Advanced search  

News:

cpg1.5.42 maintenance release - upgrade recommended
The Coppermine development team is releasing an update for Coppermine in order to fix several minor issues. All fixes are not security critical, so if your gallery is running fine with cpg1.5.36, cpg1.5.38 or cpg1.5.40 you don't need to upgrade. If you are running an older version than cpg1.5.36, you must update to this latest version as soon as possible because of the security impact!
[more]

Pages: [1]   Go Down

Author Topic: cpg1.4.19 Security release - upgrade mandatory!  (Read 82334 times)

0 Members and 1 Guest are viewing this topic.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
cpg1.4.19 Security release - upgrade mandatory!
« on: August 03, 2008, 12:33:25 PM »

The development team is releasing a security update for Coppermine in order to counter a recently discovered injection vulnerability. It is important that all users who run version cpg1.4.18 or older update to this latest version as soon as possible.

This is the only issue addressed in this release.

How to update:
If you are currently running 1.4.18 then you may patch your gallery by replacing your copy of include/functions.inc.php with the fixed version available here. This is the only security-related issue addressed in this release. Manually fixing the weakness will of course only address the vulnerability, but will not fix the non-security-critical issues that have been taken care of in cpg1.4.19
Users running versions prior to 1.4.18 should update immediately by downloading the latest version from the download page page and follow the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - they will be deleted without notice.

Why was cpg1.4.19 released?
The release covers a recently discovered vulnerability that allows (if unpatched) the execution of remote code. Additionally, these non-security related issues have been fixed:
  • Danish language file updated
  • spacer for empty album list cells fixed
  • improper nesting of form-tag in various files fixed
  • invalid <f>-tag in upload.php removed
  • type translation in reports fixed
  • resources consumption for slideshows in meta albums fixed
  • hard-coded string "edit keywords" replaced with translation
  • Spanish documentation added
  • SMF anonymous user fix
  • profile email check issue fixed

Big thanks go to EgiX at milw0rm who discovered the vulnerability and Abbas Ali and Nibbler for coming up with the fix.

Thanks,
The Coppermine Team
« Last Edit: August 03, 2008, 07:54:09 PM by Joachim Müller »
Logged

Nog

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: cpg1.4.19 Security release - upgrade mandatory!
« Reply #1 on: August 31, 2008, 12:18:21 PM »

Oh this is good.
 :)
Logged

ItalMan

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 2
    • Farmaci generici
Re: cpg1.4.19 Security release - upgrade mandatory!
« Reply #2 on: September 11, 2008, 11:56:59 PM »

Thank you! But unfortunately I can't find any Italian documentation :(
Logged
CG is a Beauty of Web 2.0

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9075
  • aka Frantz
    • Ma galerie
Re: cpg1.4.19 Security release - upgrade mandatory!
« Reply #3 on: September 12, 2008, 07:15:40 AM »

There is no Italian documentation, but an Italian support board
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: cpg1.4.19 Security release - upgrade mandatory!
« Reply #4 on: September 18, 2008, 09:51:41 AM »

@neontetra: don't behave like a jerk: you could at least have read the thread you're replying to:
Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - they will be deleted without notice.
I have done as announced and deleted your silly reply to this thread.
Logged

Marquis

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: cpg1.4.19 Security release - upgrade mandatory!
« Reply #5 on: October 07, 2008, 03:14:58 PM »

hello,

is it rigt that coppermine does not show "your installed version is 1.4.19" its even "1.4.18".
verifying over "versioncheck.php" is not supported on my server  :-[

thx
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: cpg1.4.19 Security release - upgrade mandatory!
« Reply #6 on: October 08, 2008, 10:37:21 AM »

is it rigt that coppermine does not show "your installed version is 1.4.19"
No, that's wrong. You shouldn't have hijacked this thread. As suggested above:
Do not post your issues to this announcement thread - they will be deleted without notice.
You're the person who is the culprit for this thread getting locked, as you failed to even read the thread you reply to. The issues you have are entirely yours only - you shouldn't have replied to this announcement thread, but started a thread of your own, posting the relevant details.
*sigh*
Locking.
Logged
Pages: [1]   Go Up
 

Page created in 0.069 seconds with 20 queries.