Projects / Gallery / Releases / Major security fixes

RSS All releases tagged Major security fixes

  •  18 Sep 2008 15:00

Release Notes: This release fixes critical security issues. No new features have been added. Users of all previous Gallery 2 versions are strongly encouraged to upgrade to this version as soon as possible. Since this is a security release, it shares the same installation requirements as 2.2.5. If you haven't upgraded to 2.2.x yet, please review the Gallery 2.2 release notes for highlights of changes and the requirements.

  •  05 Aug 2008 18:07

Release Notes: This release fixes many security issues, some serious. It also resolves a handful of bugs and has some reorganization of the internal API. It is strongly recommended that all users of 1.5.7 and earlier upgrade.

  •  05 Aug 2008 18:05

Release Notes: This release comes with some great new features (e.g. Group Support and CAPTCHA), but contains incompatible changes with older versions of Gallery 1.

  •  12 Jun 2008 05:58

Release Notes: This release fixes critical security issues. No new features have been added.

  •  03 Jan 2008 10:03

No changes have been submitted for this release.

  •  30 Aug 2007 10:07

Release Notes: This release addresses the following security vulnerabilities: unauthorized renaming of items with WebDAV, unauthorized modification and retrieval of item properties with WebDAV, unauthorized locking and replacing of items with WebDAV, and unauthorized editing of data files via linked items with Reupload and WebDAV.

  •  21 Aug 2006 13:47

Release Notes: This release adds no new features. It fixes minor information leakage in Gallery 2.1 and 2.1.1a, and a major session ID disclosure in all versions prior to Gallery 2.1. Note that these flaws only affect installations where Gallery's storage folder is accessible directly from the Web, which is strongly discouraged during the installation process.

  •  11 Mar 2006 05:59

Release Notes: This release fixes a local file inclusion exploit in the upgrade and installation code.

  •  30 Nov 2005 03:45

Release Notes: This version fixes a file disclosure bug in the zipcart module, a potential information disclosure bug in the installer code, and a minor potential XSS exploit in the add-images-from-the-web code.

  •  14 Oct 2005 02:07

Release Notes: An input validation issue that could lead to remote file access on the Web server was fixed.

Screenshot

Project Spotlight

Query Interface

A Wordpress plugin for running database queries in the admin panel.

Screenshot

Project Spotlight

Centipede

A framework for writing command line applications in Java.