No Support => Announcements => Topic started by: Αndré on January 02, 2011, 08:03:56 pm

Title: cpg1.5.12 Security release - upgrade mandatory!
Post by: Αndré on January 02, 2011, 08:03:56 pm
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.10 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.12 should update immediately by downloading ( the latest version from the download page ( and following the upgrade steps in the documentation (

If you have problems with this update, please use the Update support board ( Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.12 released?
The release covers a recently discovered input validation vulnerability that allows (if unpatched) a malevolent visitor to include own script routines (thread (,69327.0.html)).

Additionally, cpg1.5.12 includes fixes for the following non-security related issues:

Thanks to Janek Vind (;u=50977) for discovering the vulnerability.

The Coppermine Team