Thanks once again to James Bercegay from GulfTech Security Research for tipping us off to a security vulnerability in Gallery 2.0.3 and the 2.1 release candidates. Your installation is only vulnerable if you have the register_globals PHP setting enabled. If you're vulnerable, an attacker can use this to execute a "local inclusion" exploit, or run code that's already on your server. This is especially dangerous if you allow upload privileges to users you don't trust, and your g2data directory is in a predictable location. We have released Gallery 2.0.4 and 2.1-RC-2a to fix this vulnerability, but it's also very easily patched by hand if you don't want to install a complete update. Read on for more details on how to quickly secure your Gallery install.

This vulnerability affects all versions of Gallery 2.x, but Gallery 1.x is not affected. If you're using Gallery 2.x we strongly recommend that you upgrade or secure your Gallery installation as soon as possible!

Note: As with 2.1-RC2, if you have problems with this release candidate please discuss them in the Gallery 2.1 RC2 Forum Topic. Thanks!

Thanks for your continued support! Read on for more details...

Gallery 2.0.3 is now available for download. This release adds no new features. It fixes a minor XSS exploit and an exploit in the session code that could allow users to remotely delete session files. These security flaws were discovered during an independent audit by James Bercegay from GulfTech Security Research who reported them to us and worked with us to provide an appropriate solution. There are no known exploits of these flaws in the wild. However we strongly recommend that you upgrade to version 2.0.3 as soon as possible. Please follow our upgrading instructions and download and install the latest release.

Thanks for your continued support! Read on for more details...

Gallery 1.5.2-pl2 is now available for download. This release fixes several things:

• A very major data loss issue with the zip download component. If a zip file is not successfully created, Gallery 1.5.2 and Gallery 1.5.2-pl1 will try and delete many more files than they should.
• A very minor security problem where a user with write access to a server could create a specially formatted file, coerce someone with owner privileges in the Gallery to click on a specially formatted link, which could modify stored album data and possibly lead to local code execution. We thank Tom Saville (seregon at bughunter dot net) and his team from Digital Armaments for reporting this to us and giving us time to get a patch out.
• Several other minor bugs.

We strongly recommend all Gallery 1.5.2 users upgrade immediately to 1.5.2-pl2 to avoid losing data on your webserver! Download Gallery 1.5.2-pl2 from the Gallery Download Page.

The Gallery Project wishes to thank the OpenUsability Project for its support of Gallery.