Gallery security patch

Get the patch from Menalto Gallery.

Doesn’t seem to be a nuke module version upgrade ready yet.

Menalto Gallery wrote:

Several days ago, Rafel Ivgi informed us of a possible cross site scripting (definition) problem in current versions of Gallery. The problem and some similar problems discovered by our team has been addressed in Gallery 2 CVS as well as in this release of 1.4.4-pl5.

As with most other cross site scripting problems, No risk is posed to the webserver itself or any non-Gallery data, but a Gallery install could be compromised using appropriate code.

In addition to the security fix, Gallery 1.4.4-pl5 uses the proper parameters for new versions of ImageMagick and fixes some small issues with PHP 5.

All Gallery users are strongly urged to upgrade to 1.4.4-pl5 immediately, which fixes this problem and will secure your system.

Gallery 1.4.4-pl5 can be downloaded from the Gallery Download Page.

Since securing 3rd party scripts is essential to keep from being hacked. Bumping to make sure any Gallery users out there see this.

upgrade for stand-alone or module installations: