We have received two reports about security issues that affect Geeklog in both current versions, i.e. 1.8.2 and 2.0.0 (which is not officially out yet, but in release candidate state):

• High-Tech Bridge Security Research Lab reported an XSS in the calendar_type parameter in the Calendar plugin.
• Trustwave Spiderlabs reported XSS in the install script, the Configuration, as well as in the Admin interfaces for the Polls plugin and the Topic editor.

To address these issues, we are releasing Geeklog 1.8.2sr1 (complete archive; also available as an update from 1.8.2) and Geeklog 2.0.0rc2.

The new release of jQuery plugin for Geeklog is available for download.

This new version allows you to easily add images from Mediagallery plugin in your forum. This requires that three plugins are installed (forum, mediagallery and jquery). When you create or reply to a forum post, simply click on the link "Add a document" below the edit window and select the desired media. This new tool works like Mediagallery browser for advanced editor since it is derived.

Note that the code highlighter and ckeditor have been removed from this version of jQuery plugin.

Download jQuery plugin 1.4
http://geeklog.fr/downloads/index.php/jquery_1.4

Geeklog 1.8.2 is now available for download.

This is a maintenance release that fixes some bugs in Geeklog 1.8.1, most notably some incompatibilities with MySQL 5.5 and the Twitter OAuth login as well as a few minor issues.

There were no changes in the database, the themes, or the language files, so this should be a straightforward upgrade from any previous 1.8.x release.