Download Gallery 2.2.6

Today Gallery 2 has been updated to version 2.2.6. Gallery is a server program that allows you to create online photo albums. It is written in PHP and therefore platform independent. Furthermore, the program is easy to install, easy to use and offers many possibilities. For example, there is the Photo Management option that can automatically create thumbnails, rotate and resize photos. In addition, it is possible to assign read and/or write permissions to the albums. Gallery exists in two separately developed versions, namely 1.x and 2.x. A very comprehensive comparison between the two can be this wiki are being found. In version 2.2.6 three security vulnerabilities have been fixed:

Gallery 2.2.6 addresses the following security vulnerabilities:

• Arbitrary file disclosure through archive upload module – Users with “add item” permission could retrieve any file on the server that is owned by the web server account. The problem is caused by incorrect handling of ZIP archives that contain symbolic links.
  The Gallery team would like to thank Alex Ustinov for bringing this issue to our attention.
• Insecure cookies over HTTPS – When accessing Gallery over HTTPS, cookies were missing the “secure” flag, leaving the connection vulnerable to cookie sniffing attacks.
  The Gallery team would like to thank Hanno Boeck for bringing this issue to our attention.
• XSS through malicious Flash files – Flash animations that are embedded in Gallery are no longer allowed to interact with the embedding page and are no longer allowed to open network connections.
  While this protects visitors of your Gallery from potentially malicious Flash animations, the Gallery team would like to use this opportunity to remind you that it is generally highly recommended to only allow trusted users to add any files to your Gallery.

[break]