forum.coppermine-gallery.net

No Support => Announcements => Topic started by: Joachim Müller on February 04, 2009, 09:18:19 am

Title: cpg1.4.20 Security release - upgrade mandatory!
Post by: Joachim Müller on February 04, 2009, 09:18:19 am
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.4.19 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.4.20 should update immediately by downloading (http://downloads.sourceforge.net/coppermine/cpg1.4.20.zip) the latest version from the download page (http://sourceforge.net/project/showfiles.php?group_id=89658) page and follow the upgrade steps in the documentation (http://coppermine-gallery.net/demo/cpg14x/docs/index.htm#upgrade).

Support:
If you have problems with this update, please use the Update support board (http://forum.coppermine-gallery.net/index.php?board=59.0). Do not post your issues to this announcement thread - they will be deleted without notice.

Why was cpg1.4.20 released?
The release covers a recently discovered vulnerability that allows (if unpatched) the uploading and execution of remote code (milw0rm exploit 7909 (http://www.milw0rm.com/exploits/7909)). Additionally, these non-security related issues have been fixed:
Big thanks go to Michael Brooks and str0ke at milw0rm who discovered the vulnerability and Aditya for coming up with the fix.

Thanks,
The Coppermine Team
Title: Re: cpg1.4.20 Security release - upgrade mandatory!
Post by: Pascal YAP on February 04, 2009, 11:45:25 am
Annonce en Français :
http://forum.coppermine-gallery.net/index.php/topic,57885.0.html