Geeklog 1.4.0sr4
- Friday, June 30 2006 @ 05:25 pm EDT
- Contributed by: Dirk
- Views: 16,133
To address the recently posted exploits for insecure installations and for the mcpuk file manager, we are releasing Geeklog 1.4.0sr4.
In this release, we've removed the file manager altogether, so you will no longer be able to upload images through FCKeditor (this will be enabled again when we release Geeklog 1.4.1 with FCKeditor 2.3). We've also added additional protection against code execution in case of insecure installations but suggest that you really protect your Geeklog install properly as explained in the installation instructions and in the FAQ.
We are not releasing any updates for these issues as they wouldn't make much sense. In case of the first exploit, it's really an installation problem that should be fixed and in the case of the file manager, files will have to be removed (as explained in the article linked to above).
Please note that the first issue applies to all Geeklog releases, while the second only applies to all the 1.4.0 releases.