Hello all,
The next GalaxyAdmins meetup will be Wednesday, November 20, at 10am US
Central time. See the meetup
page<http://wiki.galaxyproject.org/Community/GalaxyAdmins/Meetups/2013_11_20>
for
a link and directions for connecting to the meetup.
*GCC2013 GalaxyAdmins BoF Followup*
This is our first meetup since the GCC2013 GalaxyAdmins
BoF<http://wiki.galaxyproject.org/Events/GCC2013/BoF/GalaxyAdmins>
where
we discussed what the group should focus on going forward, and what the
Galaxy Project can do to support the group.
As suggested at GCC2013, followup to that discussion will be the main topic
for this meetup. We came out with several action items and one piece of
unfinished business (leadership).
Also, as suggested at the GCC2013 BoF, we would like to encourage
discussion in the week before the meetup. Therefore,
1. Please review the notes from the GCC2013 GalaxyAdmins
BoF<http://wiki.galaxyproject.org/Events/GCC2013/BoF/GalaxyAdmins>
2. Take a look at these two draft implementations of action items from
that discussion:
1. Galaxy Deployment
Pages<http://wiki.galaxyproject.org/Community/Deployments>
2. Galaxy Log Pages <http://wiki.galaxyproject.org/Community/Logs>
And, if you see anything that you want to comment on please reply to this
thread on the Galaxy-Dev list.
I'll update other actions as the call gets closer.
*Galaxy Project Update: Main moves to TACC*
Nate Coraor will give the project update, focusing on the recent move of
UseGalaxy.org to TACC.
We hope to see (well, hear) you there, and please don't hesitate to ask if
you have any questions.
Thanks,
Dave C.
--
http://galaxyproject.org/http://getgalaxy.org/http://usegalaxy.org/http://wiki.galaxyproject.org/
A security vulnerability was recently discovered by John Chilton with Galaxy's "Filter data on any column using simple expressions" and "Filter on ambiguities in polymorphism datasets" tools that can allow for arbitrary execution of code on the command line.
The fix for these tools has been committed to the Galaxy source. The timing of this commit coincides with the next Galaxy stable release (which has also been pushed out today).
To apply the fix and simultaneously update to the new Galaxy stable release, ensure you are on the stable branch and upgrade to the latest changeset:
% hg branch
stable
% hg pull -u
For Galaxy installations that administrators are not yet ready to upgrade to the latest release, there are three workarounds.
First, for Galaxy installations running on a relatively new version of the stable release (e.g. release_2013.08.12), Galaxy can be updated to the specific changeset that that contains the fix. This will include all of the stable (non-feature) commits that have been accumulated since the 8/12 release plus any new features included with (and prior to) the 8/12 release, but without all of the new features included in the 11/4 release. Ensure you are on the stable branch and then upgrade to the specific changeset:
% hg pull -u -r e094c73fed4d
Second, the patch can be downloaded and applied manually:
% wget -o security.patch https://bitbucket.org/galaxy/galaxy-central/commits/e094c73fed4dc66b589932e…
and then:
% hg patch security.patch
or:
% patch -p1 < security.patch
Third, the tools can be completely disabled by removing them from the tool configuration file (by default, tool_conf.xml) and restarting all Galaxy server processes. The relevant lines in tool_conf.xml are:
<tool file="stats/dna_filtering.xml" />
<tool file="stats/filtering.xml" />
The full 11/4 Galaxy Distribution News Brief will be available later today and will contain details of changes since the last release.
--nate
Galaxy Team