Advanced search  

News:

cpg1.5.36 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.34 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: cpg1.5.12 Security release - upgrade mandatory!  (Read 388997 times)

0 Members and 1 Guest are viewing this topic.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15041
cpg1.5.12 Security release - upgrade mandatory!
« on: January 02, 2011, 09:03:56 PM »

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.10 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.12 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.12 released?
The release covers a recently discovered input validation vulnerability that allows (if unpatched) a malevolent visitor to include own script routines (thread).

Additionally, cpg1.5.12 includes fixes for the following non-security related issues:
  • Fixed film strip issue (thread)
  • Fixed indent for subcategories (thread)
  • Fixed function 'utf_replace' (thread)
  • Updated Portuguese language file (user contribution)
  • Fixed custom thumbnail for files with uppercase extension (thread)
  • Fixed memberlist issue when database name contains a dash (thread)
  • Fixed colspan for guest comments when captcha is enabled (thread)
  • Fixed PHP session name for captcha (thread)
  • Fixed playback of Windows Media Player videos (thread)

Thanks to Janek Vind for discovering the vulnerability.


The Coppermine Team
« Last Edit: January 03, 2011, 09:34:20 AM by Αndré »
Logged
Pages: [1]   Go Up
 

Page created in 0.064 seconds with 20 queries.