Zenphoto 1.4.11

    This is a bugfix and security update.


    • Fix some XSS and LFI issues on the backend [acrylian, trisweb – Special thanks to John Page aka hyp3rlinx]
    • Fix wrong number of un-published images in Gallery statistics [fretzl, acrylian]
    • Fix wrong order display in image/album search date archives if sorting was set to "title" [acrylian]
    • Fix dymanic album issue that could result in inability to rename titles etc. [acrylian]
    • Fixes issue with image watermarks if Imagick is enabled [fretzl, acrylian]
    • Adds more autocomplete="off" to forms with password fields to avoid unnecessary form change warnings [fretzl]


    • basic: Some formatting [fretzl]
    • zenpage and zpmobile: Correctly display language flags or language select dropdown  [fretzl]


    • security_logger: Removes really bad logging of failed logon attempt passwords in cleartext. The exposed passwords might be wrong for this site but might potentially be right elsewhere as users tend to confuse passwords from several services or are lazy with secure ones. Especially in combination with the logged user name this presents potential hackers directly a lot of sensitive data [acrylian – Special thanks to Oliver Dietz]
    • sitemap-extended: Option to reference the full image instead of cached sized images if the Google image/video extension is enabled [acrylian]
    • html_meta_tags: Add og:image sizes to cacheManager [acrylian]
    • class-video: Update getID3 library [fretzl]


    • Dutch [fretzl]
    • German [acrylian]
    • Japanses [momo-i]
    • Russian [paulbuhtab]

    For questions and comments please use the forum or discuss on the social networks.

    Related items