Security fix: Serendipity 0.8-beta6 Snapshot
Posted: Wed Apr 13, 2005 7:29 pm
Today a possible SQL injection in the URL Tracking mechanisms of Serendipity was made public in our forums. To quickly hotfix this issue I have just released a fixed Serendipity 0.8-beta6 snapshot (http://www.s9y.org/12.html) which contains an updated exit.php file. Serendipity 0.7.1 is NOT affected, as this issue had been fixed in 0.7.1 already, but the fix had sadly not been merged properly to the 0.8 sourcecode branches.
The final Serendipity 0.8 release is scheduled to be released this Friday, which is the reason why we will not release a new maintenance/beta release of 0.8, but urge the users to use 0.8-beta6 for the time being.
For 0.8 migration notes, please read the Please read the Notes on http://www.s9y.org/63.html.
If you want to wait for the 0.8 final release on friday, it is suggested you just remove the "Markup: Track Exits" Plugin and delete your exit.php file from your blog installation.
On behalf of the team,
/Garvin/
The final Serendipity 0.8 release is scheduled to be released this Friday, which is the reason why we will not release a new maintenance/beta release of 0.8, but urge the users to use 0.8-beta6 for the time being.
For 0.8 migration notes, please read the Please read the Notes on http://www.s9y.org/63.html.
If you want to wait for the 0.8 final release on friday, it is suggested you just remove the "Markup: Track Exits" Plugin and delete your exit.php file from your blog installation.
On behalf of the team,
/Garvin/