Welcome to Geeklog, Anonymous Tuesday, December 24 2024 @ 09:09 pm EST

News

Geeklog 1.4.0sr1 and 1.3.11sr4

  • Sunday, February 19 2006 @ 03:30 pm EST
  • Contributed by:
  • Views: 32,842
Security

James Bercegay of GulfTech Security Research reported several issues with Geeklog's cookie handling that made it vulnerable to SQL injections, arbitrary file access, and even injection and execution of arbitrary code. To fix those issues, we are releasing Geeklog 1.4.0sr1 and 1.3.11sr4 and strongly suggest that you install those updates as soon as possible.

For Geeklog 1.4.0, there's the complete 1.4.0sr1 tarball as well as an upgrade archive containing only the necessary changes over 1.4.0.

To upgrade from Geeklog 1.3.11sr3, use the 1.3.11sr4 upgrade archive. If you're running on an older 1.3.11 release, you will have to install the previous updates first. You can, of course, always choose to update to 1.4.0sr1 directly, following the usual upgrade instructions.

Upgrading to 1.4.0sr1 is also what we suggest to anyone using a Geeklog version older than 1.3.11, as the reported issues also affect all earlier versions.

Geeklog 1.4.0

  • Sunday, February 05 2006 @ 09:30 am EST
  • Contributed by:
  • Views: 40,050
Announcements

Geeklog 1.4.0 is one of the biggest updates in Geeklog's history and introduces the following new features and changes:

  • Geeklog now officially works with register_globals = off.
  • Ships with FCKeditor (WYSIWYG editor).
  • Supports Trackback, Pingback, and pinging weblog directories.
  • Remote authentication lets registered users of remote services such as Blogger.com and LiveJournal log into your Geeklog site without having to register.
  • New syndication framework that can both read and write feeds in RSS (0.9x and 2.0), RDF, and Atom (0.3 and 1.0) formats.
  • The links and polls sections are now plugins and can be disabled, removed, or replaced easily when you don't need them.
  • Revamped Admin sections to provide a consistent look and sortable lists.
  • New search only returns a specified amount of results per page, thus avoiding the embarrassing timeouts on large databases.
  • ... and more.

Geeklog 1.4.0rc2

  • Sunday, January 22 2006 @ 04:00 pm EST
  • Contributed by:
  • Views: 19,616
Announcements

We're almost there: Geeklog 1.4.0rc2 is the second and final (or so we hope) release candidate for Geeklog 1.4.0.

This release fixes issues with the FCKeditor integration, SQL errors, improves handling of trackbacks and pingbacks, and a few other issues. It also includes updated PEAR packages.

Please help us squash the remaining bugs by installing this release candidate or try it out at the demo site. Bugs can be reported in our bug tracker (now that it's back online) or simply by posting a comment to this story. Thanks!

Page navigation