News

An SQL injection vulnerability in the EasyFile plugin has been found and published by a user who calls himself Hellboy (the vulnerability is reported as being in Geeklog, but it really only affects the EasyFile plugin).

Given that the EasyFile plugin hasn't been updated in years, we assume that it is no longer maintained. If you use this plugin on your site, we recommend that you uninstall the plugin and remove all the files that belong to it as soon as possible.

We have removed the EasyFile plugin from our download area. If there are any other sites out there mirroring the plugin, please remove it from those sites as well. Thank you.

To whoever created those step-by-step instructions on how to add your website link on each of the 50 High Page Rank Authority sites:

1. Thanks for listing us as a "High Rank Authority site" (whatever that's supposed to mean).
2. Forget about spamming us.

All profiles are under review and anything that looks remotely spammy will be banned. Stop wasting your money (for paying people in East Asia to spam us) and our time.

Sincerely,
The Geeklog Team

Geeklog 1.8.1 is now available for download. This is a maintenance and recommended upgrade for Geeklog 1.8.0.

This release ships with jQuery 1.6.3, which fixes a possible XSS in that JavaScript library, which shouldn't have affected Geeklog itself, but may potentially exist in add-ons that make extensive use of jQuery. Geeklog 1.8.1 also fixes two cases of information leakage, where the OAuth consumer key and secret were exposed when enabling the "rootdebug" option (which is off by default). Also, the MS SQL driver was displaying full details of SQL errors by default.

Other changes in this release: