In short 

I got two news - a bad one and a good one.

1. The bad news: we got reported about one more security issue in Image Uploader.
2. The good news: the problem occurs in version 4.5.70 only. All later builds (including version 5) are not affected by this problem.

Now let's see on this a bit more detailed.

Details 

Yesterday I got a message from Elazar Broad - a guy who have posted a security issue report on November. This time he reported that he tested build 4.5.70 and found the heap overflow issue in Action param. He created an exploit which runs calculator app when the page with Image Uploader is opened. You see this is a really serious problem. If hackers created an exploit, they would be able to run anything more dangerous than calc app.

I have bring it to attention of Image Uploader development team immediately. Few hours later we got a call from Computer World - they asked to hear our comments on this. As a result they have published an article about it.

Meanwhile during our investigation we found out that the problem does not affect the latest version. Looking at this more closely, we find out that it has been fixed in the build which was next to famous 4.5.70. After that hotfix release we have audited and refactored a lot of potentially buggy code, and managed to work it out without any clue that we have fixed such serious flaw.

Conclusions 

So everyone who have upgraded Image Uploader to 5.0 or at least to higher build than 4.5.70 can have no worries. Latest builds of Image Uploader (both 4.x and 5.x) are not vulnerable to the problem reported by Elazar. Also, version 3.5 is not vulnerable as well. 

If you have updated to 4.5.70 (or for some reason overlooked previous security update and did not get it), you should either update it to the most recent build of 4.x family or upgrade to version 5.0. Here are links:

• Image Uploader 4.6 SDK - you will find updated .cab file after SDK installation in C:\Program Files\Aurigma\Image Uploader 4.6 Dual\ folder (or wherever you install it).
• Upgrade FAQ with information about upgrade policy and links to appropriate online store items.

If you are not sure what is your version, do not hesitate to contact us.

What Next? 

We always take all these security challenges very seriously. This is only a second security flaw for 5-year history of Image Uploader. For these 5 years hundreds millions of people uploaded files through it, so we have to take care about it.

So both these security holes are the cause for us to look through all our code more thorough. We did make some refactoring after discovering the first security bug, but that time we had on a tight schedule - we was trying to release 5.0 within year 2007, so we stopped when made most obvious improvements. 

Now we have no heavy time limitations, so we are going to make detailed code review with heavy paranoid approach. As a result we will have a version (both 4 and 5) which will be more secure and reliable than ever.

So keep an eye on this and do not forget to update Image Uploader timely!

We are happy to annouce the release of a brand new product - Aurigma Photo Kiosk.

It's a stylish Web 2.0 digital print order application for .NET 3.0

Photo Kiosk was build with Windows Presentation Foundation technology, which adds some great features to the GUI:

- It's automatically scaled to any screen resolution with any aspect ratio

- Captions on controls can be specified via XML

- All graphics have a clear anti-aliased look.

Apart from that, Photo Kiosk has

- On screen keyboard for touch screens

- Great imaging functions

- Convenient wizard-based order process

To learn more about other great features that Photo Kiosk has to offer, I recommend seeing the brand new Photo Kiosk web site at http://photokiosk.aurigma.com

We are glad to announce the release of a new edition of Photo Editor.

Photo Editor Standard is a more affordable version ($399) which bears the Aurigma logo. This logo presence is actually the licensing option that differs it from the Photo Editor Private Label - ($949) which was the only version of Photo Editor available until now. Photo Editor Standard bears no functionality restrictions - you only have to show Aurigma logo to all your visitors - that's all!

We hope that the new Photo Editor Edition will make the product even more attractive for those willing to feature their website with a cool online photo editing solution.

Hello,

I have posted one more Aurigma Community project – Multiple Upload plug-in for WordPress. You could read about it in this post.

I think this plug-in is a good example of what we are (Aurigma team) moving to (one of our goals): we are making our products usage more simple that it is now. The first project was ASP.NET control when you could simply drag'n'drop it to the page, adjust its properties and ImageUploader insertion code created automatically. WordPress plug-in is the next step. You just copy its files to the plug-ins folder, activate it via administration panel and it starts working. What would be the next step? You could post your ideas about possible answer here.

I am wondering why we did not it much earlier, but it is better to do later than never. I have just created Aurigma community group on Facebook. Everyone who uses/used Aurigma products or just interested are welcome to join us!

Few days ago my colleague Fedor added a short blog post about ASP.NET wrapper control for our product Image Uploader. In fact this control starts the real implementation of our initiative we call Aurigma Forge. I would like to tell about it more detailed. Alex mentioned it earlier but I think it is a high time to give more information about it.

What is Aurigma Forge?

In short this is a series of open-source projects based on our products - Image Uploader and Graphics Mill. We publish these projects on our website and everyone can download them, use, modify, and of course share them with others. At the first step, we will develop them actively ourselves, but we highly encourage everyone to join us. 

How it works? 

It works very simple. For each product line we have a subforum on our forums called Community Projects. Everyone who want to submit a project just create a post with source code and some information about it (how to use it, etc). Other people who are interested to take part in this project just post replies and share with their modifications if necessary.

Currently there is the only one such subforum in Image Uploader block, but we plan to add Graphics Mill community project subforum in the near future.

Initially we planned to deploy source code repository like on sourceforge.net (yes, they inspired the initiative name :) ). But then we thought that it would complicate things. If projects become popular and there will be a lot of contributors, we will definitely make it available. But until then we decided to keep things simpler.

What kind of projects will be launched? 

You may wonder what kind of projects it can be. For now they are:

• Image Uploader related
  • ASP.NET wrapper control which radically simplifies Image Uploader usage for ASP.NET developers.
  • Plugins for different CMS systems like WordPress, DotNetNuke, Cyahoga, Joomla, etc. They will be more or less ready-to-use photo galleries. It may be interpreted as resurrection of Media Gallery product line with new contemporary vision.
• Graphics Mill related
  • Editor for photo gifts (mugs, t-shorts, etc)
  • Real-life app for business card editing (based on Advanced PSD addon)
  • Most of current demo apps - we hope for your feedback so that we could understand what to improve there.

If you have some ideas on other projects do not hesitate to post a comment! Any other feedback is welcome as well.

We have posted Image Uploader ASP.NET server control which simplifies ASP.NET development:

http://www.aurigma.com/Forums/yaf_postsm8174_Image-Uploader-ASPNET-Control.aspx#8174

We have noticeable reworked a portion of website related to Image Uploader pricing and licensing. Since Image Uploader licensing plans became more complicated, we have created a separate section which contains well-structured FAQ describing all possible options:

http://www.aurigma.com/Products/ImageUploader/Licensing.aspx

Also since a number of Image Uploader related online store items are getting exceed all reasonable limits, we have grouped them on the purchase page: 

http://www.aurigma.com/Products/ImageUploader/PricingLicensing.aspx

As always, I highly appreciate any feedback. If something is unclear here or you have any additional questions, do not hesitate to inform me. I will try to explain it better.