A new version of Geeklog has been made available. Version 1.8.1 ships with jQuery 1.6.3, which fixes a possible XSS in that JavaScript library, which shouldn't have affected Geeklog itself, but may potentially exist in add-ons that make extensive use of jQuery. Geeklog 1.8.1 also fixes two cases of information leakage, where the OAuth consumer key and secret were exposed when enabling the “rootdebug” option (which is off by default). Also, the MS SQL driver was displaying full details of SQL errors by default.

Other changes in this release:

  • Fixed a regression in Geeklog 1.8.0 that made the [code] and [raw] tags not escape content properly.
  • Fixed problems with adding or removing items to/from arrays in the Configuration.
  • The admin's User Editor no longer loses changes when an error occured.
  • Fixed images not being displayed in the story preview (when editing an existing story).
  • Plugins can now set $_SCRIPTS in the plugin_getFooter() function.
  • Fixed some warnings raised by PHP 5.4 (currently in beta).

There were no changes in the database, the themes or the language files in Geeklog 1.8.1 (over 1.8.0), so upgrades should be relatively straighforward.

Mike Johnston
Mike is the founder and editor of CMS Critic. He consults with vendors and the public to help them find the right products for their websites and businesses. When he's not working here, he's off mixing cocktails for his wife's website, The Kitchen Magpie. You can check out some of his great cocktail shots over on Instagram.

Alfresco 4 Delivers Cloud-Scale Performance, Social Publishing & Consumer-Like UI

Previous article

HP acquires control of Autonomy Corporation

Next article

You may also like