News

FEATURED

Zenphoto 1.4.14

This is a bugfix and security release.

The security issue affects specifially the third party phpmailer library used by the PHPMailer plugin. More info on that on https://github.com/PHPMailer/PHPMailer/releases. You basically could only be affected if you use this plugin as the mailing facility via the contact_form plugin for example.

General

  • Zenphoto now exposes only the general Zenphoto version and the script generation time within the html comment at the bottom of  front end theme files. Formerly it also exposes some server related data like the graphic lib and which plugins are being used.
    This was of course to help us supporting on the forum as we would get an some base information about the install even if those haven't been provided. But of course it might give more information than necessary to (...)

Docker-Zenphoto

The popular picture gallery CMS for Docker.

Zenphoto vagrant

This is a Vagrant project to quickly setup a virtual machine with a ready-to-install Zenohoto instance.

This project uses Vagrant multi machine feature, therefore two different providers are available:

  • VirtualBox: Default with an Ubuntu (14.04) Trusty 64bit virtual machine.
  • DigitalOcean: Default with an Ubuntu (14.04) Trusty 64bit virtual machine.

Zenphoto 1.4.13

This is a minor bugfix release. 

General

  • Follow-up fixes regarding the new dirty form check on the backend [fretzl]
  • Some fixes regarding PHP 7 compatibility [fretzl]
  • New parameter $printHomeURL added to printGalleryIndexURL() function to hide the home-link if desired [fretzl - thanks to vincent3569]
  • Fix getParentBreadcrumb() where toplevel parent returned wrong page number[acrylian, fretzl]

Themes

  • Fix issue with gallery page number in Garland theme [fretzl]
  • Fix issue with Custom Homepage option in Garland theme [fretzl]

Plugins

  • Fix themeSwitcher plugin to work with new admintoolbox layout [acrylian]
  • Better layout of the site_upgrade plugin placeholder page and finaly got rid of the ugly placeholder image whose usage wasn't clear as no license was known [acrylian] (...)

Serious ImageMagick vulnerabilities discovered

In case you haven't heard about there were some serious vulnerabilites in ImageMagick discovered:

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.
Source: https://imagetragick.com

Since Zenphoto may use PHP Imagick for image processing you might be affected as well especially if you let third parties upload images to your site.

Since this a server side extension (...)

Zenphoto 1.4.12

This is a bugfix and minor security release.

General

  • Fixes a RFI and – on older PHP versions – possible LFI security issues on log downloads on the backend [acrylian - Thanks to Tim Coen/Curesec]
  • Zenphoto now consequently generates urls with a trailing slash. That is basically any url except for the single image page which normally uses a suffix. The .htaccess file includes new lines to always direct to the trailing slash url to avoid duplicated content because url's without it will still work. If you are not on an Apache server (like Nginx) that does not support htaccess your might need to setup something on your server yourself [acrylian - Thanks to Simounet for the htaccess addition]
  • The admin toolbox you get on your site frontend in the top right corner if loggedin has been modified to a fullwidth toolbar now. The reason is that especially on mobile themes/ small viewport sizes the old (...)

Third party theme: Paradigm 1.1 released

Olivier Ffrench has released an update of his responsive theme and also modified the look a bit. Take a look at the screenshots below or see the theme in action on his website.

index

Animation: Evolution of zenphoto (Gource Visualization)

Evolution of Zenphoto (Gource visualization)

Animated visualization since the move to GitHub 2011.

View on Youtube (Embedding not allowed sadly)

Author: Landon Wilkins

New in the showcase gallery: Genesis Farm and Gardens, Lorien Beijaert, The Outlook For Someday

Genesis Farm And Gardens
Genesis Farm And Gardens
 
Lorien Beijaert
Lorien Beijaert
 
The Outlook For Someday
The Outlook For Someday

Tacocat Zenphoto REST API

A JSON REST API for the Zenphoto