Version 2.x.x (major) ()
------------------------------------------------------------------------
* Add backend_view_entry hook, that is executed for every entry
in the backend entry list
* Updated entryproperties plugin to support a custom property for
multiple ownership of an article
* Emit and detect rel=trackback element to find trackback
url, to have a reliable alternative to RDF used so far
* Merge and rename the two configuration variables to limit
displayed entries in the dashboard (#493):
$serendipity['dashboardLimit'] and
$serendipity['dashboardDraftLimit'] are now merged into
$serendipity['dashboardEntriesLimit'] - please change your
serendipity_config_local.inc.php accordingly if you used
the former variables.
The dashboard will now show as many future entries as
configured in "dashboardEntriesLimit"; if there are less
future entries, it will display drafts until
"dashboardEntriesLimit" is reached.
* Add a "delete" button to the backend entry form (#491, #494)
* Change Spartacus default mirror to github (#489)
Version 2.1.2 (March 25, 2018)
------------------------------------------------------------------------
* Exclude defunct netmirror spartacus repository
* Adapt .htacess default rules to exclude rewriting documentation
(Issue #521)
* Fix a regression in Net/DNSBL regarding
serendipity_event_spamblock_rbl and
serendipity_event_spamblock_surbl by adding Net/DNS2 1.4.3 as a
bundled library to core and patching Net/DNSBL (#497)
* Fixed broken Akismet API calls (#507)
* Fixed comment preview for logged-in users (#503)
* Fixed message display after comment editing/deleting (#526)
* Don't show empty plugin groups in list (#496) and fix broken
plugin display in Firefox.
* Add template path as first entry to template_dirs (#524)
Version 2.1.1 (April 9th, 2017)
------------------------------------------------------------------------
* Fixed a regression issue where configuration variables could not
properly be stored when they were set to false.
Version 2.1.0 (April 8th, 2017)
------------------------------------------------------------------------
* Some more PHP7 error catching
* Fix missing token when updating plugin
* Fix missing variable name in regular expression match, Issue #442
Version 2.1-rc1 (January 26th, 2017)
------------------------------------------------------------------------
* Fix issue #437 - Remove the hardcoded media filter only_filename
input field and re-allow the $order_fields['i.name'].
* Issue #430, fix proper name of new feedShowMail configuration var
in rss.php for showing mail addresses
* [Security] Enhance CSRF-Tokens for toggling/moderating comments
* Allow to set a default category for authors (personal preferences)
* Changed how the hidden password element is displayed to prevent
browsers from autofilling it into the entryproperties plugin
* [Security] Enhanced media upload check to also check redirects
for local files, thanks to Xu Yue (again!)
* [Security] Prevent XSS in adding category and directory names,
thanks to Edric Teo @smarterbitbybit.
* [Security] For multi-deletion of entries, secure the HTTP referrer
output to prevent XSS (Issue #435)
* [Security] Reject %0D/%0A in exit tracking and other places
(Issue #434)
* [Security] Redirection of comment.php now checks the referrer
and only allows the blog's host (thanks to Lee Sheldon Victor)
* [Security] Fix missing integer casting for inserting new categories
(thanks to cdxy)
* Disabled Selenium test files unless enabled
Version 2.1-beta2 (September 26th, 2016)
------------------------------------------------------------------------
* Improved backend accessibility by hiding iconfont icons for
screenreaders (using aria-hidden).
* Replaced the JS-based equal height solution in the backend with
a modern CSS-only solution based on Flexbox for browsers that
support it. (Browsers that do not support Flexbox or that only
support outdated versions of Flexbox get the old JS solution as
a fallback.)
* [Security] Prevent moving files by using their directory name.
[Security] Possible SQL injection for entry category assignment
[Security] Possible SQL injection for removing&adding a plugin
All issues require a valid backend login.
Thanks to Hendrik Buchwald for finding this via their
RIPS source code analyzer (www.ripstech.com)
* [Security] Add new configuration option to enable fetching
local files for the media uploader. By default this is now
disabled to prevent Server Side Request Forgery (SSRF).
Thanks to Xu Yue for pointing this out!
* Added new API wrapper serendipity_request_url() to request URLs.
Currently uses HTTP_Request2, might change to curl or others in
the future, but irrelevant to plugins using this function.
* Removed outdated themes blue, carl_contest, kubrick and wp. They
live on Spartacus now.
* Added new theme "Skeleton". Skeleton is a responsive, mobile first
HTML5/CSS3 theme built on the Skeleton framework.
* Fix comaptibility bug preventing Internet Explorer (+Edge) to
clear the entry editor cache when saving an entry
* Remove backend js from preview_iframe.tpls, makeing entry previews
faster, more accurate and more reliable
* Introduce new plugin api function
$plugin->getFile($filename, $key = 'serendipityPath'). Other
than parseTemplate($filename) it will not parse the found file
via smarty, and it allows directories inside $filename. Intended
use is finding files like images via the fallback chain, giving
themes the chance to serve custom versions instead.
* Give theme authors the option to force using a template file from
the frontend, {getFile file=... frontend=true}
* Fix entry preview by making sure it always uses the correct
template files to generate preview, replacing internal magic
with direct parameters
* Rewrite and simplification of the file fallback chain in
serendipity_getTemplateFile. Removes templates/default/ from
from the chain, as it was replaced by templates/2k11/
Download Latest Version
Serendipity-2.1.2.zip (9.5 MB)
