cpg1.5.28 Security release - upgrade mandatory! cpg1.5.28 Security release - upgrade mandatory!
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

cpg1.5.28 Security release - upgrade mandatory!

Started by Αndré, April 02, 2014, 01:24:51 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Αndré

April 02, 2014, 01:24:51 PM
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.26 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.28 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.28 released?
The release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions.

Additionally, cpg1.5.28 includes fixes for the following non-security related issues:

  • Fixed misleading template error message
  • Fixed display of keywords with special characters (thread)
  • Removed duplicate page header if error occurs when deleting an album
  • Added hidden feature to regard upload time of linked files in album info (thread)
  • Fixed reference to documentation in config
  • Fixed various documentation glitches
  • Optimized main page code to reduce database query count
  • Fixed album and file count if category contains private albums
  • Updated known issues page
  • Fixed album and file count if category contains currently not displayed sub-categories (thread, thread)
  • Moved config options "Horizontal/vertical padding for full-size pop-up", "Albums can be private" and "Show private album icon to unlogged user" to other groups
  • Don't redirect to registration form after login (thread)
  • Added possibility to use pictures linked to albums via album keyword as category thumbnail (thread)
  • Fixed function 'starttable' in theme 'curve' to make fully compatible with plugin hook 'search_form'
  • Replaced some jQuery code with plain JavaScript code to make admin tools compatible with later jQuery versions, in case users want to upgrade (thread)
  • Updated Catalan language file (user contribution)
  • Added plugin hook 'theme_thumbnails_header'
  • Added plugin hooks 'comment_update', 'comment_add' and 'comment_approve' (thread)
  • Increased character limit to allow recently released top level domains (thread)
  • Added function 'theme_album_info' to make information which is displayed next to each album themeable
  • Fixed several issues with keywords manager
  • Fixed utilization of CSS class 'middlethumb' on film strip (thread)
  • Updated packaging docs

The Coppermine Team

Αndré

#1
April 02, 2014, 02:47:14 PM
Users running PHP 4, please read this.
Print
Go Up Pages1
User actions