The Flash file (imagerotator.swf) which drives the Flash slideshow in NextGEN Gallery's Basic Slideshow display type had a security vulnerability come to the surface.
Unfortunately the file in question is a 3rd party file, which we do not have control over. In addition, the original developer of the Flash file no longer supports it, so updating the file wasn't a possibility.
Removing The Flash Feature
With that said, we have decided to remove the Flash feature from the Basic Slideshow display type in NextGEN Gallery.
We take backwards compatibility seriously, and typically would not remove and features available in previous legacy version of NextGEN Gallery.
However, this is the only scenario where we would consider taking an action like this. We felt the severity of the situation called for removal of the Flash feature.
It is important to note that on top of the Flash file being unsupported Flash is not viewable on the majority of mobile devices, including iOS and recent Android operating systems.
What Happens To My Flash Slideshows
For those still using the Flash option in the Basic Slideshow display type, please know that we have designed it to now fail gracefully. That means that whether you are using the Insert Gallery Window or a shortcode, the slideshow will transform into a Basic Slideshow gallery using only javascript.
The advantage here is that your website's slideshow will load on all devices in addition to removing the file that contained the vulnerability.
But I Need Flash
If you are set on using Flash for whatever reason then you are welcome to roll back to a previous version of NextGEN Gallery. Please note, however, that because we do not develop the Flash file we cannot say for certain how long the vulnerability existed. You can download previous versions of NextGEN Gallery here and check out our roll back guide.
Update Today
There is an updated version of NextGEN Gallery ready in your WordPress admin. Please update today and you will notice an alert about Flash being removed. Dismiss the notice and you'll be all set.
If you're a previous Flash Slideshow users, please check your slideshows to see them now using javascript instead.
As always, if you have questions or concerns, please contact our support team. We are here to help!
