Since we had a few reports about hacked Geeklog sites again, all of which turned out to be due to running on old and insecure versions, I'd like to remind you to please check for updates regularly and if there is a security update, that you install it ASAP - in your own interest.
At the time of this writing, the following Geeklog versions are considered "safe" in that there are no known security issues with them:
- Geeklog 1.4.1 (Download: complete tarball)
- Geeklog 1.4.0sr5-1 (Download: "Combo" update)
- Geeklog 1.3.11sr7-1 (Download: "Combo" update)
The 1.3.11 versions are not officially supported any more, but sites running on the latest incarnation (see above) should be fine.
Security issues may also lurk in plugins and other add-ons that you have installed, so you may want to check those for updates as well.
To keep up to date on new Geeklog releases (security-releases and otherwise), please use any of the following methods:
- Use the "GL Version Test" link in your site's Admin block
- Subscribe to our geeklog-announce mailing list
- Subscribe to one of our RSS feeds (Feed: all stories, feed: Topic "Security" only)
We always support the current and the previous versions of Geeklog, i.e. if necessary, we will release security fixes and the occasional bugfix for them. So currently, we're supporting Geeklog 1.4.1 and 1.4.0, while 1.3.11 and older are no longer supported.
Security updates are usually available as upgrade tarballs, containing only the files that have changed. Since security fixes won't normally change anything in the layout (themes) or database, they should be easy to install.
If you want to report a security issue, please see our Focus On Security manifesto and feel free to contact us at the email address listed there.