Geeklog 1.5.1 is mostly a bugfix update for Geeklog 1.5.0. The first release candidate is now available for download.

As you can see from the list of changes, we've also thrown in a few minor improvements. Overall, however, the focus for this release is on bugfixes before we're moving on to integrate the new features developed during this year's Summer of Code.

A user by the name of t0pP8uZz has demonstrated that the file upload capabilities of FCKeditor, as shipped with Geeklog, can be used to directly upload various sorts of files to a website running Geeklog. The file types are still restricted by FCKeditor's whitelist of allowed types, so it's not possible to upload PHP scripts or the like. Still, this is not something that should be possible as it has the potential for malicious use.

The issue affects Geeklog 1.4.1 and 1.5.0 and possibly other versions when FCKeditor was updated manually.

We will be addressing this problem in the upcoming 1.5.1 release of Geeklog. In the meantime, here's a list of things you can do now:

Michael Hampton has been busy updating Bad Behavior, blocking new spambots and fixing the occasional false positive. Since the Geeklog version of Bad Behavior was a few revisions behind, I've made a new package to update the Geeklog plugin to the latest version 2.0.23.

You can download Bad Behavior 2.0.23 for Geeklog from the download area. For the release notes, please see the Bad Behavior homepage.