Piwigo 2.1.3 and vulnerability reporting
Piwigo 2.1.3 was released 6 days ago on September 14th 2010. It brings 2 new languages (فارسی and Latviešu, 28 languages now available), fixes several minor bugs, improves PostgreSQL compatibility but the main reason for releasing was the discovering of a few vulnerabilities.
On Twitter, I often search for “piwigo” related tweets and on September 11th I found several vulnerability reports. This was not cool at all. Vulnerabilities exist and you won’t find any web application 100% free of vulnerabilities. The problem is that from time to time the reporter prefers to make the vulnerability public instead of reporting it to Piwigo team. So please, next time please contact the Piwigo team for vulnerabilities found in Piwigo.
On the other side, Loïc Castel helped us to fix the bug and we publicly thank him for that!
