Support community for TTG plugins and products.
NOTICE
The Turning Gate's Community has moved to a new home, at https://discourse.theturninggate.net.
This forum is now closed, and exists here as a read-only archive.
You are not logged in.
Pages: 1
Can I just check how I best install the security patch released for CE gallery earlier this month?
I've downloaded CE4-Gallery-6110.zip and revealed CE4-Gallery-2.lrwebengine
Do I simply replace the similarly named webengine in the path (on a Mac) Users/username/Library/Application Support/Adobe/Lightroom/Web Galleries/ with the new lrwebengine?
Am I going to lose any gallery or other settings by doing this?
Anything else I need to do to ensure the workflow is identical to before?
Offline
you won't lose anything.
Installation: http://ce4.theturninggate.net/docs/doku … web_engine
When unzipped, the name of the web engine should be CE4-Gallery.lrwebengine. Don't allow the named to be changed in the unzipping process. See the documentation: http://ce4.theturninggate.net/docs/doku … gine_names
I suggest first deleting the existing web engine and then copying the latest version into the \Web Galleries\ folder.
Rod
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site
Offline
Thanks Rod. I hadn't realised that in unzipping, a number "2" had been added (because the original was also in my downloads folder). So that's saved me a problem. Thank you.
SO, now that I've replaced the lrwebengine on my computer, to actually apply the security patch do I need to upload or export something from the web module of LR onto the hosting server? If so, what? Or was the potential security flaw on my computer fixed by replacing the lrwebengine?
Offline
If using Publisher, then re-export your template and upload it, replacing the existing one.
If not using Publisher, then re-export and upload all galleries
the security flaw is not in your computer, it would be on the web site. According to Matt's blog post:
These updates address a potential security exploit in the download.php file handling image downloads.
Rod
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site
Offline
The security patch only applies to standalone galleries that don't use Publisher. For those, they will need re-exporting and uploading.
If you are using Publisher then there is no need to change anything on your server. Publisher-managed galleries do not suffer from the vulnerability.
Offline
Thanks both. All my galleries have been uploaded from LR using Publisher. Sorry, I'm not very technical on these things but it sounds from Ben's advice that I need not do anything. Although if I've understood Rod's advice, I should upload the template again.
Offline
From what Ben says, you don't need to do anything.
Rod
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site
Offline
Pages: 1