Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: cpg1.5.32 Security release - upgrade mandatory!  (Read 28361 times)

0 Members and 1 Guest are viewing this topic.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
cpg1.5.32 Security release - upgrade mandatory!
« on: October 07, 2014, 11:11:01 am »

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.30 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.32 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.32 released?
The release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions.

Additionally, cpg1.5.32 includes fixes for the following non-security related issues:
  • Updated Czech language file (user contribution)
  • Fixed displaying wrong image issue (thread)
  • Fixed issue with user gallery pagination (thread)
  • Added hidden feature to hide already existing files on batch-add interface (thread)
  • Fixed pre-selection of files for Windows driven systems on batch-add interface (thread)
  • Fixed several issues with file path names on batch-add (thread, thread)
  • Added hidden feature to display only empty albums on batch-add (thread)
  • Fixed comment form submit for Android browser
Thanks to chipviled for discovering the vulnerability.


The Coppermine Team
« Last Edit: October 12, 2014, 10:23:25 am by François Keller »
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: cpg1.5.32 Security release - upgrade mandatory!
« Reply #1 on: October 07, 2014, 01:48:15 pm »

Users running PHP 4, please read this.
« Last Edit: October 12, 2014, 10:23:09 am by François Keller »
Logged

theqe2story

  • Coppermine novice
  • *
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 32
  • Rob Lightbody
    • The QE2 Story
Re: cpg1.5.32 Security release - upgrade mandatory!
« Reply #2 on: October 12, 2014, 03:26:50 pm »

Upgrade went smoothly, thanks very much, keep up the good work!

pols1337

  • Coppermine frequent poster
  • ***
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 244
Re: cpg1.5.32 Security release - upgrade mandatory!
« Reply #3 on: October 14, 2014, 04:44:55 am »

Thanks for the continued dedication and development  8)
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 20 queries.