News

"screencasts": Installer et creer une phototheque avec zenphoto Dec 04, 2011

Album: Screenshots » screencasts
Installer et creer une phototheque avec zenphoto

Author: Conseils tourisme

"Showcase": travelog.gr Dec 01, 2011

Album: Showcase
travelog.gr

travelog.gr

"Showcase": Aidar Nov 30, 2011

Album: Showcase
Aidar

Aidar

"Showcase": bøsnervøs gitarrenduo Nov 25, 2011

Album: Showcase
bøsnervøs gitarrenduo

bøsnervøs gitarrenduo

"Showcase": Robert Strauch Nov 23, 2011

Album: Showcase
Robert Strauch

Robert Strauch

albumZipStream Nov 15, 2011

Categories:

Zenphoto 1.4.1.6 Nov 11, 2011

Categories:

This is a security update to the issues reported and the only change to Zenphoto 1.4.1.5 is the removal of the 3rd party Ajax File Manager tool as already discussed. Info about that here:

We urge anyone to upgrade. Download as always on our download page. If you access the file manager sub tab on the backend tab you will get a 404 not found. That is meant to happen.

This is a hotfix. The nightly builds have the file manage removed as well but are 1.4.2 beta already as the 1.4.1.x stream was actually (...)

Read more

Security alert - Part 2 (update 2) Nov 10, 2011

Categories:

Sadly we had to learn that the vulnerability we reported yesterday was apparenlty only one and the whole file manager tool seems to be unsecure unnoticed.

We are really sorry for the issues. But we neither have/had resources to do a deep security checks on used/adapted 3rd party tools nor to write everything ourself. We are dependend on those 3rd party tools to adapt. We are now searching for a replacement.

Therefore, we urge you all strongly to remove the file manager in queston completely from your installs. This possibly might affect releases beginning with Zenphoto 1.2.4 (or 1.2.1 if you use that with the then independent Zenpage plugin which included the file manager and tinyMCE (...)

Read more

ALERT - Security hole in Zenphoto 1.4.1.4 Nov 09, 2011

Categories:

We urge anyone to upgrade to Zenphoto 1.4.1.5 if still on 1.4.1.4 or older. The ajax file manager included in earlier versions had a security hole. This is 3rd party tool by phpletter.com we use for non gallery file management as a plugin for our text editor TinyMCE and standalone on the admin backend upload tab.

This security hole had been reported (ticket #2005) and fixed in 1.4.1.5. But since the last days several security sites flooded the web and twitter with notes about that we sadly learnt that someone apparently has been exploiting it hacking some sites now (we don't know what exactly this hack does):

  • (...)

Read more

New theme: grayscale_highlights Nov 07, 2011 Generally compatible – Unsupported and 3rd party

Album: Themes » grayscale_highlights

Developer:

The theme is designed for wide screen (1280px) and has a dark gray background (therefore the theme's name). There are 9 albums per page and 6 pictures par page. CSS3 is used to have a modern and light design.

grayscale-highlight_index
grayscale-highlight_image
grayscale-highlight_archive
grayscale-highlight_album