-
Gallery 3.0.7
Gallery 3.0.7 is now available! Yes, we were hoping that 3.0.6 would be the last release in the 3.0 line.. but thanks to Dhiraj Ranka and Shad Laws (a new Gallery core developer - woot!) we've uncovered two small security vulnerabilities that we'd like to patch up, because safety first! Please go ahead and update to 3.0.7 and then sit back and enjoy while we work hard behind the scenes to get 3.1 ready for you.
http://galleryproject.org/gallery_3_0_7
http://downloads.sourceforge.net/gallery/gallery-3.0.7.zip
2013-04-22 06:20:25 PDT by ckdake
-
Gallery 3.0.6 bug fix release available!
Gallery 3.0.6 is now available! This is likely to be the last release in the 3.0 branch of Gallery - next up we're going to 3.1 and making a lot of big improvements. But before we do that, we wanted to iron out a few kinks and update a few last libraries before we stop working on the 3.0.x code base. This upgrade will be fast and painless, go on.. do it!
http://galleryproject.org/gallery_3_0_6
http://downloads.sourceforge.net/gallery/gallery-3.0.6.zip
2013-03-20 06:13:57 PDT by ckdake
-
Gallery 3.0.5 Security Release Available
Gallery 3.0.5 is now available for download. It contains several security fixes as well as a handful of new features. The only major security issue involves someone malicious accessing a copy of Gallery 3 that is not yet installed, so if you already have Gallery 3.0.4 installed and configured there are no known major issues. However, as always we strongly recommend that you upgrade to the latest code. Go on, do it. It's fast and painless.
We'd like to thank the following individuals for responsibly reporting these security issues: Michael T. Boos, AMol NAik, Johannes Dahse, Sergey Markov, James 'albino' Kettle, and Johannes Dahse. For their efforts, they will each be receiving bounties of between $100 and $1000 for their help in making Gallery more secure.
http://gallery.menalto.com/gallery_3_0_5
http://downloads.sourceforge.net/gallery/gallery-3.0.5.zip
2013-02-22 06:50:06 PST by ckdake
-
Gallery 3.0.4 Security Release Available
After several extensive internal and external security audits which discovered 22 distinct vulnerabilities, we are releasing Gallery 3.0.4 as a security release. All of the issues require that someone with malicious intent either have an account with edit permissions, or trick a user with edit permissions into clicking on a malicious link. In most cases, this can only lead to a possible XSS vulnerability, but in several instances it allows arbitrary PHP code execution.
We thank the following individuals for reporting these issues: Chalk, Mateusz Goik, James 'albino' Kettle, Emanuel Bronshtein, and Sergey Markov. Due to their efforts, they will each be receiving bounties of $1000 for their help in making Gallery more secure.
http://gallery.menalto.com/gallery_3_0_4
http://downloads.sourceforge.net/gallery/gallery-3.0.4.zip
2012-06-12 11:34:27 PDT by ckdake
-
Gallery 3.0.3 and Gallery 2.3.2 Security Rele
Gallery is an online photo album organizer. Whether for small personal sites or large community sites, Gallery provides an intuitive way to blend photo management seamlessly into any website. Serving millions worldwide, Gallery is the most widely used system of its kind. Gallery is free to download and use.
We're releasing both Gallery 3.0.3 and Gallery 2.3.2 as security releases. Several researchers, working independently, discovered possible encryption-related vulnerabilities. Low-risk XSS vulnerabilities limited to the administration area were also reported. We thank the following individuals for reporting these issues: James 'albino' Kettle, George Argyros & Aggelos Kiayias, and Emanuel Bronshtein. The CVE id for these issues is CVE-2012-1113.
http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2
http://downloads.sourceforge.net/gallery/gallery-3.0.3.zip
2012-04-11 08:24:29 PDT by ckdake
