Security Update: 7th February 2013
A cross-site-scripting (XSS) exploit has been discovered in IP.Gallery. We are releasing a security update for versions 4.2.x and 5.0.x today to patch this issue.
Patching is very easy.
- Identify the version of IP.Gallery you are running.
- Download and unzip the appropriate patch file below that matches your version.
- Upload the contents of the zip to your /public/js directory, overwriting the existing file.
- When you apply the security update the bulletin in your AdminCP will still display. We keep the bulletin in place for at least a week after a security release.
- Our main software packages accessed via the client area have already been updated with this security update.
Our thanks to Mohamed Ramadan ( Attack-Secure.com / https://twitter.com/Attack_Secure ) for bringing this to our attention.