Announcement

#1 2017-01-02 14:59:07

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13822

Piwigo 2.8.4 + 2.8.5

Happy new year 2017!

Holiday season has been a bit disturbed by security issues discovered in the email library we use on Piwigo (PHP Mailer). This is why we've released an "emergency" release 2.8.4 on December 27th and then release 2.8.5 on January 1st 2017.

Thanks to teekay (Thomas Kuther on Github), author of the excellent Bootstrap Darkroom theme, PHP Mailer embedded in Piwigo is now in version 5.2.21. Thank you very much for your help.

2 days ago, 3 "vulnerabilities" have been published about Piwigo 2.8.3/2.8.4 on Twitter and various security focused websites. They were reported by Shinkurt on Github a few days before and he helped to fix them. I don't consider these security issues as "major" because only an administrator can exploit them. But anyway, it's good to have them fixed :-)

Happy 1-click update

Offline

#2 2017-01-03 08:26:25

teekay
Member
2013-06-12
427

Re: Piwigo 2.8.4 + 2.8.5

Thanks for the fast release(s), plg!

Unfortunately I didn't properly test sending out mails using direct SMTP transfer (so, $conf['smtp_host'] present in local/config/config.inc.php). This looks broken now, see [Forum, topic 27499] Email notification problems

Possible fix from [Github] PHPMailer issue #113

Seems to work fine on my server, both sendmail and direct SMTP are working. Preparing a pull request.

Offline

#3 2017-01-03 10:32:34

vikozo
Member
suisse
2016-11-20
41

Re: Piwigo 2.8.4 + 2.8.5

Hello
in the Backend it says •Piwigo 2.8.3 is the newest and now update avaiable. ;-(
have a nice day
vinc


Piwigo version: the newest since 2.8.2 / PHP: 5.6.27-0+deb8u1 /  MySQL: 5.5.5-10.0.27-MariaDB-0+deb8u1
Piwigo URL:              http://www.kocher.photos/piwigo/
Lightroom --> Piwigo extensions: https://alloyphoto.com/plugins/piwigo/

Offline

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2024 · Contact