Zenphoto

We just learned that an old "security issue" that was already reported to us last year was recently published:
https://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html 

We are not sure if this is the same reporter as we had contact with a security company and different person.  (Please see addition below). We didn't "fix" the issue but tightend it to only allow this for users with full admin rights. Users with these rights have lots of other possibilties to harm a site even without exploiting this vulnerability. We repeat our statement from the 1.5.7 release post again:

Uploading abritary like PHP files, any application/* mime type files and HTML files that may be directly executed is now forbidden for users with only theme rights or files rights. You need full admin rights for this now. This was (...)

Read more

In case you notice that translations are not working on your site: This is out of our hands. The reason is a bug in Apache's mod_perl module on some server configurations which conflicts with the native PHP gettext functionality we use for translations. For example our local development environment MAMP 6.3  is affected by this as well. We have no idea when this will be fixed or how similar software (XAMPP, WampServer, etc) or your host's server may be affected.

Translations work if the mod_perl module is disabled and Zenphoto does not require Perl. Should you notice this and have control over your server disable it or contact your host about it.

More info about this issue: https://www.claudiokuenzler.com/blog/1023/php-gettext (...)

Read more

A script to extract images from emails and add them to a ZenphotoCMS album by simply emailing them to a dedicated mailbox.

This is not a plugin and is needs to be used outside of ZenphotoCMS itself.

Antonio Ranesi has released version 2.1 of his theme Multiverse, now with OpenStreetMap plugin support and a standard image.php theme page. You can read all about it on the project page on https://www.antonioranesi.it/pages/multiverse-zenphoto-theme/.

The theme has also been added to our demo install.

A plugin to rearrange Zenphoto resources. Tidy Assets shifts all Zenphoto JavaScript items to the bottom of the body element, including inline scripts and optionally CSS resources as well. This can improve the user experience on their first visit to your site by delaying render-blocking resources.

This plugin has been developed starting from headConsolidator v1.4.3 by Stephen Billard (sbillard).

This is a bugfix and security release.

Developer note

This will be possibly the last 1.5.x release. We will only try to fix serious bugs. The 1.5.x release stream is therefore frozen now. The next release will hopefully be the planned "major release" we already mentioned several times. Due to serious time issues we can't afford to work on two release streams simultaneously anymore. That's why, from now on, we will concentrate our efforts on the next major release only. Note that almost everything we wrote on https://www.zenphoto.org/news/developer-note-the-mysterious-next-major-release/ still applies. Thanks for understanding.

Security

• Fixes XSS issue in /page/search/ parameters [acrylian – Thanks to gwen001]
• Fixes (...)

Read more

15 years ago the first version of Zenphoto was released. On to the next 15!

A simple plugin to display latest public images from a public Instagram accout.

A simple plugin to display latest public images from a public Flickr accout.