Gallery 2.2.3 Security Fix Release
Gallery 2.2.3 is now available for download. This release adds no new features. It fixes critical application security bugs in the WebDAV and Reupload modules. If the WebDAV or Reupload modules are active in your Gallery we strongly recommend that you either disable them, upgrade them via Downloadable Plugins or perform a complete upgrade to version 2.2.3. Thanks go to Merrick Manalastas and Nicklous Roberts for reporting the issues to the Gallery Security team!
Gallery 2.2.3 is a small security upgrade from 2.2.2 and has the same requirements as 2.2.2. If you haven't upgraded to 2.2.x yet, please refer to the release announcement of Gallery 2.2 for highlights of changes and the requirements of the Gallery 2.2 release.
Read on for more details and upgrade instructions...
Is your Gallery installation affected? You can check whether the WebDAV or Reupload module is active on the Site Admin » Plugins page of your Gallery. If these module are not active, you can safely skip Gallery 2.2.3.
- Users of Gallery 2.2 or later versions can upgrade the WebDAV and Reupload modules via Downloadable Plugins from the official plugin repository. This is certainly the fastest and the easiest solution.
- Upgrading is quick and easy, but if you're upgrading from 2.1 or earlier there are a few things you should know first so be sure to scan the upgrading instructions. Upgrading from Gallery 2.2, 2.2.1 or 2.2.2 is even easier since you don't need to replace all your gallery2/ files, but changed files in the specific modules only.
- Unauthorized renaming of items possible with WebDAV (reported by Merrick Manalastas)
- Unauthorized modification and retrieval of item properties possible with WebDAV
- Unauthorized locking and replacing of items possible with WebDAV
- Unauthorized editing of data file possible via linked items with Reupload and WebDAV (reported by Nicklous Roberts)
Bounties - As part of Gallery's Bounty Program, Merrick Manalastas will receive a bounty of $500 and Nicklous Roberts a bounty of $200 for reporting the security vulnerabilities to the Gallery Security team. Please remember that to receive the full bounty you should report security issues to firstname.lastname@example.org and not make them public at all (not even in the bug tracker) before we had a chance to fix the issue.