Coppermine maintenance release cpg1.4.4 - upgrade as soon as possible Coppermine maintenance release cpg1.4.4 - upgrade as soon as possible
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Coppermine maintenance release cpg1.4.4 - upgrade as soon as possible

Started by Joachim Müller, February 26, 2006, 01:46:31 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Joachim Müller

Hello all,

due to the security issues discovered recently that exist in all coppermine versions up to and including cpg1.4.3 (see hotfix thread "Patch for Coppermine 1.4.3 remote code execution - Update NOW!") the coppermine dev team has released cpg1.4.4 as a maintenance release. If you haven't applied the above mentioned hotfix it's mandatory to upgrade your install as soon as possible. Users who already have applied the hotfix are safe against the vulnerability, yet it is still recommended to upgrade to cpg1.4.4, as the maintenance release contains various minor bug fixes that are not security-related.

The new package cpg1.4.4 contains the most recent language files as well as improved doumentation.
Instructions how to upgrade your coppermine version are included in the documentation as well that comes with the package (inside the docs folder) and that are available online as well (link "documentation") at the top of this page.

Download cpg1.4.4: http://prdownloads.sourceforge.net/coppermine/cpg1.4.4.zip?download

Please do not reply to this thread for individual support issues, but only with general questions related to the release itself.

Joachim
- coppermine project manager -

kramme

GauGau wrote:
The new package cpg1.4.4 contains the most recent language files as well as improved doumentation.


Question from Kramme: How near is a danish translation for ver. 1.4.4 ? Do you know anything about a possible danish translater ?


Tiffany

 just follow the documenation to do the update of my gallery 1.3.5 to 1.4.4, but after I do the updated, it's just a blank page now   :(  You can check my gallery page at www.kvhk-entertainment.com/gallery
Any suggestons are really appreciated.

Sorry, wrong post.  Please delete it for me.

Nibbler

Please do not reply to this thread for individual support issues, but only with general questions related to the release itself.

Chickenkicker

Quick note, in the fix for 1.4.3 patch for remote code execution it states edit docs/showdocs.php  Sorry, but in my install the filename is showdoc.php
I edited that file, no showdocs.php in my docs directory... Hope others figured this out..

Tigger88

I just want to make sure before I download and install this that I am not going to lose everything that is already in my gallery since I am currently using cpg 1.3.3.

Nibbler


FilipSupera

I made a better translation in French (which is my first language) and made it HTML compatible to avoid problems with accents.

The file is available there :

http://www.libre-essai.net/album-photo/french.php.zip

Joachim Müller

using html equivalents like è is not recommended when using utf-8. You could have converted the regular language file to iso8859-1 instead. We appreciate your willingness to contribute, but we can't recommend the usage of the file.

zamirzamir

In the read me file it says

Coppermine as a fresh, stand-alone (non-upgrade) install. (If you are trying to upgrade from a previous installation of coppermine, you already know what to do - RTFM.) Ready?


What if I dont know, please provide a link for UPDATE instractions, I wouldnt want to loose my files out of mistake.

kegobeer

Quote from: zamirzamir on March 19, 2006, 01:34:59 AM
In the read me file it says

Coppermine as a fresh, stand-alone (non-upgrade) install. (If you are trying to upgrade from a previous installation of coppermine, you already know what to do - RTFM.) Ready?


What if I dont know, please provide a link for UPDATE instractions, I wouldnt want to loose my files out of mistake.

Read the documentation.  Complete instructions are provided in every Coppermine release.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

scrapgranny

Maybe you could just point us in the right direction to FIND the upgrade instructions because I sure can't find them.

Thanks

Nibbler

Look at the top of your screen, click on the word 'Documentation' and read the section '3.5 Upgrading from cpg1.4.0 (or better) to version cpg1.4.4'

easykey

Upgraded to 1.4.4 a couple of weeks ago and my Server Administrators have just called me to say that the new 1.4.4 had a security compromise last night so they closed my web space down!!

Nibbler


easykey


Joachim Müller

don't discuss your individual issues on this announcement thread. Ask your webhost what the actual issue they claim to be coppermine-related is. Start your own thread on the support board for further discussion, don't clutter this one with unrelated stuff.

easykey

I'm sorry you feel this thread is irrelevant
However, I was advised to update from 1.4.3 to 1.4.4 as this maintenance release was to prevent the compromise we experienced on our servers.

Despite installing the Coppermine maintenance release cpg1.4.4  we have been compromised again

My point is I wondered whether anyone else had experienced security breaches with this release?

I will post up general details of the latest vulnerability when I get them

The reason I posted it here was because this thread is a direct link from the main site - entitled Maintenance release cpg1.4.4 fixes security issues - Update NOW!

Joachim Müller

I repeat: stop replying to this thread! You just posted unusable complaints like
Quote from: easykey on March 31, 2006, 06:21:57 PMto prevent the compromise we experienced on our servers.
- that doesn't say anything.

Like I said: start your own thread - I will delete all future replies you make to this one. Post what actually happens, be as detailed as possible, with links, error messages, log details and the whole enchillada.