News

FEATURED

Zenphoto 1.4.12

This is a bugfix and minor security release.

General

  • Fixes a RFI and – on older PHP versions – possible LFI security issues on log downloads on the backend [acrylian - Thanks to Tim Coen/Curesec]
  • Zenphoto now consequently generates urls with a trailing slash. That is basically any url except for the single image page which normally uses a suffix. The .htaccess file includes new lines to always direct to the trailing slash url to avoid duplicated content because url's without it will still work. If you are not on an Apache server (like Nginx) that does not support htaccess your might need to setup something on your server yourself [acrylian - Thanks to Simounet for the htaccess addition]
  • The admin toolbox you get on your site frontend in the top right corner if loggedin has been modified to a fullwidth toolbar now. The reason is that especially on mobile themes/ small viewport sizes the old (...)

Serious ImageMagick vulnerabilities discovered

In case you haven't heard about there were some serious vulnerabilites in ImageMagick discovered:

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.
Source: https://imagetragick.com

Since Zenphoto may use PHP Imagick for image processing you might be affected as well especially if you let third parties upload images to your site.

Since this a server side extension (...)

Third party theme: Paradigm 1.1 released

Olivier Ffrench has released an update of his responsive theme and also modified the look a bit. Take a look at the screenshots below or see the theme in action on his website.

index

Animation: Evolution of zenphoto (Gource Visualization)

Evolution of Zenphoto (Gource visualization)

Animated visualization since the move to GitHub 2011.

View on Youtube (Embedding not allowed sadly)

Author: Landon Wilkins

New in the showcase gallery: Genesis Farm and Gardens, Lorien Beijaert, The Outlook For Someday

Genesis Farm And Gardens
Genesis Farm And Gardens
 
Lorien Beijaert
Lorien Beijaert
 
The Outlook For Someday
The Outlook For Someday

Tacocat Zenphoto REST API

A JSON REST API for the Zenphoto

New on the showcase gallery: Confluent, Florida Public Archaeology Network, Botshol Psychotherapie

Confluent
Confluent
 
Florida Public Archaeology Network – Destination: Civil War
Florida Public Archaeology Network – Destination: Civil War
 
Botshol Psychotherapie
Botshol Psychotherapie

WordPress plugin "ZenphotoPress" revived

The WordPress plugin "ZenphotoPress" by Alessandro Morandi (Simbul) to embed images from Zenphoto into WordPress posts had been abandoned for some years.

It now has been revived by mrskhris and just got it first update. You find it as usual on the WordPress plugin repository: https://wordpress.org/plugins/zenphotopress/

Season's Greetings from Zenphoto

Wishing everyone a very happy holiday season and a new year full of good luck and happiness (and beautiful photos) for you and your loved ones. 

—The Zenphoto Team

logo-button-Xmas

P.S. – Keep watching this space! 2016 is going to be a good year for Zenphoto.

New in the showcase gallery: Bridge To The Stars; Chell's Roost; SanArena Rettungsschule