Support Forums | Demo Gallery [1.x] [2.x] | Downloads | News | Site Map ]
Nuked Gallery
  Create a FREE account or Login   As a guest, you don't have access to our FULL navigation system.
Gallery Releases
Gallery 3.0.1 security and bugfix release is available!

Posted on Sunday, January 23, 2011 @ 13:03:04 CST
Gallery 3.0.1 is available! This is a bug and stability fix release, but it also includes an important security fix. We strongly advise that you upgrade to Gallery 3.0.1 as soon as possible. Upgrading is quick and easy don't put it off! More details to learn what's improved in Gallery 3.0.1 or just download it now!

Security Fix

Vulnerability CVE-2010-4353
Gallery 3.0 (and beta versions) have a security vulnerability where users with upload permissions can bypass file type restrictions and upload files of any type to the remote system. This vulnerability only affects installations where you've granted upload permissions to users you don't fully trust. Those users could then gain remote access to your system. We strongly recommend that you upgrade immediately. However, if you wish to close the hole without upgrading you can replace or patch modules/gallery/models/item.php with a newer version.

  • Method #1: Replace item.php
    1. Download CVE-2010-4353.zip
    2. Unpack the zip file
    3. Replace modules/gallery/models/item.php with the version contained in the zip file
  • Method #2: Patch item.php
    1. Download CVE-2010-4353.patch.txt
    2. Move CVE-2010-4353.patch.txt into your gallery3 directory
    3. Run patch -p0 < CVE-2010-4353.patch.txt
    4. You should see the following output: patching file modules/gallery/models/item.php

We would like to thank Kriss Andsten for responsibly disclosing this security issue. Kriss is a valued member of the Gallery 3 community and he will be receiving a $400 cash reward as part of the Gallery Security Bounty program.

If you discover a security vulnerability in any Gallery product, please email security@gallery.menalto.com with the details and we will fix it as soon as possible and reward your efforts.

What's changed in Gallery 3.0.1?

This new release is primarily a bugfix and stability release. There have been over 277,000 downloads of Gallery 3.0 since we released it in October of 2010 and over 32,000 posts in our forums from active users. While the feedback has been overwhelmingly positive, you've certainly found a lot of bugs and rough edges! We worked through and closed over 95 tickets to make the product faster, more reliable and easier to use. We hope you like the results. Some of the highlights of this release include:

  • Considerable performance improvements to the REST module which is the technology that powers things like the Gallery Android App
  • Huge improvements in performance when tagging lots of photos
  • Compatibility fixes for Internet Explorer 6 and 7
  • Improved system detection to help identify problems when PHP is configured in a way that makes Gallery not work very well or not work at all.
  • Automatic version upgrade detection. Gallery will now alert you if there's a newer version of Gallery available, without sharing any of your Gallery information.
  • Completely rewrote the Organize feature to be fast and stable.
  • Fixed an important stability issue where a race between two users deleting photos and albums could result in database corruption which, while completely recoverable, is a pain to deal with.

Upgrading

Upgrading is really easy! Unpack the new version, move the var/ directory of the old version to the new version's folder and then either browse to: http://your-site.com/gallery3/index.php/upgrader or at a shell prompt: php index.php upgrade For more detailed upgrade instructions, please refer to the Gallery 3 User Guide

Roadmap

Looking forward, we intend to make some major changes in the 3.1 code base. We'd like to get Gallery embedded into content management systems like Drupal, Joomla, etc. We're also thinking about ways that we can overhaul and greatly improve the theme and authentication systems. If we discover issues in the 3.0.1 release that need a quick fix, we will probably spin up a 3.0.2 release for those.

Got feedback?

If you have any overall feedback, please visit the Gallery 3.0.1 Feedback forum topic and let us know! If you have questions, please visit the Gallery 3 Wiki, the home for Gallery 3 documentation.

· More about Gallery Topics
· News by dari


Most read story about Gallery Topics:
Updated Gallery Files for phpNuke 6.5


Average Score: 5
Votes: 2


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad



 Printer Friendly Printer Friendly

 Send to a Friend Send to a Friend





Sponsors: Dedicated ServersDomain NamesWeb HostingDomain Name RegistrationAustralian Web HostingNeckermannLook For GadgetsSwag Listings

10th year online! 2003-2013
Legal Use of this site consitutes agreement to the Acceptable Use Policy
Hosted by Implosion Works SourceForge.net Logo Theme by TonicMedia