Menalto comes up with Gallery v1.4.4 pl 3: upgrade recommended
Date: Wednesday, November 03 @ 05:50:58 CET
Topic: Add Ons


the developers of the Gallery-Team @ Menalto.com come up with the Gallery 1.4.3 -pl3 (Patch Level3) (demo)

the newest version: whats new in Gallery v1.4.4 pl 3: "Jim Paris discovered a few security problems in Gallery which have been addressed in 1.4.4-pl3. The primary problem is a cross site scripting vulnerability which allows code to be inserted into a Gallery by using specially formed URLs. This code then appears to be part of the Gallery.
No risk is posed to the webserver-itself or any non-Gallery data, but a Gallery install could be compromised using appropriate code.

All Gallery users are very strongly urged to upgrade to 1.4.4-pl3 immediately, which fixes this serious problem and will secure your system. Download 1.4.4-pl 3 from the Gallery Download Page at SourceForge [here]. Read more at Gallery.Menalto.com for more infos and instructions ."

the Download of Gallery v1.4.4 pl 3 on SourceForge Download Page







This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=3066