5.4.1 - 7th July 2026 ***Security Update***
Version 5.4.1 is a security update. The security issues were discovered after doing a security audit using the latest Claude Code Version (AI). There is one high level security issue (XSS). This issue can be exploted if the attacker has permissions to upload/edit images (uploading can be done in the frontend upload section, or in the joomla admin section). They can post/save javascript to some fields. The javascript will be executed when the site administrator views gallery content in the admin section. The malicious javascript can do many things that could lead to a site compromise. If you allow untrusted users to upload/edit images, it is highly recommended you update to the latest gallery version (5.4.1). If you can not upgrade now, it is recommended you turn off upload/edit permissions for untrusted users, then contact support about a solution.
- Security Fix #1028 XSS (High Level): If a user has the permission to upload/edit images in the frontend or backend, a lack of output escaping leads to a XSS flaw. Solution: upgrade to version 5.4.1, temporary solution: turn off upload/edit permissions for all untrusted users.
- Security Fix #1031 SSRF (Server-Side Request Forgery) (Low Level): If a user has the permission to upload/edit images in the frontend or backend, they can add a video by posting a video url. A lack of filtering on the video url allows the user to make server requests to domains that are not youtube or vimeo. No harmful content is downloaded.
- Security Fix #1030 Privilege Escalation (low Level): If an image is unpublished or has a restricted access level, and downloading of images is turned on in the profile settings, then the unpublished/restricted image can be downloaded by entering a specific url that bypasses the published/access check. Only image files from ignite gallery folders can be downloaded. Any public user can access the url.
- Improve Security Layers #1035: Add security recommendations by claude code to improve security layers: whitelist fields to be saved, filter and escape all urls and paths, validate files before downloading.
- Feature #1034: Add Bulgarian language support
- Bug Fix #1032: A-Z image ordering is incorrect when cloned images are in the gallery
- Bug Fix #1033: Webp extension is not stripped when filename is displayed.
- Feature #959: Add Multi-language support. Please see this page for full info.
- Feature #1024: Add advanced option to give more control where watermark settings come from.
- Bug Fix #1027: When gallery is shown directly in lightbox (from menu image click), Fix lightbox height too big on ipad/iphone.
- Bug Fix #1026: Make sure all database indexes are added when upgrading database (after component upgrade).
- Feature #959: Add Multi-language support
- Feature #959: Add Multi-language support
- Add Joomla 6 support. Version 5.3 of Ignite gallery works in Joomla 4/5/6
- Fix google reCaptcha not showing when lightbox fullscreen is enabled.
- Fix lightbox wheel events not working when lightbox is opened a second time.
- Fix frontend save order icons not showing when edit own is set to yes.
- Fix incorrect error message when tags search is empty.
- Add images to the search results
Content Plugin, Editor Button Plugin, Smart Search Plugins, Module, Custom Field Plugin
- Add Joomla 6 support. Version 5.3 of Ignite gallery works in Joomla 4/5/6
- Feature #1002: Add gallery option to choose ImageMagick as the image processor in PHP (Requires PHP 8.1).
- Feature #1007: Add support for animated PNGs. ImageMagick must be chosen in the gallery options.
- Improvement #1012: Local video files can now be added by inputing the filepath to the image details page.
- Improvement #1014: Update filepond uploader to 4.32.7, show thumbnail preview of the image in the uploader.
- Improvement #908: The watermark font file can now be uploaded/removed directly using the edit profile page.
- Feature #1010: Add gallery option to allow the mobile display to be active on tablets.
- Feature #1015: Add gallery option to use Open Street Maps as the GPS Location link.
- Bug Fix #1011: Fix google recaptcha challenge sometimes not showing in lightbox.
- Update #1016: Update mobile detect library to 4.8.9.
- Bug Fix #1017: Fix PHP warnings when using PHP 8.4 and when error reporting is set to Maximum.
- Improvement #1013: Menu image and watermark image have a link to delete them more easily.
