Fork me on GitHub

Sunday, February 7, 2021

Blog / News / Releases / First beta release of FlatPress 1.2 “Legato”

First beta release of FlatPress 1.2 “Legato”

Hi folks,

I just release the the first beta of the upcoming FlatPress 1.2.

We have a topic on the support forum - there, you’ll find download links, update instructions and more details about what’s new in 1.2.

Please help us testing the new beta thoroughly. As soon as our tests were successful, I’ll release the final version of FlatPress 1.2 “Legato”. Thank you!

All the best,
Arvid

Wednesday, December 23, 2020

Blog / General / A few words before the year ends

A few words before the year ends

2020-12-21_meh.jpg Hi folks, I hope you’re all okay out there. The year 2020 has been a hell of a ride for many of us, hopefully you all got through it without major damage.

For the FlatPress project, 2020 was kind of quiet. Sure, we made big steps towards FlatPress 1.2 (see the progress in the Changelog), but we didn’t manage to release it yet. Even the security fix I planned to release didn’t work out as expected, it may even not be released until after 1.2.

However, 2020 also was another year with strong community support. Thanks a lot for all the emails and suggestions, for your contributions on the wiki, your testing efforts and your pull requests on GitHub. Also, thank you very much for kindly supporting each other on the forums, it is always a real pleasure for me to see that.

I feel a little sorry about the slow release cycle. FlatPress 1.2 should’ve been released long ago to enable FlatPress for PHP 7.4 and PHP 8. I’ll do my best to get this done real soon. But at least, we consequently stick to our project philosophy: We do not run a feature race here ;)

I wish you all some quiet and peaceful holidays. Let’s take a few days off and gather fresh momentum for the new year. If all goes well, life may go back to some kind of normal one day.

All the best,
Arvid

Image: Derivate of “meh” by Яick Harris - licensed under CC BY-SA 2.0

Sunday, October 18, 2020

Blog / News / Security Update: Please help testing

Security Update: Please help testing

Hi guys,

it’s been silent here for quite a while. But this doesn’t mean there’s nothing happening:

The security issue

You may or may not have seen the security issue #64 filed by lethanhtrung222. It addresses an issue that allows an attacker to delete any uploaded file on your blog just by making you click on a link like this:

  • https://YOURBLOG.ORG/admin.php?p=uploader&action=mediamanager&deletefile=THEFILE.XYZ

This link could be sent to you via email, it works if you are already logged into your admin area.

The described cross-site request forgery (CSRF) also applies to deleting entries and enabling/disabling plugins.

The fix

Although this is not highly critical, I decided to create a bugfix release that solves this issue. Now, on every logon, a unique token is created. The token is added to the affected links in the admin area, e.g. the “Delete” link in the entries listing. Since this token is freshly created on every logon, an attacker does not know it and can’t attach it to the attacking link. Without the correct token, FlatPress will just not execute the desired action.

The testing

Before releasing the new version finally, I reach out to you: Please help me testing the new version thoroughly and report any bugs that you encounter.

Everything should work exactly as in version 1.1 “Da capo”. The only difference is the new “csrftoken” parameter in the links of the admin area actions described above.

Fiddle around with it: Copy the link URL, change the “csrftoken” parameter and see what happens :)

Get the new version here:

Please do not test on your productive FlatPress instances, this is still beta.

The new version

If everything works as expected in our tests, I will release the new FlatPress version 1.1.1 very soon.

Thanks for your help - and have a great start into the upcoming new week!
Arvid

Saturday, December 28, 2019

Blog / News / Archive of previous support forum is now available

Archive of previous support forum is now available

The previous support forum gathered the FlatPress knowledge of more than a decade. So many helpful comments, clever hacks and useful suggestions! Sadly, due to technical difficulties, it wasn’t available since the new support forum went online - this was one year ago.

But fear not! Finally, this mighty source of wisdom is online again:

Login is not possible, everything is just read-only. The wisdom may remain untouched and enlighten us with every visit :)

Monday, December 23, 2019

Blog / General / Goodbye 2019, hello 2020!

Goodbye 2019, hello 2020!

The ending year 2019 was the year of the FlatPress comeback. Our revival plan worked quite well: Since February, we have the new FlatPress version 1.1 that brought FlatPress to current PHP versions. Also, FlatPress regained a lot of publicity, especially in Germany by being featured in the LinuxUser magazine and being listed on Heise Download, the biggest German software download portal.

One of my greatest pleasures was to see that the FlatPress community – you! – also got back together. I am very proud to take care of this little blogging engine that is being used, enjoyed and enhanced all over the world. Throughout the year, I have received a lot of bug reports and enhancement proposals, there were new plugins and themes, and sometimes I just got a little “Thank you”. This all tells me that FlatPress as self-hosted blogging engine still is important, even (or especially!) in times of huge walled-garden platforms like Facebook, Instagram and Twitter.

I’m excited to see what 2020 will bring. Franah is working on a completely new admin panel which already looks awesome, and we still have a few issues to be taken care of. Also, Matthias keeps testing the heck out of FlatPress which always brings some little glitches to fix ;)
As in 2019, FlatPress still won’t change the world, but it will stay your reliable choice when it comes to easily-set-up, self-hosted, standard-compliant, great-looking blogging sites.

For the last days of 2019, I hope you all have a peaceful time whereever you are. Take some days off, visit your families, and don’t forget to take care of those who need it. And then have a great start into a successful new year 2020!

All the best
Arvid