Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: cpg1.5.32 Security release - upgrade mandatory!  (Read 28359 times)

0 Members and 1 Guest are viewing this topic.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
cpg1.5.32 Security release - upgrade mandatory!
« on: October 07, 2014, 11:11:01 am »

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.30 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.32 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.32 released?
The release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions.

Additionally, cpg1.5.32 includes fixes for the following non-security related issues:
  • Updated Czech language file (user contribution)
  • Fixed displaying wrong image issue (thread)
  • Fixed issue with user gallery pagination (thread)
  • Added hidden feature to hide already existing files on batch-add interface (thread)
  • Fixed pre-selection of files for Windows driven systems on batch-add interface (thread)
  • Fixed several issues with file path names on batch-add (thread, thread)
  • Added hidden feature to display only empty albums on batch-add (thread)
  • Fixed comment form submit for Android browser
Thanks to chipviled for discovering the vulnerability.


The Coppermine Team
« Last Edit: October 12, 2014, 10:23:25 am by François Keller »
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: cpg1.5.32 Security release - upgrade mandatory!
« Reply #1 on: October 07, 2014, 01:48:15 pm »

Users running PHP 4, please read this.
« Last Edit: October 12, 2014, 10:23:09 am by François Keller »
Logged

theqe2story

  • Coppermine novice
  • *
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 32
  • Rob Lightbody
    • The QE2 Story
Re: cpg1.5.32 Security release - upgrade mandatory!
« Reply #2 on: October 12, 2014, 03:26:50 pm »

Upgrade went smoothly, thanks very much, keep up the good work!

pols1337

  • Coppermine frequent poster
  • ***
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 244
Re: cpg1.5.32 Security release - upgrade mandatory!
« Reply #3 on: October 14, 2014, 04:44:55 am »

Thanks for the continued dedication and development  8)
Logged
Pages: [1]   Go Up
 

Page created in 0.02 seconds with 19 queries.