Release Notes: Two small security vulnerabilities were fixed.
Release Notes: This is likely to be the last release in the 3.0 branch of Gallery; the next step is 3.1, with many big improvements. This release irons out a few kinks and updates a few last libraries before work stops on the 3.0.x code base. This upgrade should be fast and painless.
Release Notes: This release contains several security fixes as well as a handful of new features. The only major security issue involves someone malicious accessing a copy of Gallery 3 that is not yet installed, so if you already have Gallery 3.0.4 installed and configured, there are no known major issues. However, as always it is strongly recommended that you upgrade to the latest code.
Release Notes: This is a security release after several extensive internal and external security audits that discovered 22 distinct vulnerabilities. All of the issues require that someone with malicious intent either have an account with edit permissions, or trick a user with edit permissions into clicking on a malicious link. In most cases, this can only lead to a possible XSS vulnerability, but in several instances it allows arbitrary PHP code execution.
Release Notes: Several researchers, working independently, discovered possible encryption-related vulnerabilities. Low-risk XSS vulnerabilities limited to the administration area were also reported. The CVE ID for these issues is CVE-2012-1113. It is recommended that all users of Gallery 2 and Gallery 3 upgrade as soon as possible.