Two high priority security vulnerabilities were recently discovered by
Eric Rasche and Manabu Ishii respectively. These vulnerabilities were
to cross site scripting and session fixation attacks. Detailed
of these categories of vulnerabilities can be found at:
Once the patch has been downloaded and copied to the root of your Galaxy
directory, it can be applied using the following patch command:
% patch -p1 < 2017augsecurity_1610.patch
% patch -p1 < 2017augsecurity_1705.patch
If you are having trouble applying the patch feel free to email
[hidden email] and we will try to help.
-Eric (on behalf of the Galaxy Committers)
Post script: this mail was intended to go out on Thursday the 24th of
August, however I failed to send it then. My apologies to the community,
it will be more timely in the future.
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at: