Announcements

We have received two reports about security issues that affect Geeklog in both current versions, i.e. 1.8.2 and 2.0.0 (which is not officially out yet, but in release candidate state):

• High-Tech Bridge Security Research Lab reported an XSS in the calendar_type parameter in the Calendar plugin.
• Trustwave Spiderlabs reported XSS in the install script, the Configuration, as well as in the Admin interfaces for the Polls plugin and the Topic editor.

To address these issues, we are releasing Geeklog 1.8.2sr1 (complete archive; also available as an update from 1.8.2) and Geeklog 2.0.0rc2.

Geeklog 1.8.2 is now available for download.

This is a maintenance release that fixes some bugs in Geeklog 1.8.1, most notably some incompatibilities with MySQL 5.5 and the Twitter OAuth login as well as a few minor issues.

There were no changes in the database, the themes, or the language files, so this should be a straightforward upgrade from any previous 1.8.x release.

Well you may have noticed a few changes with Geeklog.net. We have upgraded the site to use Geeklog 2.0.0rc1 and have switched over to a new theme called Modern Curve.

We have already updated the topics of the site to take advantage of the new child topics feature and you can expect to see other changes coming in the near future that will make it easier to find information and support on Geeklog.

We also have 2 demo sites now (thanks to Ironmax). One is for the current version of Geeklog found at http://demo.geeklog.net and the second one is for any pre-releases at http://demonext.geeklog.net. Links to the Geeklog demo sites can be found under the Resources block on the left.