Advanced search  

News:

cpg1.5.36 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.34 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: cpg1.5.18 Security release - upgrade mandatory!  (Read 23528 times)

0 Members and 1 Guest are viewing this topic.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15039
cpg1.5.18 Security release - upgrade mandatory!
« on: January 10, 2012, 12:38:48 PM »

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.16 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.18 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.18 released?
The release covers a path disclosure vulnerability. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information.

Additionally, cpg1.5.18 includes fixes for the following non-security related issues:
  • Added plugin hook 'upload_file_name'
  • Add default values on 'onlinestats' installation to avoid weird dates right after plugin installation (thread)
  • Updated Arabic language file (user contribution)
  • Fixed simple upload process when users can just upload to their personal gallery (thread)
  • Added upload button after each album name in album manager
  • Added anchors on plugin manager
  • Fixed infinite loop for delayed cookie issue workaround (thread)
  • Disallow dots in cookie name (thread)
  • Fixed issue with very big 'Max size for uploaded files' values (thread)
  • Fixed album thumbnails for public albums in 'My gallery' view for regular users
  • Fixed clickable keywords with spaces (thread)
  • Fixed critical error for 'lasthits' meta album (thread)
  • Fixed misleading error message when uploading files that exceed the file size limit with the simple upload form (thread)
  • Added hidden feature "Create sub-directory named according to the album ID in users' upload directories during HTTP upload"
  • Use selected album thumbnail for 'lastup' meta album (thread)
  • Create user album in personal gallery when user is created via the user manager (thread)
  • Added captcha for ecards feature (thread)
  • Fixed a potential path disclosure vulnerability in core plugin configuration files
  • Updated date/time formats in English (British) language file (thread)
  • Updated header information to reflect new year

The Coppermine Team
« Last Edit: January 10, 2012, 12:54:53 PM by Αndré »
Logged

pols1337

  • Coppermine frequent poster
  • ***
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 239
Re: cpg1.5.18 Security release - upgrade mandatory!
« Reply #1 on: January 12, 2012, 10:47:39 PM »

Nice work on the upgrade
Logged

oleredeye

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: cpg1.5.18 Security release - upgrade mandatory!
« Reply #2 on: January 14, 2012, 04:51:19 PM »

Smooth upgrade to Coppermine 1.5.18 - just followed the documentation:  no problems!

Many thanks from The Helmsley Archive http://www.helmsleyarchive.org.uk/
Logged

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9072
  • aka Frantz
    • Ma galerie
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

bilder

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: cpg1.5.18 Security release - upgrade mandatory!
« Reply #4 on: January 16, 2012, 01:22:48 PM »

Nice work on the upgrade, I am loking forward to trying it out.
Logged

Mikaelft

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 30
Re: cpg1.5.18 Security release - upgrade mandatory!
« Reply #5 on: March 02, 2012, 05:14:37 PM »

Thanks, updating now. Are there any language changes?
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15039
Re: cpg1.5.18 Security release - upgrade mandatory!
« Reply #6 on: March 02, 2012, 05:28:07 PM »

Have a look at the changelog.


Locking.
Logged
Pages: [1]   Go Up
 

Page created in 0.068 seconds with 20 queries.