Piwigo 2.5.4 Release Notes

Downloads Piwigo 2.5.4
Released on March 25th, 2014 (2014-03-25)
Focus security bug fixes
md5sum 12f8ac99264fb5733adb9bf82df8839c

Note: the list of major changes is described on Piwigo 2.5.0 release notes. This page only describes what changes between release 2.5.3 and release 2.5.4.

Bugs Fixed

  • 0002992: [photos] [Batch Manger] duplicate prefilter, SQL error with quotes in file names
  • 0003029: [security] XSS on website_url comment form
  • SQL injection and XSS bugs in search, kindly reported in private by Paul-Emmanuel Brun with details and discussion

Upgrade

Recommended method: follow the automatic upgrade procedure. If you're currently running Piwigo 2.2+, the Automatic Upgrade will tell you which plugin may be not compatible with Piwigo 2.5 before upgrade.

If you're running Piwigo 2.5.0, 2.5.1, 2.5.2 or 2.5.3 you can also download the 2.5.x_to_2.5.4.zip archive that contains all new and modified files. Once you have extracted the files, transfer them onto your web server with a FTP client (like FileZilla) over your Piwigo 2.5.x installation. No database upgrade is required.

If you are running a version older than 2.5.0 and do not want to use the automatic upgrade, then follow the manual upgrade.

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2017 · Contact