1000 students have now been accepted for this year's incarnation of the Google Summer of Code. We had a really hard time selecting from the mostly excellent applications for Geeklog and AptitudeCMS this year. In the end, we decided on the following students and their projects:

For Geeklog:

• Sean Clark will be working on a test framework, mentored by Dirk Haun
• Tim Patrick will create a plugin repository, mentored by Matt West
• Stan Palatnik will add PostgreSQL support, mentored by Vincent Furia
• Thomas Gutleben will implement a complete OpenID 2.0 library, mentored by Randy Kolenko
• Phaneendra Kaddi will add image and comment support to the webservices, mentored by Ramnath Iyer

For AptitudeCMS:

• Kittipat Virochsiri will write a taxonomy plugin, mentored by Tony Bibbs
• Barry Carlyon will work on the syndication API, mentored by Justin Carlson

Congratulations to Barry, Kittipat, Phaneendra, Sean, Stan, Thomas, and Tim, and we're looking forward to working with you during the summer.

To those that didn't make the cut: Thanks again for your application. We had a lot of very good proposals this year and some of the decisions were really, really hard to make. If you have any questions regarding your application, please feel free to contact us through the usual channels.

Bookoo of the Nine Situations Group has posted yet another SQL injection exploit. This time, the problem is in usersettings.php and can again be used by an attacker to extract the password hash for any account. Geeklog 1.5.2sr4 fixes this issue and is available for download

• as a complete tarball, for fresh installs and upgrades from any earlier release
• as an update for 1.5.2sr3 and
• as a "combo" update, bundling all the changes for 1.5.2sr1 - 1.5.2sr4.

Geeklog 1.5.2sr3 addresses the recently published exploit for an SQL injection in the webservices. It is available for download

• as a complete tarball, for fresh installs and upgrades from any earlier release
• as an update for 1.5.2sr2 and
• as a "combo" update, bundling all the changes for 1.5.2sr1 - 1.5.2sr3.

After installing this update, you can enable the webservices again if you need them (or leave them disabled if you don't - they are not an essential feature, unless you happen to be using an AtomPub client to post articles).