Gallery v1.3.1 security and bugfix release
Submitted by bharat on Fri, 2002-08-02 19:00
We're happy to announce the general availability of Gallery v1.3.1. This is primarily a bugfix release targetted at fixing small issues that arose from new features added in v1.3 of Gallery. However, this release includes several SECURITY FIXES that address weaknesses in the Gallery code that can lead to a REMOTE EXPLOIT of your system. All Gallery users are recommended to upgrade to v1.3.1 as soon as possible. Please note that the security hole affects every version of Gallery available, including all 1.3.1 snapshot builds except v1.3.1-cvs-b13. Be safe: upgrade. It's fast and easy.
Summary of changes in this release:
Security
- Slideshow: did not require login
- Remote execution exploit
General bugfixes:
- Gallery Remote: temp file littering
- Thumbnail applet failed under some JVMs
- Wizard: incorrect dependency on __FILE__
- Slideshow: hidden photos caused off-by-one error
- Slideshow: bombed on albums containing only sub-albums
- NetPBM: wasn't using --quiet flag correctly
- Wizard: wasn't finding EXIF properly in all cases
- Captionator: nested albums caused off-by-one error with keywords
Improvements:
- Captionator: large performance increase
- Now we work with register_globals off
For more detailed information, you can read the Gallery changelog:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/gallery/gallery/ChangeLog?rev=HEAD&content-type=text/vnd.viewcvs-markup
regards,
The Gallery Dev Team
Summary of changes in this release:
Security
- Slideshow: did not require login
- Remote execution exploit
General bugfixes:
- Gallery Remote: temp file littering
- Thumbnail applet failed under some JVMs
- Wizard: incorrect dependency on __FILE__
- Slideshow: hidden photos caused off-by-one error
- Slideshow: bombed on albums containing only sub-albums
- NetPBM: wasn't using --quiet flag correctly
- Wizard: wasn't finding EXIF properly in all cases
- Captionator: nested albums caused off-by-one error with keywords
Improvements:
- Captionator: large performance increase
- Now we work with register_globals off
For more detailed information, you can read the Gallery changelog:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/gallery/gallery/ChangeLog?rev=HEAD&content-type=text/vnd.viewcvs-markup
regards,
The Gallery Dev Team