Geeklog security issues (and 1.3.7sr2 update)
- Monday, May 26 2003 @ 04:45 pm EDT
- Contributed by: Dirk
- Views: 28,460
Security issues have been found with Geeklog 1.3.7sr1 (and older versions), one of which actually opens up the possibility to gain Admin control over a Geeklog site. We are therefore releasing Geeklog 1.3.7sr2 and strongly recommend that you upgrade to that version as soon as possible.
There is an upgrade archive (from 1.3.7sr1) available, as well as a full 1.3.7sr2 release. See the documentation for details.
This is the first major security issue with Geeklog that has been found in a long time and that actually enables an attacker to gain Admin control of a site. It was reported to us a few days ago and we are not aware of any sites being hacked as a result of this, since it does require a bit of knowledge to exploit. However, since we do take security seriously, we would like to point out again that it is important that you install this update ASAP.