![[G2]](/themes/gmc/images/badge_g2_16.png){kind=icon}
Improve performanceGallery 2.0.3 Security Fix Release
Submitted by bharat on Thu, 2006-03-02 08:25
Gallery 2.0.3 is now available for download. This release adds no new features. It fixes a minor XSS exploit and an exploit in the session code that could allow users to remotely delete session files. These security flaws were discovered during an independent audit by James Bercegay from GulfTech Security Research who reported them to us and worked with us to provide an appropriate solution. There are no known exploits of these flaws in the wild. However we strongly recommend that you upgrade to version 2.0.3 as soon as possible. Please follow our upgrading instructions and download and install the latest release.
thanks for the heads up!
Whatn is the impact on 2.1 Rc1?
edit: last line "upgrade to 2.0.3"
Error??? In teh news??? I don't see it!!!! ;)
_________________________________
Support & Documentation || Donate to Gallery || My Website
Status for 2.1: one of the two fixes in this patch release is already in 2.1-RC-1, the other is in current CVS / nightly snapshots now and will be in 2.1-RC-2 next week.
Great upgrade! Always like it when security fixes are being done, gives me a good feeling ;) Keep it coming!
eeettt wasss feeeexed! they were super fast and stealth-like :O
Either way, i'm glad to see they're very on top of these fixes. I love this team/project!
Version 2.0.3-1 of the Debian gallery2 package was uploaded to Debian unstable in the evening (EST) on Thursday, March 2, 2006 and will be made available as of the archive run in the afternoon (EST) on Friday, March 3, 2006.
--
Debian gallery package maintainer
I upgraded to 2.0.3 after having installed a nightly of 2.1rc1. I don't recommend doing this as it didn't work for me.
Are the enhancements in 2.0.3 included in the current 2.1 nightlies?
________________________
~GAME ON!!
VENCO, read above regarding 2.1.
Right on! My bad...
Nice work on the everything guys. The program's been working excellent for me!
________________________
~GAME ON!!
Could someone please help?!
I updated my gallery-installation by cvs update -Pd
now the following errors appear when trying to update my cvs version of gallery: (I try to translate - my site is german)
step2:
I did an CVS-Update!
this I ignore, going to step 3:
o.k. what to do now? I already downloaded/unzipped PGtheme 1.0.RC7, that didn't help, also, I don't have any access to my gallery-administration (ony update screen comes up) to deinstall that theme - or do I have to delete all files of the theme by hand?
I dont't care about the theme, I don't use it, just installed to look at it.
please help!
thx.
(something rings in my head that I may have installed the RC1 of 2.1 instead to 2.0.30 when running the CVS command? So how to come back to 2.0.30 via cvs?)
ckuka:
try the G2 forums at http://gallery.menalto.com/forum/66
don't post here, you won't get any assistance and will only make things hard for people to read comments.
Great update, well done. Keep it coming!
lisa
We did.. go get 2.0.4!