Piwigo 2.8.5 Release Notes

Downloads Piwigo 2.8.5
Released on January 1st, 2017 (2017-01-01)
Focus security fixes
md5sum 38ab182083e8e5ae6d5a51295305ae8b

Note: the list of major changes is described on Piwigo 2.8.0 release notes. This page only describes what changes between release 2.8.4 and release 2.8.5.

Bugs Fixed

  • #595: update PHPMailer to 5.2.21 thanks to teekay (security issue)
  • #575: minor security issue CVE-2016-10083 cross-site scripting on admin page, reported by Shinkurt
  • #574: File Inclusion with Possible RCE on admin page, reported by Shinkurt
  • #573: minor security issue CVE-2016-10085 File Inclusion Attack on admin page, reported by Shinkurt
  • #572: minor security issue CVE-2016-10084 File Inclusion Attack on admin page, reported by Shinkurt

Known Issues

Upgrade

Recommended method: follow the automatic upgrade procedure. If you're currently running Piwigo 2.2+, the Automatic Upgrade will tell you which plugin may be not compatible with Piwigo 2.8 before upgrade.

If you're running Piwigo 2.8.* you can also download the 2.8.x_to_2.8.5.zip archive that contains all new and modified files. Once you have extracted the files, transfer them onto your web server with a FTP client (like FileZilla) over your Piwigo 2.8.x installation. No database upgrade is required.

If you are running a version older than 2.8 and do not want to use the automatic upgrade, then follow the manual upgrade.

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2017 · Contact