News

Just a quick note, since it's not really a Geeklog topic but somehow affects a lot of people here nonetheless:

A severe vulnerability has been found in the Apache webserver. A posting on BugTraq has all the details.

bye, Dirk

I\'ve updated the suggestion block to where it will personalize the message depending on username. If the user is a guest they\'re username will, of course, be Guest. It was a great idea Alan of http://goddammit.co.uk gave me and if you wanna check it out, go to www.gxblock.com,scroll down and look to your right to see the changed block. Registered members will also have the message sent via the registered email. Installation instructions do not change from the last release, just replace the old function and php script with the new files. Thank you and thank you Geeklog for the excellent portal!

We have been made aware of several security issues with Geeklog 1.3.5 (earlier versions are probably affected as well). These allow for the injection of malicious javascript code which could be used e.g. to take over the admin's cookie. There is also an issue that allows the injection of MySQL requests from outside, possibly exposing data or even damaging the database (under certain circumstances). Details about these problems will be posted on the Bugtraq list later today.

In order to secure your installations, we have released Geeklog 1.3.5sr1 which addresses these issues. You are strongly encouraged to upgrade to this version as soon as possible.

If your site is running Geeklog 1.3.5, you could also download this file which contains just the affected files. After uploading them, your installation will be secure. Please note that this may overwrite customisations you may have made to the affected files.