Geeklog 1.4.0sr3 and 1.3.11sr6
May 28, 2006 -- filed under News![[Geeklog]](/images/geeklog.gif "Geeklog")
A few security issues in Geeklog have been reported by KAPDA (a possible SQL injection and authentication bypass, a possible cross site scripting, and a path disclosure in some themes). Additionally, an internal code review has revealed another possible SQL injection in the story submission.
Geeklog developers are therefore releasing Geeklog 1.4.0sr3 to address these issues, recommending that Geeklog users install the new version as soon as possible.
As usual, the current and previous versions of Geeklog (1.4.0 and 1.3.11, respectively) are supported. If you’re still running an older version, now may be a good time to upgrade.
Talking about security issues, a security issue has recently been found in FCKeditor, whose version 2.1 ships with Geeklog 1.4.0. Further explanations and remedies about this and all the previously mentioned issues can be found in the original Geeklog announcement.
Related
- June 15, 2008: Geeklog 1.5.0 (link)
- June 8, 2008: Geeklog 1.5.0 RC2 (link)
- May 25, 2008: Geeklog 1.5.0 RC1 (link)
- May 20, 2008: Geeklog 1.5.0 beta 2 (link)
- May 5, 2008: Geeklog 1.5.0 beta 1 (link)
- January 8, 2008: Geeklog 1.4.0sr6 (link)
- December 31, 2006: Geeklog 1.4.1 (News)
- December 17, 2006: Geeklog 1.4.1 RC1 (News)
- November 5, 2006: Geeklog 1.4.1 beta 2 (News)
- September 17, 2006: Geeklog 1.4.1 beta 1 (News)
- August 31, 2006: Geeklog (Directory)
- July 23, 2006: Geeklog 1.4.0sr5 and 1.3.11sr7 (News)
- June 30, 2006: Geeklog 1.4.0sr4 (News)
- May 28, 2006: Geeklog 1.4.0sr3 and 1.3.11sr6 (News)
- March 5, 2006: Geeklog 1.4.0sr2 and 1.3.11sr5 (News)
- February 19, 2006: Geeklog 1.4.0sr1 and 1.3.11sr4 (News)
- February 5, 2006: Geeklog 1.4.0 (News)
Stats for Geeklog
- 11th place in Powered by . . .
- 18th place in Most visited CMS site
- 17th place in Most linked CMS site
Links
- Geeklog reference site: http://www.geeklog.net/