Gallery 1.3.4-p1 security release
Date: Sunday, July 27 @ 22:28:18 CEST Topic: Security
We received email this morning from Larry Nguyen, an alert and responsible Gallery user who notified us about a cross-site-scripting flaw in Gallery. This security flaw can allow a malicious user to craft a URL that executes Javascript code on your website.
We estimate the security risk of this flaw to be relatively minor, however
we take all security issues very seriously. You can download patch
instructions or a complete version of Gallery including the new changes
from the Gallery download page:
http://sourceforge.net/project/showfiles.php?group_id=7130
For more information on the vulnerability, cross site scripting, and a
simple one-character-change quick fix please read the news story on the
Gallery website:
http://gallery.sourceforge.net/article.php?sid=82
regards,
Gallery Dev Team
|
|