Geeklog 1.4.0sr5 and 1.3.11sr7

Sunday, July 16 2006 @ 12:00 PM EDT

JPCERT/CC informed us about a possible XSS in the comment handling that we're fixing with the following releases:

• Geeklog 1.4.0sr5, available as a complete tarball and as an upgrade from 1.4.0sr4.
• Geeklog 1.3.11sr7, available as an upgrade from 1.3.11sr6 and as a combo update from any other 1.3.11 release.

Upgrades should be straightforward as you'll only have to replace one file (lib-comment.php for Geeklog 1.4.0 and comment.php for Geeklog 1.3.11).

Comments (0)

Geeklog
http://www.geeklog.net/article.php/geeklog-1.4.0sr5