BlogsWeek.com

“James Bercegay of GulfTech Security Research reported several issues with Geeklog’s cookie handling that made it vulnerable to SQL injections, arbitrary file access, and even injection and execution of arbitrary code. To fix those issues, we are releasing Geeklog 1.4.0sr1 and 1.3.11sr4 and strongly suggest that you install those updates as soon as possible.”

For full details and upgrading instructions, please read the release announcement.

The PostNuke development team is pleased to announce the release of PostNuke .762. “This release addresses a number of issues found since the release of .761, and also introduces new security enhancements.

PostNuke .762 has been audited by Maksymilian Arciemowicz of www.securityreason.com for security vulnerabilities, and as a result a great deal of work on security has gone into this release. The PostNuke team thanks Maksymilian for his work, and we hope this will improve PostNuke’s existing strong security record. Further audits will be carried out on the PostNuke .8 codebase prior to release.

As a result of the security enhancements in .762, it is advised that all site administrators update their sites immediately to ensure they stay secure.”

For additional details please refer to the PostNuke .762 release announcement.

After almost one year in development, a public beta and two release candidates, today Geeklog 1.4.0 has been released. This “is one of the biggest updates in Geeklog’s history and introduces many new features and changes. Among them:

* Geeklog now works with register_globals = off.
* Ships with FCKeditor (WYSIWYG editor).
* Supports Trackback, Pingback, and pinging weblog directories.
* New syndication framework that can both read and write feeds in RSS (0.9x and 2.0), RDF, and Atom (0.3 and 1.0 formats.”

For additional information, please read the full Geeklog release announcement.