Advanced search  

News:

cpg1.5.44 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.42 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: cpg1.5.12 Security release - upgrade mandatory!  (Read 389704 times)

0 Members and 1 Guest are viewing this topic.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15251
cpg1.5.12 Security release - upgrade mandatory!
« on: January 02, 2011, 09:03:56 PM »

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.10 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.12 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.12 released?
The release covers a recently discovered input validation vulnerability that allows (if unpatched) a malevolent visitor to include own script routines (thread).

Additionally, cpg1.5.12 includes fixes for the following non-security related issues:
  • Fixed film strip issue (thread)
  • Fixed indent for subcategories (thread)
  • Fixed function 'utf_replace' (thread)
  • Updated Portuguese language file (user contribution)
  • Fixed custom thumbnail for files with uppercase extension (thread)
  • Fixed memberlist issue when database name contains a dash (thread)
  • Fixed colspan for guest comments when captcha is enabled (thread)
  • Fixed PHP session name for captcha (thread)
  • Fixed playback of Windows Media Player videos (thread)

Thanks to Janek Vind for discovering the vulnerability.


The Coppermine Team
« Last Edit: January 03, 2011, 09:34:20 AM by Αndré »
Logged
Pages: [1]   Go Up
 

Page created in 0.063 seconds with 20 queries.