forum.coppermine-gallery.net

No Support => Announcements => Topic started by: Αndré on January 02, 2011, 08:03:56 pm

Title: cpg1.5.12 Security release - upgrade mandatory!
Post by: Αndré on January 02, 2011, 08:03:56 pm

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.10 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.12 should update immediately by downloading (https://sourceforge.net/projects/coppermine/files/Coppermine/1.5.x/cpg1.5.12.zip/download) the latest version from the download page (http://sourceforge.net/project/showfiles.php?group_id=89658) and following the upgrade steps in the documentation (http://documentation.coppermine-gallery.net/en/upgrading.htm).

Support:
If you have problems with this update, please use the Update support board (http://forum.coppermine-gallery.net/index.php?board=90.0). Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.12 released?
The release covers a recently discovered input validation vulnerability that allows (if unpatched) a malevolent visitor to include own script routines (thread (http://forum.coppermine-gallery.net/index.php/topic,69327.0.html)).

Additionally, cpg1.5.12 includes fixes for the following non-security related issues:

• Fixed film strip issue (thread (http://forum.coppermine-gallery.net/index.php/topic,68585.0.html))
• Fixed indent for subcategories (thread (http://forum.coppermine-gallery.net/index.php/topic,68764.0.html))
• Fixed function 'utf_replace' (thread (http://forum.coppermine-gallery.net/index.php/topic,68753.0.html))
• Updated Portuguese language file (user contribution)
• Fixed custom thumbnail for files with uppercase extension (thread (http://forum.coppermine-gallery.net/index.php/topic,68809.0.html))
• Fixed memberlist issue when database name contains a dash (thread (http://forum.coppermine-gallery.net/index.php/topic,68843.0.html))
• Fixed colspan for guest comments when captcha is enabled (thread (http://forum.coppermine-gallery.net/index.php/topic,69330.0.html))
• Fixed PHP session name for captcha (thread (http://forum.coppermine-gallery.net/index.php/topic,69293.0.html))
• Fixed playback of Windows Media Player videos (thread (http://forum.coppermine-gallery.net/index.php/topic,68537.0.html))

Thanks to Janek Vind (http://forum.coppermine-gallery.net/index.php?action=profile;u=50977) for discovering the vulnerability.


The Coppermine Team