News

FEATURED

Zenphoto 1.4.14

This is a bugfix and security release.

The security issue affects specifially the third party phpmailer library used by the PHPMailer plugin. More info on that on https://github.com/PHPMailer/PHPMailer/releases. You basically could only be affected if you use this plugin as the mailing facility via the contact_form plugin for example.

General

  • Zenphoto now exposes only the general Zenphoto version and the script generation time within the html comment at the bottom of  front end theme files. Formerly it also exposes some server related data like the graphic lib and which plugins are being used.
    This was of course to help us supporting on the forum as we would get an some base information about the install even if those haven't been provided. But of course it might give more information than necessary to (...)

zenphoto-404-helpers

Plugins for the Zenphoto open-source gallery that makes 404 pages more useful for end users. Contains two plugins:

  • redirect on 404: redirects the browser to the correct image or album if a matching item is found in the database.
  • search on 404: sarches for possibly related images or albums based on the current URLs

These plugins can be use separatly, or together.

zenphoto-archive-days

Plugin for the Zenphoto open-source gallery that enables the Archive page to drill down to days, not just months

zenphoto-daily-summary

Plugin for the Zenphoto open-source gallery that generates a daily summary of image uploads.

zenphoto-geotagger

Helper page for Zenphoto, enabling the geotagging of photos already uploaded to the gallery

zenphoto-bulk-tagger

Helper page for Zenphoto, enabling the bulk tagging of images and albums based on search criteria.

Docker-Zenphoto

The popular picture gallery CMS for Docker.

Zenphoto vagrant

This is a Vagrant project to quickly setup a virtual machine with a ready-to-install Zenohoto instance.

This project uses Vagrant multi machine feature, therefore two different providers are available:

  • VirtualBox: Default with an Ubuntu (14.04) Trusty 64bit virtual machine.
  • DigitalOcean: Default with an Ubuntu (14.04) Trusty 64bit virtual machine.

Zenphoto 1.4.13

This is a minor bugfix release. 

General

  • Follow-up fixes regarding the new dirty form check on the backend [fretzl]
  • Some fixes regarding PHP 7 compatibility [fretzl]
  • New parameter $printHomeURL added to printGalleryIndexURL() function to hide the home-link if desired [fretzl - thanks to vincent3569]
  • Fix getParentBreadcrumb() where toplevel parent returned wrong page number[acrylian, fretzl]

Themes

  • Fix issue with gallery page number in Garland theme [fretzl]
  • Fix issue with Custom Homepage option in Garland theme [fretzl]

Plugins

  • Fix themeSwitcher plugin to work with new admintoolbox layout [acrylian]
  • Better layout of the site_upgrade plugin placeholder page and finaly got rid of the ugly placeholder image whose usage wasn't clear as no license was known [acrylian] (...)

Serious ImageMagick vulnerabilities discovered

In case you haven't heard about there were some serious vulnerabilites in ImageMagick discovered:

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.
Source: https://imagetragick.com

Since Zenphoto may use PHP Imagick for image processing you might be affected as well especially if you let third parties upload images to your site.

Since this a server side extension (...)