Geeklog 1.8.1 is now available for download. This is a maintenance and recommended upgrade for Geeklog 1.8.0.

This release ships with jQuery 1.6.3, which fixes a possible XSS in that JavaScript library, which shouldn't have affected Geeklog itself, but may potentially exist in add-ons that make extensive use of jQuery. Geeklog 1.8.1 also fixes two cases of information leakage, where the OAuth consumer key and secret were exposed when enabling the "rootdebug" option (which is off by default). Also, the MS SQL driver was displaying full details of SQL errors by default.

Other changes in this release:

There were no changes in the database, the themes or the language files in Geeklog 1.8.1 (over 1.8.0), so upgrades should be relatively straighforward.

Next up: We will now concentrate on Geeklog 1.9.0, which will bring some changes in topics, blocks, and the MySQL API that may affect existing plugins. Plugin authors are encouraged to join us on the geeklog-devel mailing list and also to try out the "nightly" tarball for early testing.

Comments (8)