🌍
English
Announcement
- [2025-11-10] Piwigo 16.0.0RC2
- [2025-10-20] Piwigo 15.7.0 : stronger security on password reset
- [2025-10-08] Piwigo 16.0.0RC1
- [2025-09-05] Piwigo 16.0.0beta2
- [2025-07-25] Piwigo 15.6.0 : avoid duplicate paths
#1 2025-10-20 18:56:50
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13959
Piwigo 15.7.0 : stronger security on password reset
We recently received a security report on Github by Takumi Katanoda concerning the possibility to target a Piwigo user to reset his/her password. We do not consider it as an "easy" attack but with his advice we have strengthen the security on the form to reset password. We have also made "less verbose" the reset password message to avoid revealing potentially interesting information to attackers, it was another security advisory reported by mateusz.stroba.
Thank you very much for your reports that help us to make Piwigo more secure.
Background image by Steve Johnson on Pexels
Piwigo 15.7.0 release note
Offline
#3 2025-10-21 07:55:28
- ddtddt
- Piwigo Team
- Quetigny - France
- 2007-07-27
- 7306
Re: Piwigo 15.7.0 : stronger security on password reset
Hi :-)
windracer wrote:
Will a similar fix be pushed for the v16 RC?
RC is only for test
fix will be next RC
You love Piwigo so don't hesitate to participate, learn more on the "Contribute to Piwigo" page. If you don't have much time for contribution, you can also help the project with a donation.
Offline
#4 2025-10-21 09:23:04
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13959
Re: Piwigo 15.7.0 : stronger security on password reset
windracer wrote:
Will a similar fix be pushed for the v16 RC?
In addition to ddtddt answer, I'd like to add that the fix was applied first on "master" branch (from which we create RC builds), then backported on branch 15.x (from which we create 15.x.x releases). We released 15.7.0 first because it is supposed to be "in production", as opposed to 16RC1 ;-)
Offline