[ apologies for the 2nd email in 2 days -- it's unfortunate that we have
two releases right around the same time ]
Gallery 2.1.2 is now available for download. This release adds no new
features. It fixes a minor information leakage in Gallery 2.1 and 2.1.1a
and a major session ID disclosure in all versions prior to Gallery 2.1.
Note that these flaws only affect installations where Gallery's storage
folder is accessible directly from the web, which we strongly discourage
during the installation process.
We recommend that you upgrade to Gallery 2.1.2 ASAP. For more
information including a quick security fix (that'll save you from having
to upgrade) please refer to: