|
This is the official website of Gallery, the open source web based photo album organizer.
Gallery gives you an intuitive way to blend photo management seamlessly into your own website whether you're running a small personal site or a large community site.
More: |
|
Gallery 3.0.4 Security Release Available!
Submitted by ckdake on Tue, 2012-06-12 18:11
After several extensive internal and external security audits which discovered 22 distinct vulnerabilities, we are releasing Gallery 3.0.4 as a security release. All of the issues require that someone with malicious intent either have an account with edit permissions, or trick a user with edit permissions into clicking on a malicious link. In most cases, this can only lead to a possible XSS vulnerability, but in several instances it allows arbitrary PHP code execution.
We thank the following individuals for reporting these issues: Chalk, Mateusz Goik, James 'albino' Kettle, Emanuel Bronshtein, and Sergey Markov. Due to their efforts, they will each be receiving bounties of $1000 for their help in making Gallery more secure. Read our Bounties page for details and how to submit any security issues you find.
We strongly recommend that all users of Gallery 3 upgrade as soon as possible.
» 9 comments | Read more
3rd Party iPhone App for Gallery
Submitted by ckdake on Thu, 2012-04-26 12:53
A team of developers has released a new version of their native iPhone/iPad app for Gallery 3.
viGallery allows you to manage your photos and albums straight from your iOS device.
Take a look on the app store: viGallery and on their info/support page.
It isn't open source and it does cost $4, but it looks like a nice way to work with Gallery 3 from your Apple devices. Read on for features and requirements.
» 3 comments | Read more
Gallery interview on SourceForge's 'The Anvil' Podcast
Submitted by ckdake on Wed, 2012-04-18 23:57
A week or so ago, Chris Kelly (ckdake) was interviewed on SourceForge.net's podcast 'The Anvil' about Gallery for the SourceForge.net Blog. Check it out: The Anvil Podcast: Gallery.
Gallery 3.0.3 and Gallery 2.3.2 Security Releases are available!
Submitted by ckdake on Tue, 2012-04-03 13:06
We're releasing both Gallery 3.0.3 and Gallery 2.3.2 as security releases. Several researchers, working independently, discovered possible encryption-related vulnerabilities. Low-risk XSS vulnerabilities limited to the administration area were also reported. We thank the following individuals for reporting these issues: James 'albino' Kettle, George Argyros & Aggelos Kiayias, and Emanuel Bronshtein. They will be receiving bounties for these issues. Read our Bounties page for details and how to submit any security issues you find. The CVE id for these issues is CVE-2012-1113.
We recommend that all users of Gallery 2 and Gallery 3 upgrade as soon as possible.
» 20 comments | Read more
Take a short survey on Gallery permissions
Submitted by ckdake on Thu, 2012-02-09 18:31
Researchers at Carnegie Mellon University are using Gallery to learn more about how people use access-control permissions in online photograph sharing systems.
If you would like to contribute, please take their survey http://www.surveygizmo.com/s3/666856/Gallery-Usage which should take less than 5 minutes to complete.
Check out this forum topic for more details.
Xotof 2, Now on the Android Market, Amazon Appstore, and Kindle Fire
Submitted by ckdake on Sat, 2012-01-14 20:11
The Xotof Team have been busy working on their Gallery 3 Client, getting it to as many users as possible.
Xotof already works on your favorite Android phones and tables, and they have just received approval to run on the Amazon Kindle Fire.
If you're a Gallery 3 user with an Android device or a Kindle Fire, head over the Android Market or Amazon Appstore and give Xotof a try.