For the Geeklog installation on fsim-ev.de (a social website for the students of the university of applied sciences Regensburg) i've developed a private message plugin and a plugin where user can create groups with group internal dokuwiki-namespace and group forum.

If someone is interested in this download it from my mercurial repository http://fsim-ev.de/hg/pmessage/ and http://fsim-ev.de/hg/groupable/

A recent posting on the Bugtraq security mailing list should serve as a reminder to always remove the install script after a successful install or upgrade of Geeklog: MaXe points out an XSS, a path disclosure, and a remote file inclusion in the 1.5.x install script. The XSS is still present in the 1.6.0 install script and has been pointed out to us before by a person who called himself Nemesis.

We'll take care of this in the next 1.6.0 release (probably rc1). So again: Please follow the installation instructions and the built-in reminders to remove the install script and the other security tips that we provide before, during, and after the install.

The second beta version of Geeklog 1.6.0 is now available for download.

This release fixes quite a few rough edges in beta 1, for example in the search and the new XMLSitemap plugin. There are a few more issues remaining to be addressed and if you find anything else, please submit a bugreport.