I released version 0.2.3 today (download from SourceForge). Just a security update wich blocks html-tags in comments.

Version 0.3 is just around the corner. When that is finished I will post for help on SourceForge, so keep a lookout if you want to get involved.

In the beginning of april a person claimed to have found a vulnerability in XodaGallerys administration.php You can find it here for example.

However, it seems to me that this person did not bother even having a look at the code. He claims that you can gain access trough the querystring in administration.php?cmd=Command as if it were including a file. The ?cmd= though, is only tested against static values - so I have a hard time to see this alleged vulnerability. If you have any ideas, please contact me.

I also think it’s really suspicious not to even file a bug here at sourceforge or contact me, only to spread the info on other places on the Internet.