For full changes, please refer http://www.piwigo.org/releases/2.7.4 and
related pages.
This release contains these security fixes.
* SQL injection CVE-2015-1517 reported by Schleier, Sven (KPMG Management
Consulting Singapore)
* SQL injection and XSS failures reported and corrected by Steffen Rösemann
Changelog:
2.5.3:
Bugs Fixed
0002967: [display] Album list management display enhancement, faster load
0002964: [configuration] zero should be allowed for the recent period
0002980: [other] Fatal error when renaming a group
0002977: [albums] move a public album into a private album may create inconsistent permissions
0002975: [template] Internet Explorer 7, album creation form is broken
0002974: [configuration] avoid deprecated errors
0002973: [metadata] missing characters from IPTC when using encoding windows-1252
0002970: [other] Division by zero on batch manager
0002934: [authentication] [Smartpocket ] Can't register
2.5.2:
Bugs Fixed
0002921: [tags] Can't create tags with special chars like ( + [
0002915: [synchronization] synchronization not really disabled
0002894: [albums] set as album thumbnail on picture.php does not apply to all users
0002895: [display] dark administration theme, plugins menu flashes
0002907: [albums] wrong number of sub-albums
0002917: [web API] [pwg.images.delete] if the photo is album thumbnail, blocking error on gallery
0002909: [users & groups] give permission on an empty list of albums produces SQL error
0002901: [photos] [Batch Manager] french, set author action, default value should disappear
0002899: [metadata] ability to allow HTML in EXIF/IPTC
0002896: [technical] Apply trigger render_element_description for thumbnail title (for picture description)
Technical changes
0002922: [technical] Add caseSensitive option to TokenInput (web form for tag creation)
0002929: [photos] [multiple size] strip metadata on configurable threshold
0002925: [template] new function theme_delete
2.5.1:
Bugs Fixed
0002892: [web API] [pwg.images.setInfo] empty tag_ids input parameter produces errors
0002865: [database] [mysqli] support for mysql sockets and port number
0002891: [navigation] unexpected flat parameter in home link on picture page breadcrumb
0002864: [authentication] open_basedir restriction and new password generator
0002887: [user comments] Comments accessible anonymously if comments author is known
0002861: [installation & upgrade] invalid password on manual upgrade
0002867: [template] [LocalFiles Editor] can't create new template-extension
0002881: [web API] [pwg.images.addSimple] undefined constant tags-assumed "tags"
2.5.0
Many changes include
User features
User comments: Email and Website added
Tag duplication
Pagination on albums
Batch manager: filter on dimensions
Group manager
Better looking icons
Connect with Facebook, Google, OpenID...
Temporary image while loading
51 languages
Physical vs virtual albums
Protection of original photos
Tag exclusion in quick search
IP address and sessions
Tecnical features
New web API explorer
increased security on passwords
mysqli library for MySQL
JSmin replaced by JavaScriptPacker
Sprite for flags
Sessions can store infos, errors and warnings
Add triggers on all main pages
Add template method to sort action buttons
jquery 1.8.3, jquery.ui 1.10.1
Earlier detection of mobile device
Triggers for login system
2.4.7:
Bugs Fixed
0002819: [template] Link problem in menu with smartpocket
0002843: [security] [install.php on Windows] improved security on temporary config file download (reported by htbridge and fixed in collaboration with Gjoko Krstic)
0002844: [security] increase security on LocalFiles Editor (reported by htbridge)
0002793: [technical] Fatal error: Cannot redeclare PclZipUtilPathReduction
0002797: [template] local css for "clear" impacts admin theme "clear"
