Bienvenue sur Geeklog France, anonyme 08 décembre 2016 - 06:56

Geeklog 1.5.1

  • Par
  • Lu 4,451

Cette mise à jour est une mise à jour concernant la sécurité et qui vise essentiellement à corriger :

  • FCKeditor et son module de téléchargement.
  • L'installation automatique défectueuse et non sécurisé comme peut le faire un programme comme Fantastico.
  • L'accès à des articles non publiés ou à l'état de brouillon.
  • La publication de commentaires sur des articles non publiés.

Il est donc fortement conseillé de mettre à jour votre Geeklog.

Voir la liste des nouveautés.

Geeklog 1.5.1 Security Fixes

Geeklog 1.5.1 addresses the following security issues:

  • The recently reported file upload issue in FCKeditor. A fix is now included. When upgrading from earlier versions, we strongly recommend that you remove your old copy of the "fckeditor" directory and replace it with the version that ships with Geeklog 1.5.1 to ensure that old files are removed and replaced properly.
  • Mark Evans reported that our protection against direct execution of include files did not work properly on non-case sensitive file systems (e.g. on Windows). This only affects sites that weren't installed correctly in the first place (the files in question should not be reachable from the web). This includes sites installed through Fantastico, though.

The following issues are bugs in Geeklog 1.5.0 regarding the access control for stories:

  • It was possible to view stories with a publication date in the future and stories that had the draft flag set if you knew their story ID.
  • It was possible to post comments on unpublished stories if you knew their story ID.