Print Page - For Coppermine Gallery users.

Title: For Coppermine Gallery users.
Post by: lurkalot on May 24, 2010, 11:57:16 PM

For any Coppermine gallery users,

cpg1.4.27 Security release - upgrade mandatory!

Why was cpg1.4.27 released?

"The release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines."

http://forum.coppermine-gallery.net/index.php/topic,65023.0.html

Title: Re: cpg1.4.27 Security release - upgrade mandatory!
Post by: lurkalot on June 08, 2010, 08:51:20 AM

Just to add to this,

The new version of Coppermine 1.5.6 Stable has now been released.

http://forum.coppermine-gallery.net/index.php/topic,65278.0.html

What will happen to 1.4.x?

"With all the new features of 1.5.x the development team have decided that only security fixes will be applied to 1.4.x in the short term. However, there will come a time when 1.4.x will be laid to rest. While we have yet to decide on a firm date for this to happen expect support to be withdrawn in around 6 months. With all the new features that 1.5.x brings we firmly believe most users to want to upgrade long before then."

Title: Re: cpg1.4.27 Security release - upgrade mandatory!
Post by: lurkalot on October 01, 2010, 08:44:01 AM

A bit behind on this, so just bringing up to date. :-[

Coppermine 1.5.8 [stable] is released. August 06, 2010

http://forum.coppermine-gallery.net/index.php/topic,66417.0.html

Ã¢â,¬Â¢ Built in Captcha engine
Ã¢â,¬Â¢ Built in Watermark engine
Ã¢â,¬Â¢ New Upload Interface
Ã¢â,¬Â¢ Improved Groups control
Ã¢â,¬Â¢ Improved Category Management tool
Ã¢â,¬Â¢ Drag and drop sorting of albums
Ã¢â,¬Â¢ Improved Search engine
Ã¢â,¬Â¢ New core Ã¢â,¬ËœCurveÃ¢â,¬â,,¢ theme
Ã¢â,¬Â¢ Improved image tagging
Ã¢â,¬Â¢ Enhanced plugin engine.

Title: Re: For Coppermine users.
Post by: lurkalot on October 01, 2010, 08:47:56 AM

Support for 1.4.x to cease soon.

When?

"1st December 2010 is the sad date. From then on we will close all the 1.4.x support forums to new threads."

What do we do as website owners?

"That is your choice. Coppermine 1.4.x will not stop working after that date. Having said that, should you run into any problems you will unfortunately be on your own. Additionally, there will be no security updates available so you run the risk if new exploits are discovered."

Read more here, http://forum.coppermine-gallery.net/index.php/topic,66659.0.html

Title: Re: For Coppermine Gallery users.
Post by: ZarPrime on October 01, 2010, 05:52:04 PM

Hmmm, a shame that the new version won't be backward compatible. :P

ZarPrime

Title: Re: For Coppermine Gallery users.
Post by: lurkalot on October 02, 2010, 02:44:39 PM

Quote from: ZarPrime on October 01, 2010, 05:52:04 PM
Hmmm, a shame that the new version won't be backward compatible. :P

ZarPrime

Jim. Backward compatible with what? ???

Title: Re: For Coppermine Gallery users.
Post by: ZarPrime on October 02, 2010, 02:53:01 PM

I think I probably misread the announcement. I was thinking that they were saying that the new version wouldn't work with the old code. I was probably in a fog the day I wrote that so you should probably just ignore my post. ;)

ZarPrime

Title: Re: For Coppermine Gallery users.
Post by: lurkalot on August 02, 2011, 09:20:48 AM

cpg 1.5.14 maintenance release - upgrade recommended

The Coppermine development team is releasing an update for Coppermine in order to fix several minor issues. All fixes are not security critical, so if your gallery is running fine with cpg1.5.12 you don't need to upgrade. If you are running an older version than cpg1.5.12, you must update to this latest version as soon as possible because of the security impact!

Why was cpg1.5.14 released?
Since the last release of the cpg1.5.x series (about 7 months ago) a couple of improvements has been added to the svn repository.

