The Ultimate Weblog System

Resources

Getting started
Support
Development

Sections

User Functions





Don't have an account yet? Sign up as a New User
Lost your password?

What's New

Stories

No new stories

Comments last 2 days

No new comments

Trackbacks last 2 days

No new trackback comments

NEW FILES last 14 days


Links last 2 weeks

No recent new links

Older Stories

Friday 26-Sep


Thursday 25-Sep


Monday 22-Sep


Thursday 11-Sep

Welcome to Geeklog
Wednesday, November 19 2008 @ 05:39 PM EST

Geeklog 1.5.1 Security Fixes

Monday, September 22 2008 @ 03:09 PM EDT

Contributed by: Dirk

Views: 964

Security

Geeklog 1.5.1 addresses the following security issues:

  • The recently reported file upload issue in FCKeditor. A fix is now included. When upgrading from earlier versions, we strongly recommend that you remove your old copy of the "fckeditor" directory and replace it with the version that ships with Geeklog 1.5.1 to ensure that old files are removed and replaced properly.
  • Mark Evans reported that our protection against direct execution of include files did not work properly on non-case sensitive file systems (e.g. on Windows). This only affects sites that weren't installed correctly in the first place (the files in question should not be reachable from the web). This includes sites installed through Fantastico, though.

The following issues are bugs in Geeklog 1.5.0 regarding the access control for stories:

  • It was possible to view stories with a publication date in the future and stories that had the draft flag set if you knew their story ID.
  • It was possible to post comments on unpublished stories if you knew their story ID.

What's Related

Story Options

Trackback

Trackback URL for this entry: http://www.geeklog.net/trackback.php/geeklog-1.5.1-security

Here's what others have to say about 'Geeklog 1.5.1 Security Fixes':

Geeklog 1.5.1 - Geeklog
[...] quite a few bugs and rough edges in 1.5.0. Geeklog 1.5.1 also addresses some security issues, as detailed in a separate article. For the list of changes, please refer to the documentation and the included changelog. What's Related download [...] [read more]
Tracked on Monday, September 22 2008 @ 03:11 PM EDT

Geeklog 1.5.1 - Geeklog
[...] 1.5.1 LINKS letzte 2 WochenEs gibt keine Links anzuzeigen. Termine Samstag 27. Sep. - Sonntag 28. Sep. ArtikelWeiterf?hrende Links Download neue Features unerw?nschten Datei-Upl... Artikel Mehr von Dirk Mehr aus Ank?ndigungen Optionen An einen [...] [read more]
Tracked on Monday, September 22 2008 @ 03:45 PM EDT

Alcance Libre - Disponible Geeklog 1.5.1.
[...] recomendada.Geeklog 1.5.1 también corrige algunos problemas de seguridad, detallados en este enlace. para consultar los detalles acerca de los cambios, se puede consultar la documentación en este otro enlace o bien en el [...] [read more]
Tracked on Monday, September 22 2008 @ 07:48 PM EDT

Disponible Geeklog 1.5.1. - Soporte Geeklog Hispano
[...] recomendada.Geeklog 1.5.1 también corrige algunos problemas de seguridad, detallados en este enlaceonsultar los detalles acerca de los cambios, se puede consultar la documentación en este otro enlace o bien en el fichero [...] [read more]
Tracked on Tuesday, September 23 2008 @ 02:18 PM EDT

Geeklog 1.5.1 Security Fixes | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.

© 2002-2008 Geeklog
Created this page in 0.19 seconds 		Powered By Geeklog 1.5.1 
Hosted by pair.com