What a dynamic week with respect to Chyrp's security?! Less than five days past the quick security fix release, a new vulnerability surfaced from far far away. Thankfully though, we were able to quickly patch the issue and provide the fix to preserve your reliable experiences with Chyrp.
We recommend every Chyrp user to immediately update to the newly released version (Chyrp 2.5.2) and apply the changes accordingly to keep everything stable and secure at all times.
This report was generously sent to us by a security researcher from New Zeland. Our deepest gratitude to
PwC New Zealand
In the meantime, should you need a hand to apply the patch to secure your Chyrp install, you are always welcome to join the discussion and post your questions on our discuss arena. We are more than glad to offer our assistance at any needed time. 😀
Lastly, keep an eye on this space. We do have some exciting news waiting to be made public soon.
Chyrp's security is a priority to me. I'm writing to announce an immediate release of version 2.5.1. This is a security release that closes a potential XSS vulnerability in the admin area under Users Management. This flaw was reported by JPCERT/CC to whom we are truly grateful for.
First of, if your Chyrp powered blog/site does not allow user registrations, there is no need to rush an upgrade. Really. If that's not the case, however, it is recommended that you either apply the patch below immediately or upgrade all in all, so that you can keep your Chyrp system safe and sound.
The changes need be made to a single file only, that is
admin/themes/default/pages/manage_users.twig as shown in this [git commit](https://github.com/chyrp/chyrp/commit/43d1b6b266363ae7545d5d49851034eaeec7beb😎
You can, of course, even update the whole Chyrp install if that helps you worry less. The main link to download Chyrp has been updated, therefore all future downloads will include the fix.
Thank you for creating with Chyrp and thanks for being part of this nifty community.
On a final note, although his place has been well quite for some time, development on Chyrp was not even nearly at halt. I had planned initially to post an update writing on the development of the platform, but this took the priority. Make sure you check this place in the days to come. We have quite an announcement to make.
The Chyrp team is proud to announce the availability of Chyrp version 2.5 final release.
For about more than two years in the making, around 500 commits pushed to the official repository, with hundreds bug fixes and dozen new features, and with the priceless help of some special individuals, we have come to the much desired point of concluding this effort and calling 2.5 final.
This release is special from its entirety. Whilst it still preserves the key purpose of the project, that is to remain lightweight and awesome at all costs, it brings new exciting features however, that will not only make you love Chyrp even more but also increase your loyalty towards it.
Dropbox post syncing, responsive Admin UI, brand new Audio player, brand new Extension Manager, the awesome RedactorJS WYSIWYG, Post Featured Image (Post Thumbnail), Submission Module, Related Posts and many more, we are confident this is the Chyrp you have all been waiting for.
A worthy note though, all this new features don't come without a sacrifice, therefore we were forced to increase the system requirement of PHP from version 5.2.0 to PHP >= 5.3.0, which appears to be pretty standard across many hosting providers. On the one hand, this move allowed us to implement the current features we shipped with Chyrp 2.5.0, but gave us a lot of room for flexible manoeuvring on the other.
Without too much ramble, I would like to express my gratitude and acknowledgment to every single one of you that has contributed in any form to the project for the past months. You have been the source of motivation and encouragement to reach this far so that we can now cherish this moment together. I am immensely grateful to y'all.
Now, let's give ourselves a pat on the back, let this moment be a moment of joy, and let us preserve the necessary strength, skill and energy to keep on going forward and make Chyrp the best blogging tool there is.
As it was earlier announced, the second Release Candidate of Chyrp version 2.5 has been made available.
Though it's true this place has been pretty silent recently, nevertheless development activity around Chyrp during the warm summer days we left behind happened to be very active. Surprising enough, much of the changes and additions you will see in the most recent release, are the tireless work of two awesome fellows, whose contribution left us speechless.
First and foremost, there were a lot of user requests to provide a seamless cross-device publishing experience for Chyrp. To withhold from saying that work on native apps for various platforms seemed like a thing that belonged to the far future, it was plain and simple impossible for the time being. Simply put, something like that would have meant to completely put Chyrp development to a halt.
Thankfully, a guy called Daniel Pimley who goes in the Chyrp forums by the name ZG, was brave enough to take such a responsibility upon his shoulders, roll up his sleeves and get to work. But instead of working on separate platforms, he made something even more awesome; overhaul the Admin Theme to satisfy everyone's needs. That is, make it responsive. Besides that, you will also now be served SVG images instead of the good old PNG icons. Pimley had a touch on some other things too, but listing all his contribution here would take more time.
Kasim Ahmic a.k.a. The_Infection (mind the name) the second cool guy, made many CSS fixes across Firecrest theme, Feather and Module templates, only to make the overall rendering more compact than ever. He even replaced the old Flash audio player in favor of an HTML5 compliant alternative. Now tell me how cool is that! His contribution doesn't end here either, Mr. Ahmic added (optional) titles to the rest of the Feathers, something I rigorously rejected all this time, but hey, it's their vote against mine I guess. 😀
For a full list of changes, see the changelog here.
On a final note, today we are ending support for Chyrp 2.1.2 and all other versions prior to 2.5. Whilst I understand that some of you may be sceptical towards using a release candidate, we are forced to make this move due to a number of reasons, the most important one admittedly being the security of our software. As it is to date, version 2.5 has been in development for quite some time and undeniably is way more secure than ever, additionally featuring many attractive and cool features. The current state of the product indicates we are closer to the final release than we could ever be, therefore it's time for all of us to focus on the future of the product and praise the long road we have walked together to make it this far.
Your feedback, bug reports and words of appreciation have been the most important source of motivation and energy for us to keep working on Chyrp. We are immensely grateful. Keep 'em coming.
TL;DR: You get a now responsive Admin UI, a new Audio Player, and we're ending support for Chyrp 2.1. Over and out.
To put this post to an end, I can be pretty mouthful to say that this is the most incredible and awesome Chyrp release ever, and we are über-happy for this. We want this to be heard, so please share the word, let your friends now and don't forget to follow Chyrp on Twitter for the latest ongoings.
- at 04:13 PM
- 0 Comments
- Tags: 2.5, chyrp, release, announcement, bug fixes, responsive, admin theme
The Chyrp core team is pleased to announce that version 2.5 RC2 has officially been released.
A lot of work has been put into this, particularly by users xenocrat and TheInfection on github. We really appreciate the help.
Version 2.5 includes a ton of bug fixes, a new look for the audio player, and a bunch of styling tweaks.
To get your hands on it, head over to the downloads page.