The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.10 or older update to this latest version as soon as possible.
How to update:
Users running versions prior to 1.5.12 should update immediately by
downloading the latest version from the
download page and following
the upgrade steps in the documentation.
Support:
If you have problems with this update, please use the
Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.
Why was cpg1.5.12 released?The release covers a recently discovered input validation vulnerability that allows (if unpatched) a malevolent visitor to include own script routines (
thread).
Additionally, cpg1.5.12 includes fixes for the following non-security related issues:
- Fixed film strip issue (thread)
- Fixed indent for subcategories (thread)
- Fixed function 'utf_replace' (thread)
- Updated Portuguese language file (user contribution)
- Fixed custom thumbnail for files with uppercase extension (thread)
- Fixed memberlist issue when database name contains a dash (thread)
- Fixed colspan for guest comments when captcha is enabled (thread)
- Fixed PHP session name for captcha (thread)
- Fixed playback of Windows Media Player videos (thread)
Thanks to
Janek Vind for discovering the vulnerability.
The Coppermine Team