changes between 2.1.x and 2.1.3
|Released on||September 14th, 2010 (2010-09-14)|
|Focus||security bug fix, bug fixes, new languages|
This release contains two major security bug fixes: an SQL injection and a Cross-site request forgery vulnerability. It is highly recommended to upgrade your Piwigo 2.1.x. Thank you to Loïc Castel for help provided.
By the way, let's remind the best way to notify Piwigo team about security failures: private contact form.
PostgreSQL and SQLite are still in experimental state. Nicolas keeps fixing bugs and MySQL only code he may find. Please beta-testers keep reporting issues you may encounter when using PostgreSQL/SQLite as database backend.
Recommended method: follow the automatic upgrade procedure.
If you're running Piwigo 2.1.0, 2.1.1 or 2.1.2, you can also download the 2.1.x_to_2.1.3.zip archive that contains all new and modified files. Once you have extracted the files, transfer them onto your web server with a FTP client (like FileZilla) over your Piwigo 2.1.x installation. No database upgrade is required.
If you are running a version older than 2.1.0 and do not want to use the automatic upgrade, then follow the manual upgrade.