Important Zenphoto 1.0.7 Release January 27, 2007

Categories:

Zenphoto 1.0.7 has been released tonight with one small change — an important security fix for a problem with upwards directory traversal using “..” as the album name. I’ve simply filtered it out (in two places) and it shouldn’t be a problem again. Thanks to nicosomb for reporting this on the forums.

Everyone using any previous version should upgrade as soon as possible, though no need to worry — there’s not much risk from this bug, only the possibility of seeing folder names (and nothing else) in your web site’s directories that are accessible to your user. No files can be opened, nor any applications exploited. But upgrade anyway :-)

RSS feeds!

All news (incl. all below except forum)
All general news (except themes, showcase, screenshots)
New releases and announcements
User guide
Extensions
Screenshots and screencasts
Themes
Showcase
Forum

Social networks

Join the Google Group!

zenphoto-announce
Release announcements and security alerts only (no support)
Subscribe right here:

Email:

Website powered by Zenphoto
Forum powered by Vanilla

Categories

Need project help?

Like using Zenphoto? Donate!

Important Zenphoto 1.0.7 Release January 27, 2007

RSS feeds!

Social networks

Join the Google Group!

Information

Legal stuff