SPIP version 1.8.3 is a maintenance version, that’s to say it corrects things rather than adding new features. The main object of this release is to remove some small loopholes in security. It is released subsequent to a SPIP security alert.
Although the security holes remain relatively minor, it is recommended to migrate production sites to this new version of SPIP. If it’s not possible, for whatever reasons, to perform this migration, an alternative solution is to install this "security screen".
In particular, this version uses the "safehtml" library to keep the public forms secure, and to stop bold type (for example), which has not been closed, from running to the end of the page.
New:
- Czech is included with this version for the first time;
- the layout bar for typographical shortcuts now works with Safari;
- images which have been made smaller retain their transparent backgrounds if the original images have one;
- the #ENV
tags have been made secure by default. That means they are not allowed to pass any JavaScript or PHP code;
- the checking of global variables has been improved;
- the {mode=image}
criterion for DOCUMENTS loops has been corrected making it possible to retrieve thumbnail images;
- the shortcut [<imgX>->url]
has been debugged, and links on images now work correctly.