Holiday season has been a bit disturbed by security issues discovered in the email library we use on Piwigo (PHP Mailer). This is why we've released an "emergency" release 2.8.4 on December 27th and then release 2.8.5 on January 1st 2017.
Thanks to teekay (Thomas Kuther on Github), author of the excellent Bootstrap Darkroom theme, PHP Mailer embedded in Piwigo is now in version 5.2.21. Thank you very much for your help.
2 days ago, 3 "vulnerabilities" have been published about Piwigo 2.8.3/2.8.4 on Twitter and various security focused websites. They were reported by Shinkurt on Github a few days before and he helped to fix them. I don't consider these security issues as "major" because only an administrator can exploit them. But anyway, it's good to have them fixed :-)
Dear Piwigo enthusiast beta-testers, this message is for you!
We're excited to announce the availability of the first beta-test release for Piwigo 2.9. Following feedback and recommendations from many users, design has become a priority for this release. Piwigo 2.9 includes many cosmetic changes in administration pages. Of course it also includes various other improvements such as technical improvements, increased speed. This version 2.9.0beta1 is for test only, so don't install it on your live website.
Here is the list of changes compared to Piwigo 2.8. First the changes for users:
* modernized administration pages (colors, less borders, more icons) * redesigned tag manager * redesigned administration homepage, ie dashboard * password generator on user creation form * options on album deletion when dealing with photos * download link on photo edition page, for admins * quick link to edit ability you just created * find duplicate photos based on checksum
... and then more "technical" changes:
* dataTables.js updated to version 1.10 * improved history engine: faster and keeps history small * new "messages" box (blue color) in addition to infos (green), errors (red) and warnings (yellow) * session automatic deletion more often * faster opening for user edition box (no search in history for "last visit") * API method pwg.session.getStatus returns list of available photo sizes * new album can be sorted at the bottom of the list (instead of top)
Here we go with the biggest change on 2.9: design! Dark header, footer and menubar. Less borders. Brand new administration home page.
The tag manager now has a distinct selection mode, to apply actions in batch.
When deleting an album containing photos, Piwigo will now ask you what you want to do with photos associated to the album.
Piwigo 2.9 comes with a modernized Batch Manager: icons for checkboxes, specific fieldset separator (only on this page, waiting for user feedback), new colors for selected thumbnail (dark gray) and "below the cursor" (Piwigo orange) thumbnails.
Several users have reported a "missing CSPRNG" issue, ie Cryptographically Secure PseudoRandom Number Generator, see Wikipedia. This new version introduces a new CSPRNG for specific environment where the one introduced in version 2.8.1 doesn't work. CSPRNG is important for security reasons.
This version also brings the password reset form to the mobile theme SmartPocket.
Here comes Piwigo version 2.8.1. This version fixes various bugs. Some of them were introduced by version 2.8.0. See full details on the Piwigo 2.8.1 Release Notes. Main bugs fixed:
* increase randomness on random key generation. Vulnerability reported by Dan Clifford. Many thanks to him! This vulnerability is quite annoying but only has impact for Windows hosting and old PHP versions. * failure to create tables on MySQL 5.7 * multiple-format feature described in embedded documentation