cpg1.5.16 Security release - upgrade mandatory! cpg1.5.16 Security release - upgrade mandatory!
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

cpg1.5.16 Security release - upgrade mandatory!

Started by Αndré, September 01, 2011, 10:39:18 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Αndré

September 01, 2011, 10:39:18 AM Last Edit: September 01, 2011, 03:11:31 PM by Αndré
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.14 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.16 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.16 released?
The release covers a recently discovered bug in the registration process that allows (if unpatched) a user to circumvent the admin activation if both email verification and admin activation are enabled in the config.

Additionally, cpg1.5.16 includes fixes for the following non-security related issues:

  • Fixed 'delete all comments' function in album properties
  • Added plugin hook 'register_form_validate'
  • Fixed display of non-image files when 'Go directly from thumbnail to full-sized image' is enabled in config (thread)
  • Also send activation confirmation email if the user has been activated via the user manager (thread)

The Coppermine Team
Print
Go Up Pages1
User actions