Geeklog 1.4.0sr3 and 1.3.11sr6


A few security issues in Geeklog have been reported by KAPDA (a possible SQL injection and authentication bypass, a possible cross site scripting, and a path disclosure in some themes). Additionally, an internal code review has revealed another possible SQL injection in the story submission.

Geeklog developers are therefore releasing Geeklog 1.4.0sr3 to address these issues, recommending that Geeklog users install the new version as soon as possible.

As usual, the current and previous versions of Geeklog (1.4.0 and 1.3.11, respectively) are supported. If you’re still running an older version, now may be a good time to upgrade.

Talking about security issues, a security issue has recently been found in FCKeditor, whose version 2.1 ships with Geeklog 1.4.0. Further explanations and remedies about this and all the previously mentioned issues can be found in the original Geeklog announcement.


Stats for Geeklog