The development team is releasing a security update for Coppermine in order to counter a recently discovered injection vulnerability. It is important that all users who run version cpg1.4.18 or older update to this latest version as soon as possible.
This is the only issue addressed in this release.
How to update:
If you are currently running 1.4.18 then you may patch your gallery by replacing your copy of include/functions.inc.php with the fixed version available here (http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/include/functions.inc.php?revision=4753). This is the only security-related issue addressed in this release. Manually fixing the weakness will of course only address the vulnerability, but will not fix the non-security-critical issues that have been taken care of in cpg1.4.19
Users running versions prior to 1.4.18 should update immediately by downloading (http://downloads.sourceforge.net/coppermine/cpg1.4.19.zip) the latest version from the download page (http://sourceforge.net/project/showfiles.php?group_id=89658) page and follow the upgrade steps in the documentation (http://coppermine-gallery.net/demo/cpg14x/docs/index.htm#upgrade).
Support:
If you have problems with this update, please use the Update support board (http://forum.coppermine-gallery.net/index.php?board=59.0). Do not post your issues to this announcement thread - they will be deleted without notice.
Why was cpg1.4.19 released?The release covers a recently discovered vulnerability that allows (if unpatched) the execution of remote code. Additionally, these non-security related issues have been fixed:
- Danish language file updated
- spacer for empty album list cells fixed
- improper nesting of form-tag in various files fixed
- invalid <f>-tag in upload.php removed
- type translation in reports fixed
- resources consumption for slideshows in meta albums fixed
- hard-coded string "edit keywords" replaced with translation
- Spanish documentation added
- SMF anonymous user fix
- profile email check issue fixed
Big thanks go to EgiX at milw0rm who discovered the vulnerability and Abbas Ali and Nibbler for coming up with the fix.
Thanks,
The Coppermine Team
Oh this is good.
:)
Thank you! But unfortunately I can't find any Italian documentation :(
There is no Italian documentation, but an Italian support board
@neontetra: don't behave like a jerk: you could at least have read the thread you're replying to:
Quote from: Joachim Müller on August 03, 2008, 12:33:25 PMSupport:
If you have problems with this update, please use the Update support board (http://forum.coppermine-gallery.net/index.php?board=59.0). Do not post your issues to this announcement thread - they will be deleted without notice.
I have done as announced and deleted your silly reply to this thread.
hello,
is it rigt that coppermine does not show "your installed version is 1.4.19" its even "1.4.18".
verifying over "versioncheck.php" is not supported on my server :-[
thx
Quote from: Marquis on October 07, 2008, 03:14:58 PM
is it rigt that coppermine does not show "your installed version is 1.4.19"
No, that's wrong. You shouldn't have hijacked this thread. As suggested above:
Quote from: Joachim Müller on August 03, 2008, 12:33:25 PMDo not post your issues to this announcement thread - they will be deleted without notice.
You're the person who is the culprit for this thread getting locked, as you failed to even read the thread you reply to. The issues you have are entirely yours only - you shouldn't have replied to this announcement thread, but started a thread of your own, posting the relevant details.
*sigh*
Locking.