A new version of <a href="http://www.geeklog.net">Geeklog</a> has been made available. Version 1.8.1 ships with jQuery 1.6.3, which fixes a possible XSS in that JavaScript library, which shouldn't have affected Geeklog itself, but may potentially exist in add-ons that make extensive use of jQuery. Geeklog 1.8.1 also fixes two cases of information leakage, where the OAuth consumer key and secret were exposed when enabling the “rootdebug” option (which is off by default). Also, the MS SQL driver was displaying full details of SQL errors by default.
Other changes in this release:
<ul>
<li>Fixed a regression in Geeklog 1.8.0 that made the [code] and [raw] tags not escape content properly.</li>
<li>Fixed problems with adding or removing items to/from arrays in the Configuration.</li>
<li>The admin's User Editor no longer loses changes when an error occured.</li>
<li>Fixed images not being displayed in the story preview (when editing an existing story).</li>
<li>Plugins can now set $_SCRIPTS in the plugin_getFooter() function.</li>
<li>Fixed some warnings raised by PHP 5.4 (currently in beta).</li>
</ul>
There were no changes in the database, the themes or the language files in Geeklog 1.8.1 (over 1.8.0), so upgrades should be relatively straighforward.

A new version of Geeklog is now available

mike-johnston company logo

mike-johnston

mike-johnston Profile

A new version of Geeklog has been made available. Version 1.8.1 ships with jQuery 1.6.3, which fixes a possible XSS in that JavaScript library, which shouldn&apos;t have affected Geeklog itself, but may potentially exist in add-ons that make extensive use of jQuery. Geeklog 1.8.1 also fixes two cases of information leakage, where the OAuth consumer key ...