Release note / Piwigo 2.8.5

security fixes

2.8.5
Download Piwigo 2.8.5

Released on 1 Gennaio 2017

md5sum

The list of major changes is described on Piwigo 2.8.0 release note

Bugs fixed

Known issues

Featured added

Upgrade

Bugs fixed

595 / Technical

update PHPMailer to 5.2.21

575 / Security

CVE-2016-10083 Cross Site Scripting, reported by Shinkurt

574 / Security

File Inclusion with Possible RCE, reported by Shinkurt

573 / Security

CVE-2016-10085 File Inclusion Attack #2, reported by Shinkurt

572 / Security

CVE-2016-10084 File Inclusion Attack, reported by Shinkurt

Known issues

599 / Technical

fix PHPMailer smtp class loading when using SMTP transport

Upgrade

We recommend the automatic upgrade. If you're running version 2.2+, Piwigo will tell you which plugins may be not compatible with Piwigo 2.8 before upgrade.

If you're running Piwigo 2.8.x you can also download the 2.8.x_to_2.8.5.zip archive that contains all new and modified files. Once you have extracted the files, transfer them onto your web server with a FTP client over your Piwigo 2.8.x installation. No database upgrade is required.

If you are running a version older than 2.8 and do not want to use the automatic upgrade, then follow the manual upgrade.