Geeklog 1.5.2sr3

Monday, April 13 2009 @ 11:55 AM EDT

Contributed by: Dirk

Geeklog 1.5.2sr3 addresses the recently published exploit for an SQL injection in the webservices. It is available for download

as a complete tarball, for fresh installs and upgrades from any earlier release
as an update for 1.5.2sr2 and
as a "combo" update, bundling all the changes for 1.5.2sr1 - 1.5.2sr3.

After installing this update, you can enable the webservices again if you need them (or leave them disabled if you don't - they are not an essential feature, unless you happen to be using an AtomPub client to post articles).

After the recent series of security issues, we will of course now take a closer look at Geeklog's source code again and re-evaluate our security measures. What's interesting about the last two exploits, for example, is that they simply were not possible a few years ago, as they rely on new features in MySQL 5. So there's obviously room for improvement here.

A quick overview of our plans for the near future: We're currently wrapping up the selection process for the student applications for this year's Summer of Code (results to be announced on April 20). We will also be publishing a beta version of Geeklog 1.6.0 at around the same time. Any results of a code review will then be available with the final 1.6.0 release (no due date, but tentatively before or around May 23, again in sync with the timeline for the Summer of Code.

Sorry for the recent hassle and we hope you stick with us.

Trackback

Trackback URL for this entry: http://www.geeklog.net/trackback.php/geeklog-1.5.2sr3

Disponible Geeklog-1.5.2sr3 - Soporte Geeklog Hispano
[...] de nuevo el servicio "webservices" (esto si usted lo considera necesario.Mas detalles sobre esto en Geeklog.net Trackback Trackback URL for this entry: http://glhispano.alcancelibre.org/trackback.php/2009041311540797 No trackback [...] [read more]
Tracked on Monday, April 13 2009 @ 12:59 PM EDT

Geeklog1.5.2sr3 - Geeklog France
[...] Les semaines se suivent et les mises à jour de sécurité aussi. Aujourdhui c'est une correction de l'injection SQL possible dans le module webservices. Sont donc disponibles la tarball complète pour une nouvelle [...] [read more]
Tracked on Monday, April 13 2009 @ 01:53 PM EDT

http://devnote.com.mx/blog/2009/04/13/disponible-geeklog-152sr3/
[...] permite publicar artículos y otros contenido a través de programas que utilizan el protocolo AtomPub. Fuente: Geeklog.net. Fuente: Alcance Libre Leave a Reply Name (required) Mail (will not be published) (required) Website POPULAR [...] [read more]
Tracked on Monday, April 13 2009 @ 02:01 PM EDT

Geeklog 1.5.2sr4 - Geeklog
[...] die Sicherheits-Updates zur Zeit in einem Tempo, dass ich kaum dazu komme, geeklog.info mit zu aktualisieren. Geeklog 1.5.2sr3 mit den Webservices) k?nnen wir daher gleich ?berspringen und kommen nun zu Geeklog 1.5.sr4. Dieses Update behebt eine [...] [read more]
Tracked on Saturday, April 18 2009 @ 07:56 AM EDT

Resources

Getting started

Support

Development

Sections

User Functions

What's New

Stories

Comments last 2 days

Trackbacks last 2 days

Pages last 2 weeks

NEW FILES last 14 days

Links last 2 weeks

Older Stories

Sunday 22-Nov

Tuesday 17-Nov

Sunday 08-Nov

Thursday 15-Oct

Geeklog 1.5.2sr3

What's Related

Story Options

Trackback