Gallery 3.0.7 is now available! Yes, we were hoping that 3.0.6 would be the last release in the 3.0 line.. but thanks to Dhiraj Ranka and Shad Laws (a new Gallery core developer - woot!) we've uncovered two small security vulnerabilities that we'd like to patch up, because safety first! Please go ahead and update to 3.0.7 and then sit back and enjoy while we work hard behind the scenes to get 3.1 ready for you.
We need you! (Or maybe someone you know.) Gallery 3 is not available in many major Linux distributions via their package managers. We think it should be, but we don't have the time or know-how to make it happen. If you know a thing or two about Linux package management and have been itching to contribute to Gallery, now is your chance:
- RedHat/Fedora/etc have access to Gallery 3 via EPEL already. Hoorah!
- Ubuntu seems to only have Gallery 2: http://packages.ubuntu.com/quantal/gallery2
- Debian is missing Gallery 3 due to some licensing things that we need help sorting out. See the bug and the discussion for details.
- Gentoo seems stuck on Gallery 2: http://gentoo-portage.com/www-apps/gallery.
- And of course the 1000s of other Linux distributions out there...
If there is a way that you are not able to get Gallery where you would like to, or if you can help out with any of the above, please let us know here or hop on the gallery-devl e-mail list and let's make it happen!
There's been discussion among team members about trying to clarify the Gallery Project's identity. To those ends, the Project's web sites, gallery.menalto.com and codex.gallery2.org, have moved to www.galleryproject.org and codex.galleryproject.org.
After several extensive internal and external security audits which discovered 22 distinct vulnerabilities, we are releasing Gallery 3.0.4 as a security release. All of the issues require that someone with malicious intent either have an account with edit permissions, or trick a user with edit permissions into clicking on a malicious link. In most cases, this can only lead to a possible XSS vulnerability, but in several instances it allows arbitrary PHP code execution.
We thank the following individuals for reporting these issues: Chalk, Mateusz Goik, James 'albino' Kettle, Emanuel Bronshtein, and Sergey Markov. Due to their efforts, they will each be receiving bounties of $1000 for their help in making Gallery more secure. Read our Bounties page for details and how to submit any security issues you find.
We strongly recommend that all users of Gallery 3 upgrade as soon as possible.
A team of developers has released a new version of their native iPhone/iPad app for Gallery 3.
viGallery allows you to manage your photos and albums straight from your iOS device.
It isn't open source and it does cost $4, but it looks like a nice way to work with Gallery 3 from your Apple devices. Read on for features and requirements.