Geeklog 1.3.11sr3
- Sunday, December 18 2005 @ 10:30 am EST
- Contributed by: Dirk
- Views: 21,216
Geeklog 1.3.11sr3 addresses two security issues as well as a few bugs:
- It was possible to submit comments even if you didn't have read permissions for the story or the topic, provided you knew the story's ID (reported by LWC).
- When tampering with the dates in a search, Geeklog produced a warning message that would disclose the path in which Geeklog was installed on the server (reported by r0t3d3Vil). It was not possible to use this for SQL injections.
The most notable bugfix in this release addresses the problems editing static pages when 'url_rewrite' was enabled (that bug was only introduced in 1.3.11sr2).
As usual, we provide both a complete 1.3.11sr3 tarball as well as an upgrade over 1.3.11sr2 (please see the included installation instructions).
Note: Both issues also exist in Geeklog 1.4.0b1 but have since been fixed in CVS. We will be releasing 1.4.0rc1 in a couple of days. In the meantime, you can get the nightly tarball if you want to update your 1.4.0b1 install now.