Contributed by: Dirk Monday, March 30 2009 @ 02:40 pm EDT
Fernando Muñoz reported a possible XSS[*1] in the query form on most admin panels that we are fixing in this release.
The upgrade tarball contains only one file and should also work as a quick fix for Geeklog 1.5.0 and 1.5.1. We do recommend upgrading to 1.5.2sr1 from those versions, though, due to various other bugs that have since been fixed.
Fernando is one of the students applying for participation in the Google Summer of Code[*4] with Geeklog, btw. Which just goes to show that it's always good to have a fresh pair of eyes looking over your code. Thanks, Fernando!
On a side note, a recent security issue that was reported for glFusion (a fork of Geeklog) does not affect any of the currently released versions of Geeklog. It does, however, affect the current development version (what will become Geeklog 1.6.0). We will address that issue before the release of Geeklog 1.6.0.