Changelog:

Fixed username in activation mail (thread (http://forum.coppermine-gallery.net/index.php/topic,69555.0.html))
Fixed version number displayed on the index page in the doc
Added Norwegian language file (user contribution)
Fixed album thumbnail for keyword albums without physical files when link_pic_count is disabled (thread (http://forum.coppermine-gallery.net/index.php/topic,69449.0.html))
Use the intermediate picture 'use dimension' setting when resizing full-sized pictures during the upload process
Fixed spelling of 'email' in German language files
Fixed validation of ImageMagick path in config
Added missing jump label 'top_display_media' to theme 'eyeball' (thread (http://forum.coppermine-gallery.net/index.php/topic,71017.0.html))
Fixed PHP notices 'Undefined variable' and 'Use of undefined constant' during install step 2 (thread (http://forum.coppermine-gallery.net/index.php/topic,71384.0.html))
Fixed some missing icons in help pages (thread (http://forum.coppermine-gallery.net/index.php/topic,71725.0.html))
Fixed detection of intermediate-sized pictures when renaming files (thread (http://forum.coppermine-gallery.net/index.php/topic,67894.0.html))
Added Serbian language file (user contribution)
Fixed embedding of SWF files (thread (http://forum.coppermine-gallery.net/index.php/topic,72138.0.html))
Fixed safe_mode check when sending emails
Fixed selection of gallery icon for user categories (thread (http://forum.coppermine-gallery.net/index.php/topic,72274.0.html))
Fixed display of random album thumbnail in sub-category if album keyword is set (thread (http://forum.coppermine-gallery.net/index.php/topic,72302.0.html))
Updated Turkish language file (user contribution)
Fixed user manager issue (thread (http://forum.coppermine-gallery.net/index.php/topic,72070.0.html))
Fixed several keywords issues (issues with ampersands and spaces, leftover keyword separators) (thread (http://forum.coppermine-gallery.net/index.php/topic,73161.0.html))
Fixed valid token issue during logout (thread (http://forum.coppermine-gallery.net/index.php/topic,61186.0.html))
Display exact character encoding in config (thread (http://forum.coppermine-gallery.net/index.php/topic,73209.0.html))
Fixed permission issue if admin tries to create a personal album (thread (http://forum.coppermine-gallery.net/index.php/topic,72009.0.html))
Fixed batch-add issue if no file is selected (thread (http://forum.coppermine-gallery.net/index.php/topic,70342.0.html))
Fixed visibility issue when setting an album password with IE (thread (http://forum.coppermine-gallery.net/index.php/topic,70248.0.html))
Fixed admin tools format in eyeball theme (thread (http://forum.coppermine-gallery.net/index.php/topic,69705.0.html))
Fixed thumbnail pages dropdown list on album list (thread (http://forum.coppermine-gallery.net/index.php/topic,69511.0.html))
Adjusted part of documentation to reflect cpg1.5.x code change (thread (http://forum.coppermine-gallery.net/index.php/topic,71932.0.html))
Fixed critical error message for meta album 'lastalb' if thumbnail image doesn't exist (thread (http://forum.coppermine-gallery.net/index.php/topic,67596.0.html))
Fixed first level album thumbnails if thumbnail image doesn't exist
Moved memberlist button to home menu drop-down for theme 'curve' (thread (http://forum.coppermine-gallery.net/index.php/topic,73255.0.html))
Added workaround for delayed cookie issue during login (thread (http://forum.coppermine-gallery.net/index.php/topic,73016.0.html))

Title: Re: For Coppermine Gallery users.
Post by: lurkalot on January 11, 2012, 08:36:14 PM

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.16 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.18 should update immediately by downloading (https://sourceforge.net/projects/coppermine/files/Coppermine/1.5.x/cpg1.5.18.zip/download) the latest version from the download page (http://sourceforge.net/project/showfiles.php?group_id=89658) and following the upgrade steps in the documentation (http://documentation.coppermine-gallery.net/en/upgrading.htm).

Support:
If you have problems with this update, please use the Update support board (http://forum.coppermine-gallery.net/index.php?board=90.0). Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.18 released?
The release covers a path disclosure vulnerability. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information.

Additionally, cpg1.5.18 includes fixes for the following non-security related issues:

Added plugin hook 'upload_file_name'
Add default values on 'onlinestats' installation to avoid weird dates right after plugin installation (thread (http://forum.coppermine-gallery.net/index.php/topic,73467.0.html))
Updated Arabic language file (user contribution)
Fixed simple upload process when users can just upload to their personal gallery (thread (http://forum.coppermine-gallery.net/index.php/topic,73570.0.html))
Added upload button after each album name in album manager
Added anchors on plugin manager
Fixed infinite loop for delayed cookie issue workaround (thread (http://forum.coppermine-gallery.net/index.php/topic,73655.0.html))
Disallow dots in cookie name (thread (http://forum.coppermine-gallery.net/index.php/topic,73655.0.html))
Fixed issue with very big 'Max size for uploaded files' values (thread (http://forum.coppermine-gallery.net/index.php/topic,73722.0.html))
Fixed album thumbnails for public albums in 'My gallery' view for regular users
Fixed clickable keywords with spaces (thread (http://forum.coppermine-gallery.net/index.php/topic,73804.0.html))
Fixed critical error for 'lasthits' meta album (thread (http://forum.coppermine-gallery.net/index.php/topic,73801.0.html))
Fixed misleading error message when uploading files that exceed the file size limit with the simple upload form (thread (http://forum.coppermine-gallery.net/index.php/topic,61711.0.html))
Added hidden feature "Create sub-directory named according to the album ID in users' upload directories during HTTP upload"
Use selected album thumbnail for 'lastup' meta album (thread (http://forum.coppermine-gallery.net/index.php/topic,73946.0.html))
Create user album in personal gallery when user is created via the user manager (thread (http://forum.coppermine-gallery.net/index.php/topic,74013.0.html))
Added captcha for ecards feature (thread (http://forum.coppermine-gallery.net/index.php/topic,71501.0.html))
Fixed a potential path disclosure vulnerability in core plugin configuration files
Updated date/time formats in English (British) language file (thread (http://forum.coppermine-gallery.net/index.php/topic,72549.0.html))
Updated header information to reflect new year

