Advanced search  

News:

cpg1.5.36 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.34 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: cpg1.5.28 Security release - upgrade mandatory!  (Read 20922 times)

0 Members and 1 Guest are viewing this topic.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15089
cpg1.5.28 Security release - upgrade mandatory!
« on: April 02, 2014, 01:24:51 PM »

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.26 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.28 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.28 released?
The release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions.

Additionally, cpg1.5.28 includes fixes for the following non-security related issues:
  • Fixed misleading template error message
  • Fixed display of keywords with special characters (thread)
  • Removed duplicate page header if error occurs when deleting an album
  • Added hidden feature to regard upload time of linked files in album info (thread)
  • Fixed reference to documentation in config
  • Fixed various documentation glitches
  • Optimized main page code to reduce database query count
  • Fixed album and file count if category contains private albums
  • Updated known issues page
  • Fixed album and file count if category contains currently not displayed sub-categories (thread, thread)
  • Moved config options "Horizontal/vertical padding for full-size pop-up", "Albums can be private" and "Show private album icon to unlogged user" to other groups
  • Don't redirect to registration form after login (thread)
  • Added possibility to use pictures linked to albums via album keyword as category thumbnail (thread)
  • Fixed function 'starttable' in theme 'curve' to make fully compatible with plugin hook 'search_form'
  • Replaced some jQuery code with plain JavaScript code to make admin tools compatible with later jQuery versions, in case users want to upgrade (thread)
  • Updated Catalan language file (user contribution)
  • Added plugin hook 'theme_thumbnails_header'
  • Added plugin hooks 'comment_update', 'comment_add' and 'comment_approve' (thread)
  • Increased character limit to allow recently released top level domains (thread)
  • Added function 'theme_album_info' to make information which is displayed next to each album themeable
  • Fixed several issues with keywords manager
  • Fixed utilization of CSS class 'middlethumb' on film strip (thread)
  • Updated packaging docs

The Coppermine Team
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15089
Re: cpg1.5.28 Security release - upgrade mandatory!
« Reply #1 on: April 02, 2014, 02:47:14 PM »

Users running PHP 4, please read this.
Logged
Pages: [1]   Go Up
 

Page created in 0.064 seconds with 20 queries.