cpg1.4.25 maintenance release - upgrade recommended cpg1.4.25 maintenance release - upgrade recommended
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

cpg1.4.25 maintenance release - upgrade recommended

Started by Αndré, June 22, 2009, 08:26:53 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Αndré

The Coppermine development team is releasing an update for Coppermine in order to fix an issue with the http upload feature. The fix is not security critical, so if your gallery is running fine with cpg1.4.24 you don't need to upgrade. If you are running an older version than cpg1.4.23, you must update to this latest version as soon as possible because of the security impact (the past few releases before cpg1.4.23 all were security related).

How to update:
Users running versions prior to 1.4.25 should update by downloading the latest version from the download page and following the upgrade steps in the documentation.

Manual patch:
For those who want to apply the fix manually to their Coppermine 1.4.24 installation, edit include/init.inc.php with a plain text editor (notepad.exe is fine), find:
$keysToSkip = array('_POST', '_GET', '_COOKIE', '_REQUEST', '_SERVER', 'HTML_SUBST', 'keysToSkip', 'register_globals_flag', 'cpgdebugger', 'key');
and replace with:
$keysToSkip = array('_POST', '_GET', '_COOKIE', '_REQUEST', '_SERVER', '_FILES', 'HTML_SUBST', 'keysToSkip', 'register_globals_flag', 'cpgdebugger', 'key');

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.4.25 released?
The release covers a bug that crept in when fixing the vulnerability that lead to the release of cpg1.4.23.

Additionally, cpg1.4.25 includes fixes for the following non-security related issues:

  • Additional PHP 5.3 compat fix
  • Updated Danish language file
  • Updated Turkish language file

Thanks to Nibbler for coming up with the fix.


Thanks,
The Coppermine Team

Pascal YAP