We have received two reports about security issues that affect Geeklog in both current versions, i.e. 1.8.2 and 2.0.0 (which is not officially out yet, but in release candidate state):

To address these issues, we are releasing Geeklog 1.8.2sr1 (complete archive; also available as an update from 1.8.2) and Geeklog 2.0.0rc2.

In addition to the security fixes, Geeklog 1.8.2sr1 also fixes a problem with the Twitter OAuth login. Geeklog 2.0.0rc2 includes further (non-security) bugfixes for this major update.

While the reported security issues are not easy to exploit (due to other security measures in Geeklog), we strongly suggest that you install these updates as soon as possible. Also, be careful when clicking on external links while being logged in as an Admin user - especially when you are unexpectedly prompted for your password.

Comments (8)