|
The Ultimate Weblog System |
ResourcesGetting startedSupport Development SectionsGeeklog (190)
Geeklog 2 (28)
Announcements (201)
Summer of Code (8)
Security (55)
Plugins (50)
Server (26)
Spam (10)
What's NewSTORIESNo new storiesCOMMENTS last 2 daysNo new commentsTRACKBACKS last 2 daysNo new trackback commentsNEW FILES last 14 daysLINKS last 2 weeksNo recent new linksOlder StoriesMonday 17-MarTuesday 08-JanSaturday 29-DecTuesday 04-DecSunday 04-Nov |
Welcome to Geeklog
Saturday, May 17 2008 @ 04:20 AM EDT Geeklog 1.4.0sr5 and 1.3.11sr7 JPCERT/CC informed us about a possible XSS in the comment handling that we're fixing with the following releases:
Upgrades should be straightforward as you'll only have to replace one file (lib-comment.php for Geeklog 1.4.0 and comment.php for Geeklog 1.3.11).
TrackbackTrackback URL for this entry: http://www.geeklog.net/trackback.php/geeklog-1.4.0sr5 Here's what others have to say about 'Geeklog 1.4.0sr5 and 1.3.11sr7':
Computer Modding Website design in Swindon, Wiltshire
Geeklog - Geeklog 1.4.0sr5-1 and 1.3.11sr7-1 bugfix releases
http://www.blogsweek.com/en/geeklog-140sr5/
SunFrogServices.com » Geeklog rocks when it comes to security Geeklog 1.4.0sr5 and 1.3.11sr7
Authored by: TrappedOnEarth on
Monday, July 17 2006 @ 02:16 AM EDT
I just noticed something odd. After replacing my lib-comment.php file (updating from 1.4.0sr4 to 1.4.0sr5), when I add a comment on my site now, the preview is not working correctly. It is only showing the first few lines and is ignoring the html formating. I tried it using Safari and Firefox with the same results. Part my reason for posting this comment here now is to see if it happens here as well or not. I just tested it here as well by clicking the preview and it only displays the first few lines and ignores the html formatting. It seems to be limited to only previewing a comment, because when I hit submit, the complete comment does post along with the html formating. Geeklog 1.4.0sr5 and 1.3.11sr7
Authored by: ironmax on
Monday, July 17 2006 @ 03:39 AM EDT
Confirmed...I had to revert back to the other version
Geeklog 1.4.0sr5 and 1.3.11sr7
Authored by: Dirk on
Monday, July 17 2006 @ 04:04 AM EDT
Whoops. It's a bit overzealous now with the filtering. Looks like we have to release a fix for the fix ... Sorry about that. bye, Dirk Geeklog 1.4.0sr5 and 1.3.11sr7
Authored by: LWC on
Monday, July 17 2006 @ 05:10 AM EDT
Will you release it under a new name?
I wish you'd apply my new patch (supposedly it's new but it was in the forums since 2005) for "a public dummy site mail and a protected real site mail" as it's kind of annoying having to keep updating it manually inside each new version of system/lib-common.php...). Geeklog 1.4.0sr5 and 1.3.11sr7
Authored by: griffman on
Wednesday, July 19 2006 @ 05:32 PM EDT
Any update on the fix for the fix? It seems a choice of two bad options -- run with the hole plugged but comment preview borked, or have comment preview with a security hole...
-rob. Geeklog 1.4.0sr5 and 1.3.11sr7
Authored by: Dirk on
Thursday, July 20 2006 @ 02:01 AM EDT
Basically, it's this. I'm seeing extra backslashes on one of my sites, though, and I have had virtually no time to even attempt to roll out a new release, sorry. bye, Dirk Geeklog 1.4.0sr5 and 1.3.11sr7
Authored by: kegazow on
Tuesday, July 18 2006 @ 12:06 AM EDT
One thing that I noticed, as a user new to php and new to Geeklog, was the security notice on the site reviewing the site on a cursory level to make sure things were OK. I found out the hard way, however, that installing Geeklog with cPanel/Fantastico is just plain bad. Rather than relive all of the details, you can check it out here. The short of the long is this: how hard would it be to amp up the security check in subsequent releases to check for the path to some of the core components (i.e. config.php, plugins, logs, etc), and if they are the same as the root (i.e. flat installed into the root of the site) then give the user an indication that this is a bad thing? I intend to work at it a bit, but given that I am quite the n00b when it comes to PHP, my version may release at some point when computers are all embedded. Ciao, Geeklog 1.4.0sr5 and 1.3.11sr7
Authored by: Dirk on
Wednesday, July 19 2006 @ 03:16 PM EDT
Yeah, more thorough checks for a secure install are certainly on my to-do list. I was initially thinking about adding them to the install script, but it seems they should really be embedded into Geeklog itself for all those auto installers. The funny thing is that none of the authors of those auto installs ever contacted us. They just appeared out of nowhere. Initially, I thought they were a good idea but now I'm not so sure any more ... If anyone can provide us with contact addresses, we'll try and have a word with them. bye, Dirk Merging PHPBB and Geeklog
Authored by: Macaco on
Wednesday, July 19 2006 @ 10:59 AM EDT
hello... how can I merge phpbb and geeklog using the same user accounts on both but without having to register on both separately?
Geeklog 1.4.0sr5 and 1.3.11sr7
Authored by: barrywong on
Friday, July 21 2006 @ 07:10 AM EDT
I am running v1.4.0sr2. I decided to wait it out in May when sr3 was released with the statement... "Geeklog 1.4.1 available by the end of June." I admit it. I was lazy. Looks like I am 3 versions away now.
Any news of when 1.4.1 will be release? 8^) Thank you. |
| © 2002-2008 Geeklog Created this page in 0.42 seconds |
Powered By Geeklog 1.4.1 Hosted by pair.com |