The Coppermine dev team announces the release of cpg1.4.8.
Coppermine 1.4.8 is different from yesterday's release of 1.4.7 by only one fix. Coppermine 1.4.7 included a bug fix that was unfortunately not tested thoroughly and caused a serious stability issue for those who use the "Last Updated Albums" feature in Coppermine. See the
bug report here. If you installed Coppermine 1.4.7, please upgrade to 1.4.8 immediately even if you don't use the "Last Updated Albums" feature because you might in the future.
This one fix is the *only* difference between 1.4.8 and 1.4.7.
The rest of this announcement refers to fixes added in 1.4.7, including the mandatory fix for the security vulnerability.
The new release does not contain additional new features (compared to previous versions of cpg1.4.x), but contains fixes for several minor issues. The reason for the release of this package is the discovery of a bug in previous Coppermine versions. All Coppermine users are strongly encouraged to upgrade their coppermine version as soon as possible. Upgrade instructions are included in the package (refer to the index file inside the docs folder).
It's
mandatory to upgrade any previous versions, as the impact of the vulnerability that led to this new release is high!
So far there have been no reports of an exploit of the vulnerability, so the Coppermine dev team decided not to post instructions for a manual fix to prevent wannabe-hackers from getting an idea how to create an exploit. This will of course not prevent a determined, skilled person to come up with a hack, so you better upgrade
now.
The new package contains all language files that existed up till now.
Get the new release cpg1.4.8 here:
http://prdownloads.sourceforge.net/coppermine/cpg1.4.8.zip?downloadFor those who are reluctant to spend the time & effort to upgrade heavily-modded galleries, you still *must* address this serious vulnerability. A sufficient fix for this vulnerability would be to download the 1.4.8 package or use the copy of usermgr.php that is attached to this thread and replace your usermgr.php with the new one. For the future, please consider keeping track of your mods so you can properly upgrade to newer versions. And consider using or creating plugins for mods as they do not modify the core scripts.
The maintenance release cpg1.4.8 of course contains all previous fixes of the 1.4.x-series as well as several minor issues that have been reported on the bugs board. Please review the changelog that comes with the package for details.
Please do not clutter this announcement thread with individual support requests or similar, only replies that deal with the actual release are allowed - all unrelated replies will be deleted without further notice.
If you have issues with upgrading your coppermine install, post on the
cpg1.4.x upgrading sub-board (after having read the
docs and after having
searched the board).
Joachim Mueller
- Coppermine project manager -