Bramin wrote:

If someone knows the destination folder for the photos, they can see them.

I confirm what ddtddt says: knowing the destination folder does not give you access to photos it contains. For example, here is a "folder" containing photos https://demo1.piwigo.com/uploads/y/0/v/ … 023/09/19/ : can you tell me how many there are in this folder?

An exception exists: if you have added photos with the "sync" method and you didn't secure the directory.

Bramin wrote:

Doesn't Piwigo encrypt photos on the server, or am I just not able to enable it?

Piwigo does not encrypt photos.

Aha, it was expecting the password to be input manually and "piwigodb" was referencing the database name? I tried a few times entering the password manually but it never accepted but it contains some strange characters and i was pasting it, maybe it escaped the input field somehow.

/Br

RushLana wrote:

Hi,

After testing I think you made a mistake somewhere when configuring your database password.
The original command work with an interactive password prompt, the only it would work in your case is if your database password was "piwigodb" (which shouldn't be the case).

The no space after -p is only if you want to use non interactive mode to send your password.

pump_up_the_jam wrote:

There is a small error in the instructions for updating via docker. The line for the database dump should be

Code:

docker exec -it piwigo-db-1 mariadb-dump -u piwigodb_user -p"piwigodb" | tee db_dump.sql

as per the mariadb man page:

•    --password[=password], -p[password]

           The password to use when connecting to the server. If you use
           the short option form (-p), you cannot have a space between
           the option and the password. If you omit the password value
           following the --password or -p option on the command line,
           mariadb-dump prompts for one.

           Specifying a password on the command line should be considered
           insecure. You can use an option file to avoid giving the
           password on the command line.

Was bashing my head against some walls before I found this :)

Hi,

After testing I think you made a mistake somewhere when configuring your database password.
The original command work with an interactive password prompt, the only it would work in your case is if your database password was "piwigodb" (which shouldn't be the case).

The no space after -p is only if you want to use non interactive mode to send your password.

pump_up_the_jam wrote:

There is a small error in the instructions for updating via docker. The line for the database dump should be

Code:

docker exec -it piwigo-db-1 mariadb-dump -u piwigodb_user -p"piwigodb" | tee db_dump.sql

as per the mariadb man page:

•    --password[=password], -p[password]

           The password to use when connecting to the server. If you use
           the short option form (-p), you cannot have a space between
           the option and the password. If you omit the password value
           following the --password or -p option on the command line,
           mariadb-dump prompts for one.

           Specifying a password on the command line should be considered
           insecure. You can use an option file to avoid giving the
           password on the command line.

Was bashing my head against some walls before I found this :)

Hi,

That's a different topic. Please start a new thread.

Bramin wrote:

If someone knows the destination folder for the photos

If you go to a photo directory in your web browser, you'll be redirected to the Piwigo homepage

Dave S wrote:

Updating docker image from v16.3.0 to v16.4.0 or v16.4.0a has an error in the log:

2026-05-05T14:43:11.247103495Z find: ‘/usr/local/bin/scripts/’: No such file or directory</pre>

Container startup seems to stop when this file is not found - no other entries in the log after this and site sending a 502 bad gateway error. 

reverted to v16.3.0 and working fine, no errors.

I also got 502 bad gateway after updating but being a long time Linux user but first time server owner, i rebooted the server and after that it was working. Horribly low tech solution, sorry.

There is a small error in the instructions for updating via docker. The line for the database dump should be

docker exec -it piwigo-db-1 mariadb-dump -u piwigodb_user -p"piwigodb" | tee db_dump.sql

as per the mariadb man page:

•    --password[=password], -p[password]

           The password to use when connecting to the server. If you use
           the short option form (-p), you cannot have a space between
           the option and the password. If you omit the password value
           following the --password or -p option on the command line,
           mariadb-dump prompts for one.

           Specifying a password on the command line should be considered
           insecure. You can use an option file to avoid giving the
           password on the command line.

Was bashing my head against some walls before I found this :)

For some reason, I still see an update notification when I log in to my Piwigo admin panel, but when I open the update page it says:

“Currently running version 16.2.0. You are running the latest version of Piwigo.”

So it looks like the notification may be stuck or cached (cleaned everything)

topic:34818

New release 16.4.0 comes with 7 security issues fixed and 9 bugs also fixed.

Maybe because of recent AI tools, we have received (and continue to receive) several security advisories in the last weeks. Here are the first 7 security issues fixed. Special thanks to security reporters Jonathan from Helx.io, Leousum, sh4dowalker, maru1009, LipeOzyy and chakradhar1228.


Background image by MART PRODUCTION on Pexels

Have a good update!

Piwigo 16.4.0 release note