cpg1.5.34 Security release - upgrade mandatory! cpg1.5.34 Security release - upgrade mandatory!
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

cpg1.5.34 Security release - upgrade mandatory!

Started by Αndré, October 24, 2014, 10:58:15 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Αndré

October 24, 2014, 10:58:15 AM
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.32 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.34 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.34 released?
The release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions.

Additionally, cpg1.5.34 includes fixes for the following non-security related issues:

  • Added i18n support for visiblehookpoints plugin
  • Better contrast for help boxes when using the theme "curve" (thread)
Thanks to chipviled for discovering the vulnerability.


The Coppermine Team

Αndré

#1
October 24, 2014, 10:58:23 AM
Users running PHP 4, please read this.

pols1337

#2
December 22, 2014, 12:16:58 AM
I can't believe I just saw this announcement! 

Thanks for the updates.   :)
Print
Go Up Pages1
User actions