The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
How to update:
Users running versions prior to 1.5.48 should update immediately by downloading (https://sourceforge.net/projects/coppermine/files/Coppermine/1.5.x/cpg1.5.48.zip/download) the latest version from the download page (http://sourceforge.net/project/showfiles.php?group_id=89658) and following the upgrade steps in the documentation (http://documentation.coppermine-gallery.net/en/upgrading.htm).
Support:
If you have problems with this update, please use the Update support board (http://forum.coppermine-gallery.net/index.php?board=90.0). Do not post your issues to this announcement thread - your post will be deleted without notice.
Why was cpg1.5.48 released?The release covers a recently discovered reflected XSS vulnerability.
Additionally, cpg1.5.48 includes fixes for the following non-security related issues:
- Added support for custom MySQL server port to vBulletin bridge (thread (http://forum.coppermine-gallery.net/index.php/topic,78918.0.html))
- Updated Japanese language file (user contribution)
- Fixed white screens with low privileged users clicking into open albums when using theme "curve" (thread (http://forum.coppermine-gallery.net/index.php/topic,79283.0.html))
Thanks to the Netsparker (https://www.netsparker.com) team for discovering the vulnerability.
The Coppermine Team
Users running PHP 4, please read this (http://forum.coppermine-gallery.net/index.php/topic,76999.0.html).
The current project is the 1.6.x line. The 1.5.x line is maintenance only.