Zenphoto 1.4.11
1 December 2015
Zenphoto version 1.4.11 is now available (security release).
Upgrading to Zenphoto 1.4.11
Zenphoto 1.4.11 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Zenphoto updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Zenphoto install to test the 1.4.11 upgrade prior to applying it live. Get started managing your Zenphoto installations with Installatron
What's New in Zenphoto 1.4.11
This is a bugfix and security update.
General
- Fix some XSS and LFI issues on the backend [acrylian, trisweb – Special thanks to John Page aka hyp3rlinx]
- Fix wrong number of un-published images in Gallery statistics [fretzl, acrylian]
- Fix wrong order display in image/album search date archives if sorting was set to "title" [acrylian]
- Fix dymanic album issue that could result in inability to rename titles etc. [acrylian]
- Fixes issue with image watermarks if Imagick is enabled [fretzl, acrylian]
Themes
- basic: Some formatting [fretzl]
- zenpage and zpmobile: Correctly display language flags or language select dropdown [fretzl]
Plugins
- security_logger: Removes really bad logging of failed logon attempt passwords in cleartext. The exposed passwords might be wrong for this site but might potentially be right elsewhere as users tend to confuse passwords from several services or are lazy with secure ones. Especially in combination with the logged user name this presents potential hackers directly a lot of sensitive data [acrylian – Special thanks to Oliver Dietz]
- sitemap-extended: Option to reference the full image instead of cached sized images if the Google image/video extension is enabled [acrylian]
- html_meta_tags: Add og:image sizes to cacheManager [acrylian]
- class-video: Update getID3 library [fretzl]