Gallery

File Release Notes and Changelog

Release Name: 1.4.4-pl5

Notes:
Several days ago, Rafel Ivgi informed us of a possible cross site scripting  problem in current versions of Gallery. The problem and some similar problems discovered by our team has been addressed in Gallery 2 CVS as well as in this release of 1.4.4-pl5. 
As with most other cross site scripting problems, No risk is posed to the webserver itself or any non-Gallery data, but a Gallery install could be compromised using appropriate code.
In addition to the security fix, Gallery 1.4.4-pl5 uses the proper parameters for new versions of ImageMagick and fixes some warnings in the config wizard when using PHP 5.
All Gallery users are strongly urged to upgrade to 1.4.4-pl5 immediately, which fixes this problem and will secure your system.
Gallery 1.4.4-pl5 can be downloaded from the http://sourceforge.net/project/showfiles.php?group_id=7130

Changes:
2005-01-25  Chris Kelly <ckdake@users.sf.net> 1.4.4-pl5

        * 1.4.4-pl5 Release

2005-1-25  Jay Rossiter <cryptographite@users.sf.net>  1.4.4-pl5-cvs-b3

        * Fix: PHP5 added to setup/.htaccess

2004-1-24  Jay Rossiter <cryptographite@users.sf.net>  1.4.4-pl5-cvs-b2

        * Fix: ImageMagick 6.0 auto-detection

        * Fix: missing "global $gallery;" in AlbumDB could cause warning messages
          on PHP5

2004-1-24  Jay Rossiter <cryptographite@users.sf.net>  1.4.4-pl5-cvs-b1

        * Fix: Correct unsanitized user-input