FrOSCon, the Free and Open Source Software Conference, is a 2-day event taking place on June 24th and 25th, 2006, in Bonn, Germany. I'll be there on the first day (Saturday, June 24th) giving the Using Geeklog as a Web Application Framework presentation again.

The talk is part of a separate PHP track that's not up on the website yet.

I realize this is on rather short notice, but I only got the confirmation myself yesterday. Still, if you have a chance - drop by and say Hi!

We're probably not the only ones seeing a sharp increase in the amount of Trackback spam over the last couple of weeks. Trackbacks are a new feature in Geeklog 1.4.0 and we're still learning ...

So here's a first result of that learning process: A new version of the lib-trackback.php for Geeklog 1.4.0 that contains a few improvements to better fight Trackback spam:

• a separate speedlimit setting for Trackbacks
• stricter handling of the speedlimit for Trackbacks
• can optionally check if the site that sent the Trackback actually contains a link to your site
• option to log rejected Trackbacks

The Security Science Researchers Institute Of Iran (KAPDA.ir) has reported the following security issues in Geeklog:

1. Possible SQL injection and authentication bypass in auth.inc.php
2. Possible XSS in getimage.php
3. Path disclosure in getimage.php and the functions.php of some themes, e.g. the Professional theme

Additionally, an internal code review has revealed another possible SQL injection in the story submission.

We are therefore releasing Geeklog 1.4.0sr3 (complete tarball, upgrade archive) and Geeklog 1.3.11sr6 (upgrade archive, combo update) to address these issues and would suggest that you install these as soon as possible.

Read on for more information ...