Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: cpg1.5.28 Security release - upgrade mandatory!  (Read 45179 times)

0 Members and 1 Guest are viewing this topic.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
cpg1.5.28 Security release - upgrade mandatory!
« on: April 02, 2014, 01:24:51 pm »
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.26 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.28 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.28 released?
The release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions.

Additionally, cpg1.5.28 includes fixes for the following non-security related issues:
  • Fixed misleading template error message
  • Fixed display of keywords with special characters (thread)
  • Removed duplicate page header if error occurs when deleting an album
  • Added hidden feature to regard upload time of linked files in album info (thread)
  • Fixed reference to documentation in config
  • Fixed various documentation glitches
  • Optimized main page code to reduce database query count
  • Fixed album and file count if category contains private albums
  • Updated known issues page
  • Fixed album and file count if category contains currently not displayed sub-categories (thread, thread)
  • Moved config options "Horizontal/vertical padding for full-size pop-up", "Albums can be private" and "Show private album icon to unlogged user" to other groups
  • Don't redirect to registration form after login (thread)
  • Added possibility to use pictures linked to albums via album keyword as category thumbnail (thread)
  • Fixed function 'starttable' in theme 'curve' to make fully compatible with plugin hook 'search_form'
  • Replaced some jQuery code with plain JavaScript code to make admin tools compatible with later jQuery versions, in case users want to upgrade (thread)
  • Updated Catalan language file (user contribution)
  • Added plugin hook 'theme_thumbnails_header'
  • Added plugin hooks 'comment_update', 'comment_add' and 'comment_approve' (thread)
  • Increased character limit to allow recently released top level domains (thread)
  • Added function 'theme_album_info' to make information which is displayed next to each album themeable
  • Fixed several issues with keywords manager
  • Fixed utilization of CSS class 'middlethumb' on film strip (thread)
  • Updated packaging docs

The Coppermine Team
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: cpg1.5.28 Security release - upgrade mandatory!
« Reply #1 on: April 02, 2014, 02:47:14 pm »
Users running PHP 4, please read this.
Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.024 seconds with 20 queries.