Welcome to Geeklog Wednesday, June 19 2013 @ 12:15 AM EDT
You may remember the flurry of security issues that Bookoo of the Nine Situations Group reported for Geeklog in April last year. Well, it looks like we missed one issue in those reports: Geeklog's auto login feature is vulnerable to brute force / dictionary attacks. To fix this, we are releasing the following security updates:
Other versions: The issue is also fixed in Geeklog 1.7.0 (but present in the 1.7.0 beta and release candidate). The 1.5.2sr6 upgrade can also be used for Geeklog 1.6.0, 1.5.1, and 1.5.0. Earlier versions were not tested - we really recommend to upgrade to a newer version (1.6.1sr1 or 1.7.0) instead.
Geeklog 1.7.0 is now available for download.
This release adds support for PostgreSQL (in addition to MySQL and MS SQL), developed by Stan Palatnik during the Google Summer of Code 2009. It also adds a re-authentication option in case the CSRF token expires, thus preventing loss of data. For other improvements, please see the list of changes. Of course, it also addresses the latest security issue.
We would also like to thank all those students again who applied for the Google Summer of Code 2010 and submitted patches for Geeklog. Some of them already made it into 1.7.0, the rest is scheduled for inclusion into Geeklog 1.7.1. We will also be looking into adding more of our successful GSoC projects from 2009 into that release.
If you need help in setting up or using Geeklog, please see the documentation, the FAQ, the Wiki, try our search page or browse through the Support Forum. Chances are someone else already had the same problem.
More resources are listed on the support page.
If you still can't find an answer, feel free to post in the forum.
Need help now? Try our web-based IRC chat.