Welcome to Geeklog, Anonymous Sunday, December 22 2024 @ 11:42 pm EST

News

Geeklog 1.5.2sr2

  • Saturday, April 04 2009 @ 01:40 pm EDT
  • Contributed by:
  • Views: 20,570
Security

Bookoo of the Nine Situations Group posted an SQL injection exploit for glFusion that also works with Geeklog. This issue allowed an attacker to extract the password hash for any account and is fixed with this release. Please note that this problem exists in all Geeklog versions prior to 1.5.2sr2.

You can download an upgrade archive for Geeklog 1.5.2sr1 or the complete 1.5.2sr2 tarball to upgrade from any previous version.

The upgrade tarball contains only one file (a drop-in replacement for lib-sessions.php) and can also be used to fix the issue on Geeklog 1.4.1, 1.5.0, and 1.5.1.

As a temporary measure (and to secure older Geeklog releases that are not supported any more), you can also make the following configuration change, at the risk of inconveniencing some of your users:

Geeklog 1.5.2sr1

  • Monday, March 30 2009 @ 02:40 pm EDT
  • Contributed by:
  • Views: 11,603
Security

Fernando Muñoz reported a possible XSS in the query form on most admin panels that we are fixing in this release.

You can download an upgrade archive for Geeklog 1.5.2 or the complete 1.5.2sr1 tarball to upgrade from any previous version.

The upgrade tarball contains only one file and should also work as a quick fix for Geeklog 1.5.0 and 1.5.1. We do recommend upgrading to 1.5.2sr1 from those versions, though, due to various other bugs that have since been fixed.

Fernando is one of the students applying for participation in the Google Summer of Code with Geeklog, btw. Which just goes to show that it's always good to have a fresh pair of eyes looking over your code. Thanks, Fernando!

Geeklog 1.5.2

  • Sunday, February 08 2009 @ 12:15 pm EST
  • Contributed by:
  • Views: 7,824
Announcements

Geeklog 1.5.2 is now available for download. This is another maintenance release for the 1.5.x series but also includes a few minor improvements.

Since the release candidate, we've fixed an issue with static pages on PHP 4 (that was only introduced in 1.5.2rc1) and a problem with the story preview that caused the appearance of backslashes in the story title on some setups.

Page navigation