Welcome to Geeklog, Anonymous Sunday, December 22 2024 @ 06:56 pm EST

News

Reminder: Remove the install script!

  • Thursday, June 04 2009 @ 03:40 pm EDT
  • Contributed by:
  • Views: 12,053
Security

A recent posting on the Bugtraq security mailing list should serve as a reminder to always remove the install script after a successful install or upgrade of Geeklog: MaXe points out an XSS, a path disclosure, and a remote file inclusion in the 1.5.x install script. The XSS is still present in the 1.6.0 install script and has been pointed out to us before by a person who called himself Nemesis.

We'll take care of this in the next 1.6.0 release (probably rc1). So again: Please follow the installation instructions and the built-in reminders to remove the install script and the other security tips that we provide before, during, and after the install.

Geeklog 1.6.0 BETA 1

  • Friday, May 01 2009 @ 01:20 pm EDT
  • Contributed by:
  • Views: 15,078
Announcements

The first beta version of Geeklog 1.6.0 is now available for download. This release incorporates the following projects implemented during the 2008 Google Summer of Code:

  • Site migration support and easier plugin installation, by Matt West
  • Improved search, by Sami Barakat
  • Comment moderation and editable comments, by Jared Wenerd

Other new features include a new plugin to produce proper sitemap.xml files (provided by mystral-kk) and quite a lot of "under the hood" fixes and improvements, e.g. many new and extended plugin API functions. Please see the included changelog (docs/history) for details.

This being a beta, we want to encourage you to try it out and provide us with feedback and bugreports, but you probably shouldn't be running it on a live site just yet.

Page navigation