We’ve gone through and updated:
- all wordpress scripts to the latest version
- all coppermine scripts to the latest version (1.5.20)
Version 3.3.2 – release April 20th
Not much interesting here… just upgrades as usual
Actually, we like coppermine 1.4 but there are some known security issues with this version so the latest version is safer. We don’t like always upgrading things every few days when a works fine and there are no significant changes or issues but they announced some security issues with older versions. There were too many installations using older versions with known security issues which wasn’t good so we decided to upgrade this for everyone.
cpg1.5.20 Security release – upgrade mandatory!
+ 29 March 2012
The Coppermine development team is releasing a security update for
Coppermine in order to counter a recently discovered vulnerability. It
is important that all users who run version cpg1.5.18 or older update
to this latest version as soon as possible.
Why was cpg1.5.20 released?
The release covers several path disclosure vulnerabilities. If
unpatched, it’s possible to generate an error that will reveal the
full path of the script. A remote user can determine the full path to
the web root directory and other potentially sensitive information.
Furthermore, the release covers a recently discovered XSS
vulnerability that allows (if unpatched) a malevolent visitor to
include own script routines under certain conditions.
Since cpmfetch does’t work by default with 1.5, any old cpmfetch sinstallations have been modded and upgraded to work with 1.5.
What you may need to do (themes and mods):
- If you are using a mod for coppermine such as onlinestats for coppermine 1.4x, you will need to update it to work with the latest version
- If you are using a theme that is not compatible with 1.5 (onlya small number of the galleries that have been upgraded), you will need to use another theme or update the coding it the template.html file to work with 1.5.
Some versions of 1.4
Some people had some (possibly older) versions of 1.4 that required the database to be updated manually through database queries. We’ve found all the galleries that have errors already and fixed the manually.
Unfortunately, the upgrade provided by Coppermine doesn’t work when you upgrade from certain versions of 1.4. It is a known “bug” in their upgrades - (e.g., http://forum.coppermine-gallery.net/index.php?topic=71353.0).
They assume that always update with every script, so the upgrade only adds the changes since a recent version which means it won’t work if you are upgrading from certain versions. For example, it doesn’t work by default if you need to upgrade from certain versions of 1.4. In these cases, if you run their upgrade, you will miss some changes that will break the database if you run their script. We’ve gone through and fixed this on any 1.4 galleries where this is the case and updated this with a custom upgrade. :)
The upgrading for the scripts was a lengthy process that we’ve planned for a while and it has been completed successfully.
Any questions or issues please email us.
If you see something new on your gallery, it is probably due to the upgrade and it is just us.