Support Forum Project Downloads FAQ Documentation About Demo Tutorials Blog Plugins
November 07, 2009, 12:18:20 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Private messages disabled
Caused by the massive abuse of the PM system in the past, the sending of personal messages has been disabled for all regular users on the Coppermine forum.
[more]
   Home   Help Search Board rules Login Register  
forum.coppermine-gallery.net > No Support > Announcements > Topic: cpg1.4.20 Security release - upgrade mandatory!
Pages: [1]   Go Down
« previous next »
  Send this topic  |  Print  
Author Topic: cpg1.4.20 Security release - upgrade mandatory!  (Read 15928 times)
0 Members and 1 Guest are viewing this topic.
Joachim Müller Topic starter
Administrator
*****
Gender: Male
Germany Germany

Posts: 44907


aka "GauGau"


WWW
« on: February 04, 2009, 08:18:19 am »
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.4.19 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.4.20 should update immediately by downloading the latest version from the download page page and follow the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - they will be deleted without notice.

Why was cpg1.4.20 released?
The release covers a recently discovered vulnerability that allows (if unpatched) the uploading and execution of remote code (milw0rm exploit 7909). Additionally, these non-security related issues have been fixed:
  • Updated XMB bridge file to work with recent versions of that application (user contribution, thread ID 57550)
  • Update names associated with pictures and comments when user name is changed
  • Fixed issue involving display of name field in the report to admin form
  • Added missing translation to German language files (thread ID 56204)
  • Re-did the credits section of the language files for easier future integration into cpg1.5.x
  • Removed double ; at line ends (thread ID 51899)
  • Fixed validation issue with registration screen (thread ID 51310)
  • Added error message if pic editor is being run with missing parameters or without authorization (thread ID 54414)
  • Fixed error message in ecard.php that complained about wrong recipient email although sender email is wrong (thread ID 50844)
  • Fixed minor smilies issue (thread ID 52804)
  • Fixed upload permission issue for bridged galleries (thread ID 50798)
  • Improved improper translation (thread ID 50460)
  • Corrected SMF2 anonymous user fix
  • Reduced memory usage of keyword manager
  • Added Croation language file (user contribution)
  • Fixing thumbnail dimension calculation rounding error

Big thanks go to Michael Brooks and str0ke at milw0rm who discovered the vulnerability and Aditya for coming up with the fix.

Thanks,
The Coppermine Team
« Last Edit: February 04, 2009, 10:16:30 am by Joachim Müller » Logged
Pascal YAP
Dev Team member
****
Gender: Male
Armenia Armenia

Posts: 3777


He's me, and She's Moon


WWW
« Reply #1 on: February 04, 2009, 10:45:25 am »
Annonce en Français :
http://forum.coppermine-gallery.net/index.php/topic,57885.0.html
Logged
! Pas de PM please ! No PM s'il vous plait !
Pages: [1]   Go Up
  Send this topic  |  Print  
forum.coppermine-gallery.net > No Support > Announcements > Topic: cpg1.4.20 Security release - upgrade mandatory!
 « previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!
Page created in 0.037 seconds with 15 queries.