the newest version: whats new in Gallery v1.4.4 pl 3: "Jim Paris discovered a few security problems in Gallery which have been addressed in 1.4.4-pl3. The primary problem is a cross site scripting vulnerability which allows code to be inserted into a Gallery by using specially formed URLs. This code then appears to be part of the Gallery.
No risk is posed to the webserver-itself or any non-Gallery data, but a Gallery install could be compromised using appropriate code.