Serendipity 1.5.5 Security Release
Note: This article was originally published at Planet PHP on 22 December 2010.Serendipity project has released version 1.5.5 of their blog system a few hours ago. This is a security release, since there is a 0-day exploit out in the wild that is already used heavily. The security issue allows uploading script code to your server, so in other words: if affected, you are hosed.
If you are using Serendipity you should consider updating as soon as possible. Garvin has more on the issue in the release announcement.
Thanks to the Serendipity security team for their prompt actions (as always!), and to Stefan Neufeind for providing logs and insights about how the exploit was used.