However, we didn't want to cause immediate worry by announcing the update right away with the security fix because NextGEN Gallery is active on well over one million websites. To follow in WordPress's steps taken with their update of 4.7.2, we decided to not disclose the vulnerability immediately. But now that it has been two weeks, well over one hundred thousand sites have been updated the plugin, so we have updated the official plugin changelog.
"We believe transparency is in the public’s best interest. It is our stance that security issues should always be disclosed. In this case, we intentionally delayed disclosing this issue by one week to ensure the safety of millions of additional WordPress sites." - WordPress Announcement
The second change is within 2.2.1 where we've made a few more fixes, and added a brand new template mechanism which will make it even easier to design custom templates for NextGEN Gallery display types. The new template system also carries over to NextGEN Plus and NextGEN Pro.
Backup Before Upgrading
Please consider backing up your site (both server files & MySQL Database) whenever updating plugins. Here are some backup recommendations.
Instructions
Download NextGEN Gallery from our WordPress gallery plugin page on WordPress.org or visit the Plugin page in your WordPress admin area to utilize the auto-update feature.
Changes in 2.2.1:
- NEW: Template mechanism for all display types
- NEW: Review notices
- Changed: Updated branding to Imagely
- Changed: Added the ability to click on a gallery title and have it open direct to Pro Lightbox
- Fixed: Problems with activation after initial installation
- Fixed: Don't display legacy shortcodes after creating new galleries
- Fixed: false positive malware detection notices against 'eval'
- Fixed: Various PHP notices and warnings
- Fixed: Issue with dynamic container height for Imagebrowser display types
Changes in 2.1.79:
- Secured: Resolved vulnerability with tag cloud displays
For the history of changes, view the full changelog.
Vitaly Dukhota
14 Mar 2017Yay! I was finally able to switch to PHP 7.1! Thank you and well done, Imagely 🙂