipity 1.5 already can fix problems by checking the database table 'serendipity' and make sure to insert a md5 hashed password, with hashtype=0.

SQLite users should backup their database file (a random file name ending in .db) before updating. For users of other database systems, the Serendipity 1.5.2 update does not contain any changes and can be left out.

http://blog.s9y.org/archives/211-Serendipity-1.5-released.html

The Serendipity Team is proud to present the final release of Serendipity 1.5. While the earlier beta versions are proven to work fine for many people, it was finally time to package up a real release.

This version mainly addresses login security by changing our method how passwords are stored to use salted SHA1 checksums instead of plain MD5 checksums. This makes password retrieval (rainbow attacks, see special blog posting) through the database virtually impossible. Another thing is improved PHP 5.3 compatibility.

For users of our Bundled WYSIWYG-Editor Xinha users now have the ability to easily customize the appearance of this panel through a "my_custom.js" file inside the template directory (a draft of such a file can be found as fallback default in the htmlarea/ subdirectory).

One cool new feature for developers is that now also templates can register themselves inside the plugin API hooks to execute specific things, that don't require installation of an event plugin.

Other news include:

• new event API hooks
• fixed PDF thumbnail generation
• ability to auto-scroll on borders when Drag/Dropping plugins
• UTC server time zone support
• improvements in the Smarty functions to easier use Serendipity as a CMS for individual entry output.
• quicksearch improvements for doing a wildcard-search when too few searchresults were found on a fixed searchterm
• support for Typepad anti-spam server-checks, additionally to Akismet

Minor improvements since the 1.5-beta1 release:

• more PHP 5.3.0 compatibility improvements
• Disallow uploading any files that contain ".php." in the filename for extra security with Apache MimeMagic-Modules
• expermiental PDO:SQlite support
• usability improvements for the comment moderation panel (bottom-navigation, removed border increase)

The current release can be easily installed on any previous Serendipity installation. Just unpack, upload and visit your admin panel to perform possible database upgrades. Upon first login with an old password, Serendipity will store your old password in the new format - please be sure to make a backup of your Database prior to upgrading, and read the upgrade pointers on Upgrading Serendipity.


Have fun using Serendipity, and let us know on the Forums if you have any issues!

Serendipity 1.4.1 has been released. This is mainly a bugfix release for the updated of the bundled Smarty library, which fixes issues with Serendipity 1.4.
Other small fixes include better antispam checks for pingbacks (they were too strict before), an update to the sql index key creation of the statistics plugin and removal of error messages on open_basedir enabled servers.
You only need to upgrade to Serendipity 1.4.1 if one of the mentioned bugs affect you. Updating is easy and documented online.

http://blog.s9y.org/archives/202-Serendipity-1.4-released.html

The Serendipity-Team is proud to provide the final release of Serendipity 1.4,
conveniently codenamed "Post-Christmas-Monk-Miles-Moondog".

There have been some larger improvements since the 1.4-beta release, so these
are the highlights of this release in short:

• (new since 1.4-beta1) References to online plugin documentation have been added (if
  existing) and the display of the short plugin names has been added to the plugin configuration menus/
• (new since 1.4-beta1) Firefox now no longer autoremembers passwords at the wrong places
• (new since 1.4-beta1) Added SMF importer
• (new since 1.4-beta1) Added a new %parentname% permalink option for category links
• (new since 1.4-beta1) Fix to properly, longer (30 days) sstrong>remember the user settings in cookies, like for media insertion
• Improvements in the now Double-Opt-In comment subscription (plus support for fulltext comment notifications)
• new bundled default WYSIWYG editing component (Xinha, the successor of HTMLArea). This new component is more reliable and cross-browser capable than the old version, by still supporting everything that worked with HTMLArea previously.
• The Entryproperties plugin now uses the new widget-style configuration option to allow for custom arrangement of the entry-related features of this plugin to your liking.
• The bulletproof template has been enabled as the new default template. The frontend imitates the look of Carl Galloways Serendipity 1.0 relaunch template, while the backend is much improved with a fresh, distinct look.
• The Remote RSS-Feed sidebar plugin now is templated, so that you can achieve distinct look for certain feeds on the sidebar.

