Contributed by: Dirk Tuesday, January 08 2008 @ 02:20 pm EST
MustLive pointed out a possible XSS[*1] in the form to email an article to a friend that we're fixing with this release.
Please note that this problem only exists in Geeklog 1.4.0 - neither Geeklog 1.4.1 nor any older versions (1.3.x series) have that problem.
To upgrade from Geeklog 1.4.0sr5-1, download the upgrade archive[*2] . To upgrade from any other 1.4.0 version, please use the combo update[*3] , which also includes all the previous security updates.
Upgrades should be straightforward, as you only have to replace one file. Since security issues are often exploited soon after they become public, you should install this upgrade as soon as possible.