The Coppermine Team

Title: Re: For Coppermine Gallery users.
Post by: lurkalot on March 29, 2012, 11:20:50 PM

cpg1.5.20 Security release - upgrade mandatory!

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.18 or older update to this latest version as soon as possible.

Why was cpg1.5.20 released?
The release covers several path disclosure vulnerabilities. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information.
Furthermore, the release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions.

Additionally, cpg1.5.20 includes fixes for the following non-security related issues:

Disabled possibility to move albums to root level of user category (thread (http://forum.coppermine-gallery.net/index.php/topic,74323.0.html))
Fixed broken IP address lookup (thread (http://forum.coppermine-gallery.net/index.php/topic,74346.0.html))
Fixed email validation for registration process (thread (http://forum.coppermine-gallery.net/index.php/topic,74388.0.html))
Updated Serbian language file (user contribution)
Changed status in credits section to 'retired'
Updated Italian language file (user contribution)
Re-added 'search by owner name' checkbox to search form (thread (http://forum.coppermine-gallery.net/index.php/topic,66818.0.html), thread (http://forum.coppermine-gallery.net/index.php/topic,67757.0.html))
New feature: display only the uploaded files from the last queue after flash upload (thread (http://forum.coppermine-gallery.net/index.php/topic,73826.0.html))
Fixed behavior of "Show first level album thumbnails in categories" setting (thread (http://forum.coppermine-gallery.net/index.php/topic,74568.0.html))
Added plugin hook 'theme_album_params'
Fixed quota bar in user manager for secondary group memberships (thread (http://forum.coppermine-gallery.net/index.php/topic,74392.0.html))
Display default groups "Administrators" and "Registered" on modify user page (thread (http://forum.coppermine-gallery.net/index.php/topic,74391.0.html))
Moved code from usermgr.php to function 'cpg_get_groups'
Added Opera compatibility for rounded corners to theme 'curve' (thread (http://forum.coppermine-gallery.net/index.php/topic,74598.0.html))
Fixed error message at "Edit file information" form (thread (http://forum.coppermine-gallery.net/index.php/topic,74648.0.html))
Updated EXIF library (thread (http://forum.coppermine-gallery.net/index.php/topic,74671.0.html))
Fixed clickable keywords in file information box at intermediate view (thread (http://forum.coppermine-gallery.net/index.php/topic,74678.0.html))
Fixed search results when searching for specific characters (thread (http://forum.coppermine-gallery.net/index.php/topic,74678.0.html))
Fixed error message when activating more than one user in the user manager (thread (http://forum.coppermine-gallery.net/index.php/topic,74326.0.html))
Fixed different gallery behavior for register_globals on/off setting (thread (http://forum.coppermine-gallery.net/index.php/topic,74360.0.html))

Title: Re: For Coppermine Gallery users.
Post by: lurkalot on February 16, 2017, 07:37:40 AM

The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.46 should update immediately by downloading (https://sourceforge.net/projects/coppermine/files/Coppermine/1.5.x/cpg1.5.46.zip/download) the latest version from the download page (http://sourceforge.net/project/showfiles.php?group_id=89658) and following the upgrade steps in the documentation (http://documentation.coppermine-gallery.net/en/upgrading.htm).

Support:
If you have problems with this update, please use the Update support board (http://forum.coppermine-gallery.net/index.php?board=90.0). Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.46 released?
The release covers a recently discovered directory traversal vulnerability that allows (if unpatched) a malevolent visitor to access restricted directories under certain conditions.

Thanks to Matthew Hickey from My Hacker House (http://www.myhackerhouse.com/) for discovering the vulnerability.

The Coppermine Team

TinyPortal

Development => News Board => Topic started by: lurkalot on May 24, 2010, 11:57:16 PM