🌍
English
Announcement
- [2025-12-02] Piwigo 16.1.0 : better compatibility with old/new PHP versions
- [2025-11-24] Piwigo 16 : Standard pages, API keys, Docker image
- [2025-11-18] Piwigo 16.0.0RC3
- [2025-11-10] Piwigo 16.0.0RC2
- [2025-10-20] Piwigo 15.7.0 : stronger security on password reset
- Forum Index
- » Announcements
- » Piwigo 15.7.0 : stronger security on password reset
Post a reply
Topic review (newest first)
- windracer
- 2025-10-24 14:41:50
Thanks for the clarification!
- plg
- 2025-10-21 09:23:04
windracer wrote:
Will a similar fix be pushed for the v16 RC?
In addition to ddtddt answer, I'd like to add that the fix was applied first on "master" branch (from which we create RC builds), then backported on branch 15.x (from which we create 15.x.x releases). We released 15.7.0 first because it is supposed to be "in production", as opposed to 16RC1 ;-)
- ddtddt
- 2025-10-21 07:55:28
Hi :-)
windracer wrote:
Will a similar fix be pushed for the v16 RC?
RC is only for test
fix will be next RC
- windracer
- 2025-10-21 00:21:04
Will a similar fix be pushed for the v16 RC?
- plg
- 2025-10-20 18:56:50
We recently received a security report on Github by Takumi Katanoda concerning the possibility to target a Piwigo user to reset his/her password. We do not consider it as an "easy" attack but with his advice we have strengthen the security on the form to reset password. We have also made "less verbose" the reset password message to avoid revealing potentially interesting information to attackers, it was another security advisory reported by mateusz.stroba.
Thank you very much for your reports that help us to make Piwigo more secure.
Background image by Steve Johnson on Pexels
Piwigo 15.7.0 release note