Welcome, Guest! Log In | Create Account

File Release Notes and Changelog

Release Name: 1.4.4-pl3

Notes:
Jim Paris discovered a few security problems in Gallery which have been addressed in this security release. The primary problem is a cross site scripting vulnerability which allows code to be inserted into a Gallery by using specially formed URLs. This code then appears to be part of the Gallery.

No risk is posed to the webserver-itself or any non-Gallery data, but a Gallery install could be comprimised using appropriate code.

All Gallery users are very strongly urged to upgrade to 1.4.4-pl3 immediately, which fixes this serious problem and will secure your system.

Gallery 1.4.4-pl3 can be downloaded from the http://sourceforge.net/project/showfiles.php?group_id=7130


Changes:
2004-10-28  Jay Rossiter <cryptographite@users.sf.net>  1.4.4-pl3-cvs-b2

        * Fix: Add GLOBALS to sensitiveList

2004-10-26  Jay Rossiter <cryptographite@users.sf.net>  1.4.4-pl3-cvs-b1

        * Fix: Security-related changes

 

About SourceForge

Find Software

Develop Software

Community

Help

Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use