No Support > Announcements
cpg1.5.32 Security release - upgrade mandatory!
(1/1)
Αndré:
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.30 or older update to this latest version as soon as possible.
How to update:
Users running versions prior to 1.5.32 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.
Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.
Why was cpg1.5.32 released?
The release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions.
Additionally, cpg1.5.32 includes fixes for the following non-security related issues:
* Updated Czech language file (user contribution)
* Fixed displaying wrong image issue (thread)
* Fixed issue with user gallery pagination (thread)
* Added hidden feature to hide already existing files on batch-add interface (thread)
* Fixed pre-selection of files for Windows driven systems on batch-add interface (thread)
* Fixed several issues with file path names on batch-add (thread, thread)
* Added hidden feature to display only empty albums on batch-add (thread)
* Fixed comment form submit for Android browserThanks to chipviled for discovering the vulnerability.
The Coppermine Team
Αndré:
Users running PHP 4, please read this.
theqe2story:
Upgrade went smoothly, thanks very much, keep up the good work!
pols1337:
Thanks for the continued dedication and development 8)
Navigation
[0] Message Index
Go to full version