Coppermine 1.4.15 - Security release.
The development team is releasing a security update for Coppermine in order to counter some recently discovered vulnerabilities. It is important that all users who run version cpg1.4.14 or older update to this latest version as soon as possible.The following issues have been addressed in this release (changelog excerpt):
How to update:
- 2008-01-30 Release of cpg1.4.15
- 2008-01-26 Updated file header to reflect the new year 2008
- 2008-01-26 Updated Danish language file (user contribution)
- 2008-01-04 Avoid possible corrupt zip files by cleaning output buffer
- 2007-12-29 Fixed documentation that explains admin passwords (thread ID 49304)
- 2007-12-20 Added Serbian (Cyrillic) language file (user contribution)
- 2007-12-11 Added code to fix the shell injection security issue reported by Janek Vind via email and discussed in topic 48930
- 2007-12-11 Fixed broken functionality of search engine query strings not being recorded because of typo (thread id 48934)
- 2007-12-10 Added code to remove 2 security issues reported by Janek Vind via email and discussed in topic 48890
- 2007-12-02 Adding xmlns to html tag to fix XHTML compliance
- 2007-12-02 Fixed subcategory depth issue
- 2007-11-30 Added Estonian language file (user contribution)
- 2007-11-29 Populated SVN-property "HeadURL"
- 2007-11-29 Updated version count from cpg1.4.14 to cpg1.4.15 in subversion repository as a preparation for a possible future release
- 2007-11-29 Hiding empty IPTC fields as suggested in thread 48672
- 2007-11-22 Added Serbian language file (user contribution)
- 2007-11-15 Corrected spelling of 'Favourites' in British English lang file
- 2007-11-15 British English now recognised correctly
- 2007-11-15 Compatibility fix for MyBB 1.2.9
To update any version of Coppermine to version 1.4.15, download
the latest version from the download page
and follow the upgrade steps in the documentation
If you have problems with this update, please use the Update support board
. Do not post your issues to this announcement thread - they will be deleted without notice.
Our thanks go to Janek Vind who reported the vulnerabilities and gave us the opportunity to prepare this release.
Joachim Müller (aka GauGau)
- Coppermine project manager -