We're releasing both Gallery 3.0.3 and Gallery 2.3.2 as security releases. Several researchers, working independently, discovered possible encryption-related vulnerabilities. Low-risk XSS vulnerabilities limited to the administration area were also reported. We thank the following individuals for reporting these issues: James 'albino' Kettle, George Argyros & Aggelos Kiayias, and Emanuel Bronshtein. They will be receiving bounties for these issues. Read our Bounties page for details and how to submit any security issues you find. The CVE id for these issues is CVE-2012-1113.

We recommend that all users of Gallery 2 and Gallery 3 upgrade as soon as possible.

Researchers at Carnegie Mellon University are using Gallery to learn more about how people use access-control permissions in online photograph sharing systems.

If you would like to contribute, please take their survey http://www.surveygizmo.com/s3/666856/Gallery-Usage which should take less than 5 minutes to complete.

Check out this forum topic for more details.

The Xotof Team have been busy working on their Gallery 3 Client, getting it to as many users as possible.

Xotof already works on your favorite Android phones and tables, and they have just received approval to run on the Amazon Kindle Fire.

If you're a Gallery 3 user with an Android device or a Kindle Fire, head over the Android Market or Amazon Appstore and give Xotof a try.

Adam Minchinton and Magne Zachrisen just released a Beta version of their upcoming Gallery 3 Client for Android: Xotof.

Like Gallery 3, they focused on usability and simplicity and the app looks pretty fun and easy to use with most of the UI focusing on your photos. Check out their website for more details or post bugs on their forum.

Here's a quick summary of the major features:

• Supports multiple gallery installations
• Smart caching, and loading of images
• Zoom/Pan images
• Inbuilt slide show
• Uploading of single or multiple images
• Robust connection handling
• Honeycomb support

The 2011 Gallery Developer Conference ended last weekend in Atlanta, and we had a blast while getting a lot done. Your donations paid for room and board while we talked about all things Gallery and hacked a bit on Gallery 3. Some notes were written on the walls, a few photos were taken, and the end results are some things you're going to like:

• Much progress was made on Gallery 3.0.2 (Codenamed 'Coldlanta' after the unusually pleasant Atlanta weather). From it's roadmap there is currently just one ticket to go which is a permission model change that should make a lot of people happy!
• We pushed all other tickets back to a "3.2" release and selectively pulled things into 3.1. Gallery 3.1 is focusing on things that users and themers have asked for, and it's roadmap is looking pretty reasonable. Expect momentum here to pick up as soon as 3.0.2 is out.
• Lots of wiki 'cruft' on the wiki on this domain was removed or moved over to codex.gallery2.org, and a lot of maintenance was done on existing content to make it easier to find some things people often are looking for.

Whether it's via IRC, in the forums, or in the Gallery 3 issue tracker, please keep your feedback coming! Every change we make to Gallery 3 is a direct response to something you need.