=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2007/VULN495
_____________________________________________________________________

DATE                      : 10/12/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Serendipity.

======================================================================
http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html
______________________________________________________________________

Serendipity 1.2 has been well received by the community, there were only
very few minor bugreports. Those have been addressed in the Serendipity
1.2.1 maintenance release, available now.

The new Serendipity version also includes some new Bulletproof Theme
options (user-customized stylesheets) and addresses some very minor
browser quirks. If you're using Bulletproof, it is suggested you perform
the update.

Also this new version addresses a security issue in the Remote RSS
sidebar plugin (reported by Hanno Böck), which did not properly treat
links coming from an RSS feed, which could lead to possible XSS attack
vectors, if you are showing foreign feeds that might distribute
malicious content to you. If you're using this plugin with an unsafe RSS
feed, you should upgrade Serendipity.

Serendipity 1.2.1 features a new WPXRSS importer, support for the new
WordPress 2.3 database structure
All bug fixes have also been applied to our current 1.3-release tree.
This release currently features some new Smarty-Templating convenience
features, a remote spartacus version information interface, full
pingback support, a LifeType blog importer and support of SQLRealy.

Upgrading Serendipity is very easy, have a look at the FAQ
(http://www.s9y.org/11.html#A18). The new version is available on the
Serendipity download page (http://www.s9y.org/12.html).

Enjoy Serendipity and have a nice Christmas time!

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================