[geeklog-cvs] geeklog: Sync list of changes with 1.5.2sr3

Mon Apr 13 12:08:25 EDT 2009

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/23beb1e0bbb1
changeset: 6945:23beb1e0bbb1
user:      Dirk Haun <dirk at haun-online.de>
date:      Mon Apr 13 18:08:11 2009 +0200
description:
Sync list of changes with 1.5.2sr3

diffstat:

2 files changed, 20 insertions(+), 2 deletions(-)
public_html/docs/changes.html |    5 +++++
public_html/docs/history      |   17 +++++++++++++++--

diffs (49 lines):

diff -r 8e5d4241718e -r 23beb1e0bbb1 public_html/docs/changes.html

--- a/public_html/docs/changes.html	Mon Apr 13 15:20:33 2009 +0200
+++ b/public_html/docs/changes.html	Mon Apr 13 18:08:11 2009 +0200
@@ -35,6 +35,11 @@
 <li>The minimum PHP version required by Geeklog is now <strong>PHP 4.3.0</strong>. Given that the PHP team ended support for PHP 4 in August 2008, you should be
 looking into upgrading to PHP 5 anyway.</li>
 </ul>
+
+
+<h2><a name="changes152sr3">Geeklog 1.5.2sr3</a></h2>
+
+<p>Bookoo of the Nine Situations Group posted another SQL injection exploit, this time targetting the webservices API. As with the previous issue, this allowed an attacker to extract the password hash for any account and is fixed with this release.</p>
 
 
 <h2><a name="changes152sr2">Geeklog 1.5.2sr2</a></h2>
diff -r 8e5d4241718e -r 23beb1e0bbb1 public_html/docs/history
--- a/public_html/docs/history	Mon Apr 13 15:20:33 2009 +0200
+++ b/public_html/docs/history	Mon Apr 13 18:08:11 2009 +0200
@@ -16,8 +16,6 @@
 - Use a more efficient implementation of Story::hasContent (bug #0000858, patch
   provided by Maciej Cupial)
 - Make sure formerly optional config items can be disabled (bug #0000846) [Dirk]
-- Re-introduced function get_SPX_Ver in the install script, which is still
-  needed when upgrading from old Geeklog releases (reported by Sheila) [Dirk]
 - New plugin API function PLG_getDocumentationUrl (feature request #0000848)
   [Dirk]
 - Fresh installs + MySQL only: Changed some tinyint fields that are only used
@@ -142,6 +140,21 @@
   now [Dirk]
 - Display "successfully saved" and "successfully deleted" messages, just like
   every other plugin and built-in function does (bug #0000644) [Dirk]
+
+
+Apr 13, 2009 (1.5.2sr3)
+------------
+
+This release addresses the following security issue:
+
+Bookoo of the Nine Situations Group posted another SQL injection exploit, this
+time targetting the webservices API. As with the previous issue, this allowed
+an attacker to extract the password hash for any account and is fixed with this
+release.
+
+Not security-related:
+- Re-introduced function get_SPX_Ver in the install script, which is still
+  needed when upgrading from old Geeklog releases (reported by Sheila) [Dirk]
 
  
 Apr 4, 2009 (1.5.2sr2)

