Password encryption is now as strong as it gets, HTTPS now gets the emphasis it deserves, cross-site scripting protection has been tightened, and in general the engine is more paranoid about user-submitted data. End users will be most interested in the integration with the Flowplayer Flash video player and the thumbnailing capabilities of the new image plugin. Both features are enabled by the new plugin mechanism, which also allows you to add fancy member profile parameters and alternative access control schemes.
The most interesting part of this release is its
new security features: CSRF protection, an
antispam module, per-resource moderation logs, and
a moderation request tracker. An RSS import module
allows you to syndicate content from other sites
on the front page. Massive changes were made in
the engine internals (MVC, deadlock-proof cache,
optional RDF query patterns, support for Lighttpd,
MySQL, SQLite3). Many minor enhancements were
made, like a new pagination system, file size
display, cleaner handling of replies and message
translations, better error reporting, and more UI
translations.
This version incorporates two years worth of real-world deployment. Apart from ubiquitous message translations management and RSS syndication, many old tools were made more flexible and easier to use. The focus management interface is simplified, and the front page packs more information into a better layout and allows you to include static headers and footers. Even more changes are under the hood: multi-layer caching, gzip and ETag, audio and video uploads, BitTorrent links, HTML and CSS filtering, flexible access control, new moderation features, new languages and themes, simplified installation, and more.
The front page layout has been changed to the more familiar vertical
split with the main column featuring focuses and the right column
running recent updates in the open publishing wire. A new moderation
facility allows you to take over messages, displace their contents
completely, and block member accounts. This release adds an alternative
CSS theme, "Indy" (selectable from the Settings page), and a Belorussian
translation. The database connection is now configurable and allows you
to run multiple Samizdat instances on a single server. Oversize titles
and descriptions are now truncated.
Samizdat can now send out email: this is used to
recover lost passwords and to confirm that a
member email address is real. Email addresses are
now unique, making it more difficult to cheat
using throwaway accounts. The dc:description
message property was added for attaching an
article abstract, a thumbnail image, or a table of
contents to a message. A preferences
infrastructure was added, allowing the addition of
more server-side member settings in the future.
The inevitable database schema change was made.