Happy new year 2017!
Holiday season has been a bit disturbed by security issues discovered in the email library we use on Piwigo (PHP Mailer). This is why we've released an "emergency" release 2.8.4 on December 27th and then release 2.8.5 on January 1st 2017.
Thanks to teekay (Thomas Kuther on Github), author of the excellent Bootstrap Darkroom theme, PHP Mailer embedded in Piwigo is now in version 5.2.21. Thank you very much for your help.
2 days ago, 3 "vulnerabilities" have been published about Piwigo 2.8.3/2.8.4 on Twitter and various security focused websites. They were reported by Shinkurt on Github a few days before and he helped to fix them. I don't consider these security issues as "major" because only an administrator can exploit them. But anyway, it's good to have them fixed :-)
Happy 1-click update
Thanks for the fast release(s), plg!
Unfortunately I didn't properly test sending out mails using direct SMTP transfer (so, $conf['smtp_host'] present in local/config/config.inc.php). This looks broken now, see [Forum, topic 27499] Email notification problems
Possible fix from [Github] PHPMailer issue #113
Seems to work fine on my server, both sendmail and direct SMTP are working. Preparing a pull request.
in the Backend it says •Piwigo 2.8.3 is the newest and now update avaiable. ;-(
have a nice day