I apologize for the multiple downtimes the website has had in the last two weeks. There were a variety of issues that have (hopefully) all been resolved at this point. I doubly apologize for not warning y'all about this most recent downtime since I actually knew about it in advance. Read more for the details.

JoEllen Drazan has created an excellent visual tutorial for customizing Gallery. On her site she provides easy, visual instructions to show you how to go from a stock Gallery install to a thing of beauty like her Lord of the Rings Fan Site. If you're considering modifying your Gallery, you should check out what she's got!

PixelPoet has also created an excellent tutorial for customizing Gallery that demonstrates (among other things) how to put a right or left menu on any Gallery page. You should check out her work also!

And while we're at it, let's not overlook the tremendous job that Kommercial has done in creating and maintaining the Customizing and Hacks section of the Gallery User Guide! He has been working tirelessly to pull great hacks and mods out of the forums and make them readily available in the User Guide for everybody. Thanks, Kommercial!

Recently there was a post on BugTraq, a well known security mailing list that referred to a security hole in Gallery. You should read the post yourself, but the specific issue that the poster was refers to is the fact that on a shared webserver it's possible for other webserver users (ie, other customers of your ISP) to read and write your data files. In this article, I'm going to discuss in detail the problem, explain why this is not a Gallery specific issue, help you to understand if you're at risk, and outline the steps that you can take to increase your security.

Jason Trommeter writes "I've just started a new website called Scrapblog.com. I'd like to make it into a community photo gallery for people who have blogs and want to post photos, but aren't able to install Gallery on their own servers.". It looks pretty cool. Sign up and publish your photos with them!

This release is primarily aimed at fixing a variety of small bugs that have existed in Gallery for a few releases, as well as a couple of fairly serious bugs (including a very serious SECURITY bug that can lead to a remote exploit) that were introduced in the version 1.3.2. If you are using the 1.3.2 release we STRONGLY RECOMMEND that you upgrade to 1.3.3 as soon as possible to minimize the possibility of a web server compromise.

We have discovered (thanks to Michael Graff!) a security hole in Gallery 1.3.2 that can lead to a potential remote exploit of your web server by a malicious user. This hole has been patched in version 1.3.3 which will be available for download by midnight 12/27/2002 PST. If you are using the official Gallery 1.3.2 release, or a CVS release between Gallery 1.3.2 build 27 to Gallery 1.3.3 build 5 (inclusive), then we STRONGLY recommend that you upgrade to Gallery 1.3.3 or apply the security patch detailed below.