Gallery 2.0.2 Security Fix Release

Submitted by bharat on Wed, 2005-11-30 08:01
Gallery 2.0.2 is now available for download. This release adds no new features. It fixes a minor XSS exploit, a potential information leak and a file disclosure bug in the zipcart module that could allow remote visitors to view sensitive files on your webserver. These security flaws were discovered during an internal security audit of the Gallery 2 code, and there are no known exploits of them in the wild. However we strongly recommend that you upgrade to version 2.0.2 as soon as possible. If you're unable to upgrade right away we recommend that you disable the zipcart module until time permits you to upgrade. Please follow our upgrading instructions and download and install the latest release.
schultmc's picture
Submitted by schultmc on Wed, 2005-11-30 14:10.

Version 2.0.2-1 of the Debian gallery2 packages was uploaded in the afternoon (EST) of Tuesday, November 29, 2005 and was made available as of the archive run in the afternoon (EST) of Tuesday, November 29, 2005. These packages are currently available in Debian Unstable (Sid) and will propogate to Debian Testing (Etch) in the next two days.

--
Debian gallery package maintainer

htsolutions's picture
Submitted by htsolutions on Wed, 2005-11-30 14:42.

Another successful upgrade. Thanks!

Just wondering if there will be automatic upgrades in the future?

http://www.homtechsol.com/gallery2

Submitted by roniabirk on Wed, 2005-11-30 17:13.

Upgrade went 100% smoothly. Thanks! =)

Submitted by scaturan on Wed, 2005-11-30 22:23.

deployed the patch & upgraded my g2 sites went ok. no *.rej files. impressed, as always. :)

bharat's picture
Submitted by bharat on Wed, 2005-11-30 22:38.
hts wrote:
Just wondering if there will be automatic upgrades in the future?

Fully automatic upgrades are very tricky because of the limitations of web applications. But semi-automatic upgrades (where you trigger it from within G2) are definitely on our list. For Gallery 2.1, you should be able to upgrade modules from within the application itself. Upgrading the core will be harder, but work on it :-)

htsolutions's picture
Submitted by htsolutions on Thu, 2005-12-01 01:56.

The semi auto updates would be great and this is what I sort of meant. I like the idea of logging into gallery2 and being able to click an (upgrade) button. I know that this "auto update" is just icing on the cake because with or without it I'd still use gallery.

Submitted by Sumaleth on Wed, 2005-12-14 13:05.

What actions are performed by the 2.0.1->2.0.2 upgrade? I've figured out:

. unzip changed-files-core.zip
. unzip changed-files-zipcart.zip
. delete g2data/install.log
. delete docs/LOCALIZING
. delete g2data/cache/*
. update _version in the database from 1.0.0.1 to 1.0.0.2

Yet the upgrade script is still automatically coming up when I load Gallery. I'm trying to do the upgrade without using that upgrade script (this is for the Installatron G2 auto-installer).

What modifications am I missing?

Submitted by valiant on Wed, 2005-12-14 15:04.

for support questions, please refer to the support forums.

thanks.

Submitted by itsjustmeinc on Fri, 2006-01-20 05:00.

Ok I have an issue why can't uninstall Gallery 2?

Submitted by scaturan on Fri, 2006-01-20 05:10.

As far as uninstalling it, takes only about a minute. Just delete both Gallery 2 database using phpMyAdmin or through the control panel your hosting provides, and the g2data & install directories.

If you have issues with Gallery, create a forum post, not here. We'd like to know what you have to say about it in regards to your "uninstall" inquiry. :)

Submitted by Richard Aston on Sat, 2006-01-28 19:30.
itsjustmeinc wrote:
Ok I have an issue why can't uninstall Gallery 2?

Maybe your permissions are the server ones, and you cant delete that way? Do it manually otherwise, that will work.