cpg1.5.48 Security release - upgrade mandatory!

[Αndré]

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.48 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.48 released?
The release covers a recently discovered reflected XSS vulnerability.

Additionally, cpg1.5.48 includes fixes for the following non-security related issues:

• Added support for custom MySQL server port to vBulletin bridge (thread)
• Updated Japanese language file (user contribution)
• Fixed white screens with low privileged users clicking into open albums when using theme "curve" (thread)

Thanks to the Netsparker team for discovering the vulnerability.


The Coppermine Team

[Αndré]

Users running PHP 4, please read this.

[John Zelada]

Has there been another update to date?

[phill104]

The current project is the 1.6.x line. The 1.5.x line is maintenance only.