- Feature #1000: Images are now resized using the Intervention Image library. If your PHP version is less than 8.1, the older image library will be used.
- Feature #1001: Add support for animated Gifs (requires PHP 8.1 or greater).
- Feature #998: Add profile option to show previous gallery and next gallery links below the gallery.
- Feature #995: Add profile ordering option, to order by gallery order number first, then image order number.
- Feature #997: Add a download link to download the image from the admin section.
- Bug Fix #999: Disable lightbox mouse wheel events on Mac OS, because they are not compatible with the Apple Magic Mouse.
- Bug Fix #994: Fix pagination links on gallery search results page (tagged gallery page) not working.
- Bug Fix #993: Fix depreciated warnings showing if PHP error reporting is set to Maximum.
- Bug Fix #992: Drag and drop re-ordering of images should be enabled by defualt.
- Bug Fix #991: Fix GDPR consent message not working correctly when lightbox fullscreen is enabled.
- Bug Fix #990: Fix pagination does not work in gallery module after updating to Joomla 4.4.7/5.1.3.
- Bug Fix #990: Fix pagination does not work in content plugin galleries after updating to Joomla 4.4.7/5.1.3.
- Feature #877: Add new custom field plugin. You can now add a Gallery to a Joomla article by using the custom field method. Please see this page for more info.
- Feature #971: Add option to add descriptions to multiple images in one task.
- Feature #962: Mousewheel events now change the lightbox image
- Change #948: Change cross icon to magnify icon (the open lightbox icon)
- Bug Fix #966: Database text encoding for new installs is now set to utf8mb4. This allows emoticons in the text. In the next version, the text encoding will be upgraded on all installs.
- Bug Fix #961: If 2 galleries have a different parent, they can now have the same url alias
- Bug Fix #976: When a youtube video is added, the no-cookie url should be used
- Bug Fix #973: Import from server task should created the resized images when the images are imported
- Bug Fix #970: Fix fatal php error when image is rotated and PHP 8.3 is used
- Feature #974: Add option to display most downloaded images
- Bug Fix #972: Fix fatal php error when module and Joomla multifactor login are used
- Bug Fix #955: Fix Pagination not working in module in version 5 of gallery
- Bug Fix #957: Content plugin should not run in Joomla admin to reduce conflicts
- Bug Fix #956: Fix conflict with JCE when editing frontend article
- Bug Fix #952: Don't index public images if the profile access is set to registered
- Bug Fix #951: Fix links are not correct when pagination in gallery is used
- Feature #946: Record the amount of times an image has been downloaded, and display it in the edit image page
- Bug Fix #949: Add Google reCaptcha to gallery comments for Joomla 5. In Joomla 5, the reCaptcha plugin is removed from Joomla. Now you can enter the reCaptcha keys to the gallery options. The gallery has not changed it's function when it works inside Joomla 4, it uses the Joomla reCaptcha plugin.
- Bug Fix #945: Fix Joomla 5 bug, display of some elements in Joomla admin template dark mode is hard to see.
- Bug Fix #950: Installer actions should run on the postflight hook, to reduce the chance of install being incomplete if an error happens.
- Feature #941: Add profile options to display the image owner name/username in the image description
- Feature #942: Add profile options to display/hide the "Show All" tag filter
- Feature #936: Add gallery advanced option to choose if canoncial tags are removed from src html
- Feature #938: The paths in the administrator/components/com_igallery/defines.php file can now be overridden (see comments in file)
- Bug Fix #944: If image is imported from server and kept in src folder, error when used as menu image
- Bug Fix #937: Fix image slider height when 2 galleries on the same page with different image heights
- Bug Fix #943: Fix 5.0 bug, tags cloud has a php error
- Bug Fix #933: Fix 5.0 bug, thumbnail on edit image details page has no max width
- Bug Fix #932: Fix 5.0 bug, tags sometimes not appearing in edit image details page
- Bug Fix #931: Fix 5.0 bug, fix compatability with yootheme templates
- Bug Fix #930: Fix 5.0 bug, watermarking images with font file has an error