No Support => Announcements => Topic started by: Αndré on February 15, 2017, 02:39:06 PM
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
How to update:
Users running versions prior to 1.5.46 should update immediately by downloading (https://sourceforge.net/projects/coppermine/files/Coppermine/1.5.x/cpg1.5.46.zip/download) the latest version from the download page (http://sourceforge.net/project/showfiles.php?group_id=89658) and following the upgrade steps in the documentation (http://documentation.coppermine-gallery.net/en/upgrading.htm).
If you have problems with this update, please use the Update support board (http://forum.coppermine-gallery.net/index.php?board=90.0). Do not post your issues to this announcement thread - your post will be deleted without notice.
Why was cpg1.5.46 released?
The release covers a recently discovered directory traversal vulnerability that allows (if unpatched) a malevolent visitor to access restricted directories under certain conditions.
Thanks to Matthew Hickey from My Hacker House (http://www.myhackerhouse.com/) for discovering the vulnerability.
The Coppermine Team
Users running PHP 4, please read this (http://forum.coppermine-gallery.net/index.php/topic,76999.0.html).