Geeklog France
Profile
Discover
Join the sphere. Register Now to keep in touch with people who share the same passion as you.
::Ben
Geeklog 1.8.2sr1 and 2.0.0rc2: Security issues that affect Geeklog in both current versions, i.e. 1.8.2 and 2.0.0 (which is not officially out yet, but in release candidate state):

High-Tech Bridge Security Research Lab reported an XSS in the calendar_type parameter in the Calendar plugin.
Trustwave Spiderlabs reported XSS in the install script, the Configuration, as well as in the Admin interfaces for the Polls plugin and the Topic editor.

To address these issues, we are releasing Geeklog 1.8.2sr1 (complete archive; also available as an update from 1.8.2) and Geeklog 2.0.0rc2.

In addition to the security fixes, Geeklog 1.8.2sr1 also fixes a problem with the Twitter OAuth login. Geeklog 2.0.0rc2 includes further (non-security) bugfixes for this major update.

While the reported security issues are not easy to exploit (due to other security measures in Geeklog), we strongly suggest that you install these updates as soon as possible. Also, be careful when clicking on external links while being logged in as an Admin user - especially when you are unexpectedly prompted for your password.

Download links http://www.geeklog.net/article.php/geeklog-1.8.2sr...
0
Loading...

Our Network: 279 members, 125 articles, 98 comments and 428 "interspherences". Online since 7 years 188 days 5 hours 15 minutes and 28 seconds...

Last visits

::Ben
Ivy
kristof
masodo
Glm Wil
Sumona Mun
Nijum Akter
Iqbal Hossen
Laugh
valoujoutar
kobab
loren007

Expend your sphere...

Download geeklog

Last version 2.0

Change language

Categories

  • Geeklog (40)
  • Plugins (62)
  • Thèmes (18)
  • User Functions





    Don't have an account yet? Sign up as a New User

    Lost your password?

    Annonces

    En ligne

    Guest Users: 26