cpg1.5.18 Security release - upgrade mandatory! cpg1.5.18 Security release - upgrade mandatory!
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

cpg1.5.18 Security release - upgrade mandatory!

Started by Αndré, January 10, 2012, 11:38:48 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Αndré

January 10, 2012, 11:38:48 AM Last Edit: January 10, 2012, 11:54:53 AM by Αndré
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.16 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.18 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.18 released?
The release covers a path disclosure vulnerability. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information.

Additionally, cpg1.5.18 includes fixes for the following non-security related issues:

  • Added plugin hook 'upload_file_name'
  • Add default values on 'onlinestats' installation to avoid weird dates right after plugin installation (thread)
  • Updated Arabic language file (user contribution)
  • Fixed simple upload process when users can just upload to their personal gallery (thread)
  • Added upload button after each album name in album manager
  • Added anchors on plugin manager
  • Fixed infinite loop for delayed cookie issue workaround (thread)
  • Disallow dots in cookie name (thread)
  • Fixed issue with very big 'Max size for uploaded files' values (thread)
  • Fixed album thumbnails for public albums in 'My gallery' view for regular users
  • Fixed clickable keywords with spaces (thread)
  • Fixed critical error for 'lasthits' meta album (thread)
  • Fixed misleading error message when uploading files that exceed the file size limit with the simple upload form (thread)
  • Added hidden feature "Create sub-directory named according to the album ID in users' upload directories during HTTP upload"
  • Use selected album thumbnail for 'lastup' meta album (thread)
  • Create user album in personal gallery when user is created via the user manager (thread)
  • Added captcha for ecards feature (thread)
  • Fixed a potential path disclosure vulnerability in core plugin configuration files
  • Updated date/time formats in English (British) language file (thread)
  • Updated header information to reflect new year

The Coppermine Team

pols1337

#1
January 12, 2012, 09:47:39 PM
Nice work on the upgrade

oleredeye

#2
January 14, 2012, 03:51:19 PM
Smooth upgrade to Coppermine 1.5.18 - just followed the documentation:  no problems!

Many thanks from The Helmsley Archive http://www.helmsleyarchive.org.uk/

François Keller

#3
January 15, 2012, 08:23:25 AM
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

bilder

#4
January 16, 2012, 12:22:48 PM
Nice work on the upgrade, I am loking forward to trying it out.

Mikaelft

#5
March 02, 2012, 04:14:37 PM
Thanks, updating now. Are there any language changes?

Αndré

#6
March 02, 2012, 04:28:07 PM
Have a look at the changelog.


Locking.
Print
Go Up Pages1
User actions