The Flickr plugin displays thumbnails of Flickr photos on your site and links the thumbnails to their photo pages.

All the plugin does is to implement a [flickr:] autotag. You simply add the photo's id and it does all the rest. What is a photo id? When you view a photo on Flickr, the URL looks something like this:

http://www.flickr.com/photos/dhaun/71877803/

So here "71877803" is the photo's id. Now you simply add that id in the [flickr:] autotag after the colon:

[flickr:71877803]

When the story is displayed, it will show the photo's thumbnail instead of the autotag. Clicking on the thumbnail will take you to the photo page on Flickr (the above URL, in this example).

The plugin will get the photo's title from Flickr and display it as a title attribute when you hover your mouse over the thumbnail. If you'd rather provide your own title, simply enter it after the id:

[flickr:71877803 How to make a penguin fly]

And that's pretty much everything the plugin currently does.

Just in time for the new year: The first release candidate for Geeklog 1.4.0 is now available for download.

Quite a few bugs have been fixed, some minor improvements have been made, and so this should provide a much smoother experience than the beta. But still: Remember that this is not the final version yet, so if in doubt, you may want to wait for the official release in the not-too-distant future.

In the meantime, please help us squash the remaining bugs by reporting them in the official 1.4.0rc1 bug thread in the forums. And you don't have to install 1.4.0rc1 to do that, since the demo site has also been updated.

Geeklog 1.3.11sr3 addresses two security issues as well as a few bugs:

• It was possible to submit comments even if you didn't have read permissions for the story or the topic, provided you knew the story's ID (reported by LWC).
• When tampering with the dates in a search, Geeklog produced a warning message that would disclose the path in which Geeklog was installed on the server (reported by r0t3d3Vil). It was not possible to use this for SQL injections.

The most notable bugfix in this release addresses the problems editing static pages when 'url_rewrite' was enabled (that bug was only introduced in 1.3.11sr2).

As usual, we provide both a complete 1.3.11sr3 tarball as well as an upgrade over 1.3.11sr2 (please see the included installation instructions).

Note: Both issues also exist in Geeklog 1.4.0b1 but have since been fixed in CVS. We will be releasing 1.4.0rc1 in a couple of days. In the meantime, you can get the nightly tarball if you want to update your 1.4.0b1 install now.