A security vulnerability was recently discovered that would allow a malicious person to delete the contents of a history that does not belong to them. The vulnerability was in a method designed to allow users to switch between histories as a convenience from certain messages and is not used for most normal history switching operations. A fix has been provided in the stable branch of the Galaxy distribution and tagged as security_2013.04.08. Administrators are strongly encouraged to upgrade to at least the listed tag or to implement one of the provided workarounds. This changeset *is not* included in the most recent (April 1, 2013) stable release. To upgrade: % hg pull % hg update security_2013.04.08 For Galaxy installations on relatively old versions that administrators are not yet ready to upgrade, there are two workarounds. First, the patch can be downloaded and applied manually: % wget -o history.patch https://bitbucket.org/galaxy/galaxy-central/commits/883216b2eaf2ff05b7771f4e... and then: % hg patch history.patch or: % patch -p1 < history.patch In this case, the Galaxy server process(es) must be restarted for the change to take effect. Second, access to this method via the upstream proxy server can be denied. Note that anyone with the ability to bypass the proxy server via directly connecting to the Galaxy application's web port(s) would still be able to call this method. This is possible for anyone with direct login access to the server, or even remotely if the Galaxy application binds to all addresses (instead of just localhost) unless restricted by other means (e.g. a firewall). For Apache: <Location ~ "/history/switch_to_history.*"> Deny from all </Location> For nginx: location ~ /history/switch_to_history.* { deny all; } If using a proxy prefix (e.g. "/galaxy"), that prefix should be prepended to "/history". --nate Galaxy Team