Release note / Piwigo 2.8.5

security fixes

2.8.5
Download Piwigo 2.8.5

Released on January 1st, 2017

md5sum

The list of major changes is described on Piwigo 2.8.0 release note

Bugs fixed

Known issues

Featured added

Upgrade

Bugs fixed

595 / Technical

update PHPMailer to 5.2.21

575 / Security

CVE-2016-10083 Cross Site Scripting, reported by Shinkurt

574 / Security

File Inclusion with Possible RCE, reported by Shinkurt

573 / Security

CVE-2016-10085 File Inclusion Attack #2, reported by Shinkurt

572 / Security

CVE-2016-10084 File Inclusion Attack, reported by Shinkurt

Known issues

599 / Technical

fix PHPMailer smtp class loading when using SMTP transport

Upgrade

We recommend the automatic upgrade. If you're running version 2.2+, Piwigo will tell you which plugins may be not compatible with Piwigo 2.8 before upgrade.

Automatic upgrade

If you're running Piwigo 2.8.x you can also download the 2.8.x_to_2.8.5.zip archive that contains all new and modified files. Once you have extracted the files, transfer them onto your web server with a FTP client over your Piwigo 2.8.x installation. No database upgrade is required.

2.8.x_to_2.8.5.zip

If you are running a version older than 2.8 and do not want to use the automatic upgrade, then follow the manual upgrade.

Manual Upgrade