Geeklog 1.5.2sr1

Monday, March 30 2009 @ 02:40 PM EDT

Contributed by: Dirk

Fernando Muñoz reported a possible XSS in the query form on most admin panels that we are fixing in this release.

You can download an upgrade archive for Geeklog 1.5.2 or the complete 1.5.2sr1 tarball to upgrade from any previous version.

The upgrade tarball contains only one file and should also work as a quick fix for Geeklog 1.5.0 and 1.5.1. We do recommend upgrading to 1.5.2sr1 from those versions, though, due to various other bugs that have since been fixed.

Fernando is one of the students applying for participation in the Google Summer of Code with Geeklog, btw. Which just goes to show that it's always good to have a fresh pair of eyes looking over your code. Thanks, Fernando!

On a side note, a recent security issue that was reported for glFusion (a fork of Geeklog) does not affect any of the currently released versions of Geeklog. It does, however, affect the current development version (what will become Geeklog 1.6.0). We will address that issue before the release of Geeklog 1.6.0.

Trackback

Trackback URL for this entry: http://www.geeklog.net/trackback.php/geeklog-1.5.2sr1

Geeklog 1.5.2sr1 - Geeklog France
[...] une upgrade archive for Geeklog 1.5.2 ou la complete 1.5.2sr1 tarballArticle original http://www.geeklog.net/article.php/geeklog-1.5.2sr1 Ressources upgrade archive for Gee... complete 1.5.2sr1 tarball http://www.geeklog.net/... [...] [read more]
Tracked on Monday, March 30 2009 @ 04:08 PM EDT

http://devnote.com.mx/blog/2009/03/31/disponible-geeklog-252sr1/
[...] 1.5.2 o bien el paquete completo de Geeklog 1.5.2sr1 para actualizar desde cualquier versión de Geeklog. Fuente: Geeklog. Fuente: Alcance Libre Leave a Reply Name (required) Mail (will not be published) (required) Website POPULAR COMMENTS [...] [read more]
Tracked on Tuesday, March 31 2009 @ 12:17 PM EDT

geeklog-1.5.2sr1/public_html/admin/install/index.php geeklog-1.5.2sr1/public_html/docs/changed-files geeklog-1.5.2sr1/public_html/docs/changes.html geeklog-1.5.2sr1/public_html/docs/history geeklog-1.5.2sr1/public_html/siteconfig.php geeklog-1.5.2sr1/system/lib-admin.php

Geeklog 1.5.2sr1 | 4 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Authored by: LWC on Monday, March 30 2009 @ 03:58 PM EDT

The included README claims it's bug #84 where it's actually bug #841. Claiming a low number such as #84 makes it look like it wasn't fixed for years (and indeed #84 is a suspended feature request from 2004).

[ Reply to This | # ]

Authored by: Dirk on Monday, March 30 2009 @ 04:21 PM EDT

Is was about to say "it's a typo, not a conspiracy". But I don't even see a typo - it does say

Fernando Munoz reported a possible XSS in the query form on most admin panels that we are fixing with this release (bug #0000841).

Does it not?

Authored by: LWC on Monday, March 30 2009 @ 07:22 PM EDT

I could have sworn it said 84 earlier. Well, it doesn't matter now.

Authored by: taca on Tuesday, March 31 2009 @ 01:01 AM EDT

Hi,

geeklog-1.5.2sr1/public_html/docs/changed-files lists these files:

But when I checked against geeklog-1.5.2,


geeklog-1.5.2sr1/system/pear/Archive/Tar.php

was also updated.

I wish that new Tar.php improve somthing and no negative effect. :-)

---
taca

Resources

Getting started

Support

Development

Sections

User Functions

What's New

Stories

Comments last 2 days

Trackbacks last 2 days

Pages last 2 weeks

NEW FILES last 14 days

Links last 2 weeks

Older Stories

Sunday 22-Nov

Tuesday 17-Nov

Sunday 08-Nov

Thursday 15-Oct

Geeklog 1.5.2sr1

What's Related

Story Options

Trackback