Serendipity also addresses some minor bugs usually only affecting very
special environments. Other changes include new PostgreSQL ts_vector fulltext
search, comment approval-by-mail for the spamblock plugin, better HTTP header
status updates for CGI environments. For developers, some API improvements and
new variables/parameters have been added. The performance of the
entryroperties plugin can be enhanced by new configuration options that let
you fiddle with the involved SQL generation.

The complete list of all changes is documented within the
docs/NEWS file of the release. This serendipity release is also the first
one to include checksums to verify your installation integrity.

Updating is easy and documented
online: Just upload the new files onto your web, possibly refresh/purge
your browser cache (and if you upgrade from Serendipity older than 1.2, you
might need to purge your old cookies), go to the admin panel and you're done.
For shared installations, make sure all deployed htmlarea directories
are updated with the new files (if not, the old htmlarea will still be there,
not Xinha).

Also, the new version contains release checksums. This makes sure that the
files you uploaded correspond with the checksums generated through the
release. This way, bad FTP uploads will no longer be driving you nuts. If this
makes any trouble for you, try to upload the files in BINARY mode in your FTP
client.

For the future, Serendipity is still planning on minor and major features.
We always keep a close ear to the wishes of our users, some of those that
cannot be solved instantly have been documented here: Future of Serendipity. If you're a
developer or designer, and want to help in proving that Serendipity is a
flexible and easy to use Blogging/CMS-application - your help is needed and
appreciated! Speaking of which: Many thanks to all current developers and forum users, especially
Don Chambers, YellowLED and Judebert. Your help has been, and is vital to the project.

On behalf of the team: Happy new year and have fun with the release,

Garvin

http://www.zsh.org/mla/users/2008/msg01041.html
I've uploaded 4.3.9 to ftp.zsh.org. The main changes are a few fixes to
the internals of the completion system which turned up at the last
minute, plus a fix to deconfuse argument handling for builtins that do
there own option handling; otherwise it will behave like 4.3.8.

You might notice that version 4.3.7 is on the FTP server. However, I'm
just uploading 4.3.8 with a fix for a completion bug that just turned
up, so you'll probably want to wait. I'll announce when it's ready.

http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html

erendipity 1.3.1 has been released. This is a bugfix and security related release, basically adressing a potential XSS issue within the Top Referrers plugin as well as hypothetical XSS issues with the installer.

This release also adresses some basic PostgreSQL8 related problems, because implicit type casts have been removed from this version, causing breakage with several Serendipity core features. The fix for this is only partial and will still happen in (less common) functions of Serendipity. There is no ultimate solution to this because implicit type casts are required for certain entryproperty operations. Maybe the PostgreSQL8 team will think about if implicit type casts are not also quite helpful.

The only new feature addition is the exposition of a new smarty {serendipity_getImageSize} function.

This upgrade is recommended for users that use the Top Referrers plugin and new installations of Serendipity. Many thanks to Hanno Böck, once again, for reporting (and fixing) the two XSS issues (CVE-2008-1385 and CVE-2008-1386)!

You can find the new release on the s9y.org download page. Upgrade by simply uploading the deflated archive files to your webspace.

zsh 4.3.6 has been released. Thanks for all the bug reports since
4.3.5, which have meant this release cycle has been particularly quick.

ftp://ftp.zsh.org/pub/zsh-dev.tar.bz2
ftp://ftp.zsh.org/pub/zsh-dev.tar.gz
ftp://ftp.zsh.org/pub/zsh-dev-doc.tar.bz2
ftp://ftp.zsh.org/pub/zsh-dev-doc.tar.gz

Version 4.3.6 contains mostly bug fixes, but there are some small
improvements. No incompatibilities with previous versions are known.

Visible changes in the shell and its modules since 4.3.5 include the
following:

The parameter subscripting flag "e", which existed but had limited
usefulness, has been extended to allow reverse matching of strings instead
of patterns. For example, "${array[(ie)*]}" substitutes the index of the
array element that contains the exact string "*". In previous versions of
the shell a fairly hairy process was necessary to ensure pattern characters
were quoted.

The cd, chdir, pushd and popd builtins now take the option -q (quiet) which
avoids side effects when changing directories, suppressing the effect of
the chpwd function, the chpwd_functions array and printing of the directory
stack. The last was already possible with the option PUSHD_SILENT, but in
previous versions of the shell there was no easy way of suppressing the
other side effects.