A security flaw has been recently identified for 0.63 versions of Galette (https://bugs.galette.eu/issues/250 - CVE-2012-2338).

Updating your Galette version or the file that fix the flaw is strongly encouraged.

This vulnerability impacts all 0.63s Galette versions. Galette 0.7 as well as current development version are not concerned.

Problem has been solved, and a 0.63.4 version of Galette is available (changes concerns only the flaw):

Only one file must be changed on all concerned versions; you can get it here and replace the existing one in your installation (that way you do not need to upgrade the full code).

Please note that it is the very last change on 0.6x series (that are now EOL): development, support, etc for those versions will be discarded,

Galette 0.7 is now out from several months (and the next release is already on the rails); we strongly encourage you to update your old version ;)