We're happy to announce the general availability of Gallery v1.3.1. This is primarily a bugfix release targetted at fixing small issues that arose from new features added in v1.3 of Gallery. However, this release includes several SECURITY FIXES that address weaknesses in the Gallery code that can lead to a REMOTE EXPLOIT of your system. All Gallery users are recommended to upgrade to v1.3.1 as soon as possible. Please note that the security hole affects every version of Gallery available, including all 1.3.1 snapshot builds except v1.3.1-cvs-b13. Be safe: upgrade. It's fast and easy.

An alert system administrator for PowerTech an ISP in Norway discovered a security vulnerability in Gallery yesterday. This security hole is a serious one; with it a malicious user can install a backdoor on your system and gain shell access with the same privileges as your webserver user. It's important that you realize that there are malicious people exploiting this bug *right* *now*. Read through to the bottom of this email for a list of IP addresses of sites that we believe may already be hacked, and ways to detect if you've been hacked.

Please join us in welcoming Pierre-Luc Paour to the Gallery development team! He'll be taking over as the lead developer for Gallery Remote providing much needed bug fixes and feature enhancements to the Gallery companion product.

Bharat Mediratta will be speaking about Gallery at the O'Reilly Open Source Convention in San Diego on July 25th! If you're planning on attending the convention then...

We are pleased to announce that the Gallery 1.3 Official Release is now available.

We are pleased to announce that Gallery 1.3 Release Candidate 4 is now available. Changes from Release Candidate 3 are minor. They are as follows...