Release note / Piwigo 2.8.5

security fixes

Download Piwigo 2.8.5

Released on January 1st, 2017


The list of major changes is described on Piwigo 2.8.0 release note

Bugs fixed

Known issues

Featured added


Bugs fixed

595 / Technical

update PHPMailer to 5.2.21

575 / Security

CVE-2016-10083 Cross Site Scripting, reported by Shinkurt

574 / Security

File Inclusion with Possible RCE, reported by Shinkurt

573 / Security

CVE-2016-10085 File Inclusion Attack #2, reported by Shinkurt

572 / Security

CVE-2016-10084 File Inclusion Attack, reported by Shinkurt

Known issues

599 / Technical

fix PHPMailer smtp class loading when using SMTP transport


We recommend the automatic upgrade. If you're running version 2.2+, Piwigo will tell you which plugins may be not compatible with Piwigo 2.8 before upgrade.

If you're running Piwigo 2.8.x you can also download the archive that contains all new and modified files. Once you have extracted the files, transfer them onto your web server with a FTP client over your Piwigo 2.8.x installation. No database upgrade is required.

If you are running a version older than 2.8 and do not want to use the automatic upgrade, then follow the manual upgrade.