cpg1.4.24 maintenance release - upgrade recommended cpg1.4.24 maintenance release - upgrade recommended
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

cpg1.4.24 maintenance release - upgrade recommended

Started by Joachim Müller, May 25, 2009, 10:17:11 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Joachim Müller

The Coppermine development team is releasing an update for Coppermine in order to fix an endless loop that could occur in particular versions of PHP.The fix is not security-critical, so if your gallery is running fine with cpg1.4.23 you don't need to upgrade. If you are running an older version than cpg1.4.23, you must  update to this latest version as soon as possible because of the security impact (the past few maintenance releases before cpg1.4.24 all were security-related).

The fix that lead to the release of cpg1.4.24 takes care of the blank pages or 500 internal server errors that some users reported after upgrading to cpg1.4.23 or after performing a fresh install. It seems that all users who reported the issues are using PHP 4.3.x - other versions of PHP don't seem to be affected.

How to update:
Users running versions prior to 1.4.24 should update by downloading the latest version cpg1.4.24 from the download page and following the upgrade steps in the documentation.

Manual patch:
For those who want to apply the fix manually to their cpg1.4.23 Coppermine installation, edit include/init.inc.php with a plain text editor (notepad.exe is fine), find$keysToSkip = array('_POST', '_GET', '_COOKIE', '_REQUEST', '_SERVER', 'HTML_SUBST', 'keysToSkip', 'register_globals_flag', 'cpgdebugger');and replace with$keysToSkip = array('_POST', '_GET', '_COOKIE', '_REQUEST', '_SERVER', 'HTML_SUBST', 'keysToSkip', 'register_globals_flag', 'cpgdebugger', 'key');To make this absolutely clear: this will only fix the endless loop that lead to the release of cpg1.4.24 - this fix will not be enough if you are running an older version than cpg1.4.23. If you are running an older version, don't apply the manual fix, but perform the full upgrade as suggested above.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread. You wouldn't want the world to know that you behaved like a moron, so please do think twice before replying to this thread. Do not reply with questions on your individual issues!

Why was cpg1.4.24 released?
The release covers a bug that crept in when fixing the vulnerability that lead to the release of cpg1.4.23.

Additionally, cpg1.4.24 includes fixes for the following non-security related issues:

  • Added 'svn' to the list of foldernames to skip during batch-add
  • Fixing duplicates during batch-add
  • Removed deprecated target attributes
  • Replaced reference to coppermine.sf.net with currenty URL coppermine-gallery.net
  • Updated Russian language file
  • Added line breaks for meta navigation
  • Backported browser and client OS detection function from cpg1.5.x for granular stats
  • Added code for correct keyword separation in keyword meta tag
  • Updated Georgian language file
  • Updated Finnish language file
  • Updated Italian language file

Thanks to Nibbler for coming up with the fix.

Thanks,
The Coppermine Team

François Keller

Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Αndré


Fabricio Ferrero

Read Docs and Search the Forum before posting. - Soporte en español
--*--
Fabricio Ferrero's Website

Catching up! :)