News

Geeklog 1.7.1 is now available for download. This is a bugfix update for Geeklog 1.7.0, but also adds some new features such as the ability to use Static Pages as templates for other Static Pages.

Bugs addressed in this release include loss of the comment type for plugin comment submissions and an additional HTTP header that was sent in 1.7.0 but conflicted with some plugins, e.g. the Forum plugin. We recommend this update for all users of Geeklog 1.7.0.

The first release candidate for Geeklog 1.7.1 is now available for download.

Geeklog 1.7.1 is mostly a bugfix release over 1.7.0, but also introduces some new features, such as the ability to use static pages as templates for other static pages.

Please download this release candidate and give us your feedback (but keep in mind that it's not the final version yet, so you may want to wait for the final 1.7.1 for mission-critical sites). If possible, we would like to keep this release cycle short so that we can concentrate on keeping our schedule for the next major release, Geeklog 1.8.0, which we still plan to ship some time in November.

You may remember the flurry of security issues that Bookoo of the Nine Situations Group reported for Geeklog in April last year. Well, it looks like we missed one issue in those reports: Geeklog's auto login feature is vulnerable to brute force / dictionary attacks. To fix this, we are releasing the following security updates:

• Geeklog 1.6.1sr1 (complete tarball or upgrade from 1.6.1)
• Geeklog 1.5.2sr6 (1.5.2 "Combo" update or upgrade from 1.5.2sr5)

Other versions: The issue is also fixed in Geeklog 1.7.0 (but present in the 1.7.0 beta and release candidate). The 1.5.2sr6 upgrade can also be used for Geeklog 1.6.0, 1.5.1, and 1.5.0. Earlier versions were not tested - we really recommend to upgrade to a newer version (1.6.1sr1 or 1.7.0) instead.