*Please note: This notice affects Galaxy Tool Shed servers only. Galaxy
servers are unaffected.*
A security vulnerability was recently discovered by Daniel Blankenberg of
the Galaxy Team that would allow a malicious person to execute arbitrary
code on a Galaxy Tool Shed server. The vulnerability is due to reuse of
tool loading code from Galaxy, which executes "code files" defined by
Galaxy tool config files. Because the Tool Shed allows any user to create
and "load" tools, any user could cause arbitrary code to be executed by the
Tool Shed server. In Galaxy, administrators control which tools are loaded,
which is why this vulnerability does not affect Galaxy itself.
Although we recommend upgrading to the latest stable version (15.03.2), a
fix for this issue has been committed to Galaxy versions from 14.08 and
newer. If you are using Mercurial, you can update with (where YY.MM corresponds
to the Galaxy release you are currently running):
% hg pull
% hg update release_YY.MM
If you are using git, you can update with (assuming your remote upstream is
set to https://github.com/galaxyproject/galaxy/):
If you have not yet set up a remote tracking branch for the release you are
using:
% git fetch upstream
% git checkout -b release_YY.MM upstream/release_YY.MM
Otherwise:
% git pull upstream release_YY.MM
For the changes to take effect, *you must restart all Tool Shed server
processes*.
Credit for the arbitrary code execution fix also goes to my fellow Galaxy
Team member Daniel Blankenberg.
On behalf of the Galaxy Team,
--nate
Hello all,
*We are pleased to offer registration
<http://gcc2015.tsl.ac.uk/registration> and lodging
<http://gcc2015.tsl.ac.uk/logistics/#Lodging> scholarships for GCC2015 for
students and post-docs who are based in the United States, and who are
members of historically underrepresented groups in life science research.*
These scholarships cover registration costs
<http://gcc2015.tsl.ac.uk/registration> for any GCC2015 events
<http://gcc2015.tsl.ac.uk/proigramme> the recipients sign up for, and also
covers lodging <http://gcc2015.tsl.ac.uk/logistics/#Lodging> during those
events in the official conference lodging
<http://gcc2015.tsl.ac.uk/logistics/#Lodging> on the nearby UEA campus. *The
scholarships do not cover travel or other expenses.*
To apply for a scholarship qualifying applicants need to
1.
Submit a poster abstract <http://bit.ly/gcc2015sub>. *The deadline is
May 1*
2.
Have a faculty member / PI send a letter of recommendation to the Galaxy
Community Fund Board <community-fund(a)lists.galaxyproject.org> no later
than May 15.
3.
Submit an application form <http://bit.ly/gcc2015scholarship>, no later
than May 1.
4. Have sufficient funds to cover your travel and other expenses.
Applicants will be notified of their scholarship status no later than May
19.
Scholarships are funded by the *Galaxy Community Fund*. The Galaxy
Community Fund was established with the surplus funds from GCC2014, and is
currently administered by the GCC2014 organizers.
Please do let us know if you have any questions, and we hope to see you at
GCC2015 <http://gcc2015.tsl.ac.uk/>!
Galaxy Community Fund Board <community-fund(a)lists.galaxyproject.org>
--
http://galaxyproject.org/http://getgalaxy.org/http://usegalaxy.org/https://wiki.galaxyproject.org/