JoomlaWorks

The XSS vulnerability was discovered by Christian Grieger and was reported on GitHub here (on Jan. 29th, 2018): https://github.com/joomlaworks/simple-image-gallery/issues/10

The updated v3.6.0 was released the same day addressing this vulnerability (a $_SERVER['REQUEST_URI'] based XSS injection).

Since the print preview feature was slated for change, the offending code was removed and the print preview feature was enhanced allowing the gallery grid to be printed.

This update will also load one less CSS file (aka one less HTTP request) as the print CSS rules were combined with screen CSS rules.

Since this is both a feature and a security update release, we have maintained Joomla 1.5 support. Keep in mind that if you are on Joomla 1.5 it's important that you enable the "Mootools Upgrade" system plugin, otherwise the updated fancyBox lightbox script and any chosen jQuery library (1.8+) will conflict with the older (stock) Mootools included in Joomla 1.5.

Starting with the next update (v4), Simple Image Gallery (free) will be strictly compatible with the latest release of Joomla at the time.

DEMO

The JoomlaWorks demo site has been updated to use the latest Simple Image Gallery (free) release. See here: http://demo.joomlaworks.net/simple-image-gallery

DOWNLOAD

You can download this version by visiting the extension's page at: joomlaworks.net/simple-image-gallery/

UPGRADING

If you use the latest Joomla 3.x releases, this new update will appear in the Joomla extension updater. If you're using Joomla 1.5, you can simply upload the new version and it will overwrite the old one. After that step, visit the plugin's parameters page, check if everything is OK or adjust as needed and save the parameters.