Geeklog 1.4.0sr5 and 1.3.11sr7


July 16, 2006 – New security release for Geeklog: “JPCERT/CC informed us about a possible XSS in the comment handling that we’re fixing with the following releases:

* Geeklog 1.4.0sr5, available as a complete tarball and as an upgrade from 1.4.0sr4.
* Geeklog 1.3.11sr7, available as an upgrade from 1.3.11sr6 and as a combo update from any other 1.3.11 release.

Upgrades should be straightforward as you’ll only have to replace one file (lib-comment.php for Geeklog 1.4.0 and comment.php for Geeklog 1.3.11).

Source of this information is the Geeklog release announcement.

Update: July 23, 2006 – Last week’s security release introduced display problems in the comment preview that are now fixed with Geeklog 1.4.0sr5-1 and 1.3.11sr7-1.


Stats for Geeklog