cpg1.5.16 Security release - upgrade mandatory! cpg1.5.16 Security release - upgrade mandatory!
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

cpg1.5.16 Security release - upgrade mandatory!

Started by Αndré, September 01, 2011, 10:39:18 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Αndré

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.14 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.16 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.16 released?
The release covers a recently discovered bug in the registration process that allows (if unpatched) a user to circumvent the admin activation if both email verification and admin activation are enabled in the config.

Additionally, cpg1.5.16 includes fixes for the following non-security related issues:

  • Fixed 'delete all comments' function in album properties
  • Added plugin hook 'register_form_validate'
  • Fixed display of non-image files when 'Go directly from thumbnail to full-sized image' is enabled in config (thread)
  • Also send activation confirmation email if the user has been activated via the user manager (thread)

The Coppermine Team