D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
var
/
softaculous
/
s9y
/
Filename :
changelog.txt
back
Copy
Version 2.6.0 (April 10th, 2026) ------------------------------------------------------------------------ * Add an option to limit which hosts are accepted as automatically detected baseURL, serendipity['validBaseHosts']. This is a security measure for installations that run under multiple domains and also accept arbitrary host headers. * Security fix: Attackers could manipulate the mail headers of notification mails, on some server setups. Thanks to Marcelo Barbosa for the report. * Security fix: The domain of the login cookie could be manipulated, on some server setups. Thanks to Marcelo Barbosa for the report. * Rework of the XSRF token protection, it was a replaced with a check on the Sec-Fetch-Site header. This should eliminate the timeouts that caused referer error messages on entry previews and saves. * Fix: The bootstrap4 theme now sets the serendipity_entry class. This fixes the lightbox plugins photoswipe mode when using one gallery per entry and potentially other plugins. * Provide option for a second factor on login. Currently this consists of a code sent to the autor's email that has to be entered on login. * 2k11 now shows examples for its multiple date format options in the theme's configuration * Maintenance action for clearing the template cache now also empties the internal cache of serendipity and clears all smarty cache files. It was thus renamed to "clear cache". * nl2br: Fix an error that occured on some configuration in nl2p mode on the isolation tags check * Removed Sourceforge from Spartacus' mirror list, as it caused HTML to be written to the plugin files instead of the wanted PHP code. * Removed obsolete Pragma header from some responses, controlling brwoser cache behaviour. Alternative headers were already set. * Fix: clean blog's sticky header (that appears when scrolling up) was positioned with a gap, when it contained too many navigation links * Breaking Change: Removed Net/DNSBL.php, Net/CheckIP.php and pear/net_dns2 from the bundled libs. * Update Smarty to current v5.6.0 (official support for PHP 8.4) * Make smarty->entries also available when entry is cached. This fixes e.g. opengraph tags of the social plugin disappearing. * Brute force protection for the logins. Logins now only accept 5 login attempts a minute, bound to the user's anonymized IP. * Show error when uploaded file is too big (PHP ini settings) * Move 2k11's url validation helper function into the load event, so loading of jQuery itself can be delayed * clean blog: Updated to use newer versions of font awesome, bootstrap and its webfonts. Also hosts those files locally now and drops the shims for old versions of the Internet Explorer. Add option for a mastodon profile button. * Fix CSS based tabs in plugin and media upload area * Fix tooltips in installer not working and the installer's language list using the wrong encoding * Add XSLT shylesheet to the RSS and Atom feed, including a link to an explainer about how to use feeds Version 2.5.0 (13.02.2024) ------------------------------------------------------------------------ * Restore compatibility with PHP 7.4 * Remove bundled composer.phar (thanks to hboeck) * Update composer dependencies (mostly for PHP 8.3 compatibility): katzgrau/klogger (1.0.0 => 1.2.2) pear/http_request2 (v2.5.1 => v2.6.0) pear/net_dns2 (v1.5.3 => v1.5.4) psr/log (1.0.0 => 1.1.4) smarty/smarty (v4.3.2 => v4.3.5) * Fix a PHP notice in User management ("isEditable") (garvinhicking) * Fix a bug when the p parameter given was set to 0 (@hannob) * Fix an incompatibility with MySQL 5.7 or later (@mariohommel) Version 2.4.0 (November 20th, 2022) ------------------------------------------------------------------------ * Fix: Avoid bad number of arguments to sprintf and fix logic error in spamblock plugin. * Improve w3c compatibility be encode square brackets of comment mode links (thanks @hannob) * Fix: Previewing comments warning threw a warning on PHP 8, when debug mode on (thanks @hannob) * Fix: Editor autosave cached was not deleted when saving entry * Fix: Editor autosave was not on by default, despite the setting being active by default * Fix: admin/entries.tpl: fix undefined variable iso2br * Fix: The calendar plugin threw a warning about $cond['join'] not existing in some setups * Fix: Avoid one more situation where responsive image upscaled a small thumbnail * Bugfix: Entryproperites plugin no longer insert empty records for multiple authors (garvinhicking) * Improve permalink generation performance and enable more unicode replacements (thanks to mbirth!) Version 2.3.5 (April 25th, 2020) ------------------------------------------------------------------------ * Fix: CSS: Restrict block display of summary to trackbacks. (#703) * Fix: Don't strip HTML from comments body in serendipity_plugin_comments before serendipity_event_unstrip_tags can convert the HTML tags (being called via frontend_display hook). (#702) * Fix: [CKE] Don't remove <details> and <summary> elements from WYSIWYG editor. * Fix: Don't delete extend properties from the entryproperties plugin when publishing from dashboard (or sending delayed trackbacks). (#695) * Fix: SQL error in serendipity_plugin_history present since we "don't allow requesting an archive page that doesn't exist" (2.3.3). (#694) * Fix: Entry title in backend list of entries was double escaped. * Fix: Don't drop upgraded_version from local plugin cache. * Fix: Regular expression in functions_routing.inc.php * Fix: Truncate extension of media items to 5 chars (which ist the max length of the corresponding database field). (#609) Thanks to @mmitch! Version 2.3.4-beta1 (March 25th, 2020) ------------------------------------------------------------------------ * Security: Fix RCE on Windows. Thanks to Junyu Zhang <rgdz.eye@gmail.com>! * Fix: ML: Fixed filename generation when renaming and added some error messages on rename failures. * Display source of plugins (Spartacus, bundled or locally installed).