Community @ The Turning Gate

Support community for TTG plugins and products.

You are not logged in.

#1 2017-12-01 00:25:40

samosa
Member
Registered: 2015-09-07
Posts: 15

security patch

Can I just check how I best install the security patch released for CE gallery earlier this month?

I've downloaded CE4-Gallery-6110.zip and revealed CE4-Gallery-2.lrwebengine

Do I simply replace the similarly named webengine in the path (on a Mac)  Users/username/Library/Application Support/Adobe/Lightroom/Web Galleries/   with the new lrwebengine?

Am I going to lose any gallery or other settings by doing this?

Anything else I need to do to ensure the workflow is identical to before?

Offline

#2 2017-12-01 00:50:07

rod barbee
Moderator
From: Port Ludlow, WA USA
Registered: 2012-09-24
Posts: 13,606
Website

Re: security patch

you won't lose anything.
Installation: http://ce4.theturninggate.net/docs/doku … web_engine
When unzipped, the name of the web engine should be CE4-Gallery.lrwebengine. Don't allow the named to be changed in the unzipping process. See the documentation: http://ce4.theturninggate.net/docs/doku … gine_names

I suggest first deleting the existing web engine and then copying the latest version into the \Web Galleries\ folder.


Rod 
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 1.1.1 test site, Pangolin test site

Offline

#3 2017-12-01 07:07:52

samosa
Member
Registered: 2015-09-07
Posts: 15

Re: security patch

Thanks Rod. I hadn't realised that in unzipping, a number "2" had been added (because the original was also in my downloads folder). So that's saved me a problem. Thank you.

SO, now that I've replaced the lrwebengine on my computer, to actually apply the security patch do I need to upload or export something from the web module of LR onto the hosting server?  If so, what? Or was the potential security flaw on my computer fixed by replacing the lrwebengine?

Offline

#4 2017-12-01 07:27:34

rod barbee
Moderator
From: Port Ludlow, WA USA
Registered: 2012-09-24
Posts: 13,606
Website

Re: security patch

If using Publisher, then re-export your template and upload it, replacing the existing one.
If not using Publisher, then re-export and upload all galleries

the security flaw is not in your computer, it would be on the web site. According to Matt's blog post:

These updates address a potential security exploit in the download.php file handling image downloads.


Rod 
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 1.1.1 test site, Pangolin test site

Offline

#5 2017-12-01 09:23:14

Ben
Moderator
From: Melbourne, Australia
Registered: 2012-09-29
Posts: 3,397

Re: security patch

The security patch only applies to standalone galleries that don't use Publisher.  For those, they will need re-exporting and uploading.

If you are using Publisher then there is no need to change anything on your server.  Publisher-managed galleries do not suffer from the vulnerability.

Offline

#6 2017-12-02 03:04:50

samosa
Member
Registered: 2015-09-07
Posts: 15

Re: security patch

Thanks both. All my galleries have been uploaded from LR using Publisher. Sorry, I'm not very technical on these things but it sounds from Ben's advice that I need not do anything. Although if I've understood Rod's advice, I should upload the template again.

Offline

#7 2017-12-02 03:09:29

rod barbee
Moderator
From: Port Ludlow, WA USA
Registered: 2012-09-24
Posts: 13,606
Website

Re: security patch

From what Ben says, you don't need to do anything.


Rod 
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 1.1.1 test site, Pangolin test site

Offline

Board footer

Powered by FluxBB