No Support > Announcements
cpg1.5.36 Security release - upgrade mandatory!
(1/1)
Αndré:
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.34 or older update to this latest version as soon as possible.
How to update:
Users running versions prior to 1.5.36 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.
Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.
Why was cpg1.5.36 released?
The release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions. Furthermore, an open redirect issue and a directory enumeration issue have been fixed.
Additionally, cpg1.5.36 includes fixes for the following non-security related issues:
* Strip whitespace from imported IPTC title and caption (thread)
* Fixed icon when deleting picture from an album (thread)
* Made phpBB 3 bridge compatible with phpBB version 3.1.x (thread)
* Updated Italian language file (thread)
* Fixed database error for non-existing files (thread)
* Fixed typo in French docs (thread)Thanks to Mahendra for discovering the vulnerability.
The Coppermine Team
Αndré:
Users running PHP 4, please read this.
phill104:
Thank you Andre for all your hard work in fixing this when you are so busy. Also big thanks to gmc for help in testing and code suggestions.
jflash:
Good work!
zeroresearch:
Great job guys!
Thanks for the quick response from greg too.
cheerrs
Navigation
[0] Message Index
Go to full version