This issue affects all known versions of Galaxy.
Exploitation of reflected XSS vulnerabilities typically requires some coordination, but the consequences of exploitation can result in data or account exposure, so the risk of leaving the issue unfixed is moderate. Administrators of affected servers are encouraged to update immediately.
To apply the fix, first identify your current Galaxy release version using the `git branch` or `hg branch` commands. If you are on a 'release_YY.MM' branch, you can update with:
% git pull
% hg pull -u
The process above can also be used to update to the 15.07 release if you are on the 'master' git branch or the 'stable' hg branch. If you are on the 'master'/'stable' branch and wish to remain on your current Galaxy major release, check the 'lib/galaxy/version.py' file to determine your major release version, then update to the appropriate branch:
% git checkout -b release_YY.MM origin/release_YY.MM
% git pull
% hg pull
% hg update release_YY.MM
For the changes to take effect, YOU MUST RESTART ALL GALAXY SERVER PROCESSES.
On behalf of the Galaxy Committers,