Random Image
![[G2]](/themes/gmc/images/badge_g2_16.png){kind=icon}
Improve performanceGallery 1.5.2-pl2 Security Release
Submitted by ckdake on Tue, 2006-02-07 02:48
Gallery 1.5.2-pl2 is now available for download. This release fixes several things:
- A very major data loss issue with the zip download component. If a zip file is not successfully created, Gallery 1.5.2 and Gallery 1.5.2-pl1 will try and delete many more files than they should.
- A very minor security problem where a user with write access to a server could create a specially formatted file, coerce someone with owner privileges in the Gallery to click on a specially formatted link, which could modify stored album data and possibly lead to local code execution. We thank Tom Saville (seregon at bughunter dot net) and his team from Digital Armaments for reporting this to us and giving us time to get a patch out.
- Several other minor bugs.
Version 1.5.2-pl2-1 of the Debian gallery package was uploaded to Debian unstable in the afternoon (EST) on Wednesday, February 8, 2006 and will be made available as of the archive run in the afternoon (EST) on Thursday, February 9, 2006.
--
Debian gallery package maintainer
Thanks a lot! Was looking forward to this. Have to wait till the afternoon though ;)
I was mistaken. There was some sorte of BUG in my Appache.conf
There must be line:
<IfModule mod_mime.c>
AddCharset WINDOWS-1251 .cp-1251
AddCharset WINDOWS-1251 .cp1251
So the translation works fine!
please post support issues in the forums. Thanks!
I found the problem and make a note here:
http://gallery.menalto.com/node/44437
"A very major data loss issue with the zip download component. If a zip file is not successfully created, Gallery 1.5.2 and Gallery 1.5.2-pl1 will try and delete many more files than they should."
how in the gods name can you people afford writing - even more, _releasing_ code that deletes all the albumus
... yeah - all that "we're doing it for free, accept as it is" - don't you have any pride?
am not a dumbuser, know how to program and admin., a victim and very dissapointed
hope you learn from it,
peace
I'm sorry that you suffered a loss because of a mistake that we made. It's not a question of having pride in our product (which we do). It's a matter of putting enough process in place to test the code thoroughly before its released. We do this by releasing early and often, and reducing the amount of change as we get closer to release deadlines and increasing our test vigor. Unfortunately, due to the fact that our entire organization is volunteers we oftentimes do not get enough volunteers to do some of the more difficult and tedious aspects of the product release, namely doing black box testing. As a consequence, bugs occasionally slip through and they are difficult for us to prevent.
If you have concrete suggestions for ways that we could improve our process or attract more volunteers to help us with testing, we would be very happy to listen and incorporate them. You'll be happy to know that Gallery2 has well over 2000 unit tests that we use during our development and release process to ensure a very high level of quality. It was designed from the ground up to be the highest level of quality that we can manage.
blah blah. Instead of %itching about it you should have had nightly automated backup jobs scheduled for those "what if" scenarios. My server backs up my Gallery site, copies it to another local disk and then copies it to a network drive on a remote pc. Friend, you need to update your DR (Disaster Recovery) plans.
Yeah you got that right jpeadro. All by the way, its not that a major problem disaster. Im sure you people will find a nice solution for it.
hi! i have a question. when we can downland a polish leanguage pack for gallery 1.5.2-pl2?
please ask support questions in the forums. All language files that we have are available at http://sourceforge.net/project/showfiles.php?group_id=7130&package_id=96735
thx for answer. Polish leanguage is now avaible :]
Now still some other i need ;) Did you only needed the Polish one?