Geeklog 1.4.0sr5 and 1.3.11sr7
- Sunday, July 16 2006 @ 12:00 pm EDT
- Contributed by: Dirk
- Views: 25,125
JPCERT/CC informed us about a possible XSS in the comment handling that we're fixing with the following releases:
- Geeklog 1.4.0sr5, available as a complete tarball and as an upgrade from 1.4.0sr4.
- Geeklog 1.3.11sr7, available as an upgrade from 1.3.11sr6 and as a combo update from any other 1.3.11 release.
Upgrades should be straightforward as you'll only have to replace one file (lib-comment.php for Geeklog 1.4.0 and comment.php for Geeklog 1.3.11).