← Back to News

Jan 2016 Galaxy Release (v 16.01)

GalaxyProject

See the full release notes.

The Galaxy Committers team is pleased to announce the January 2016 (v16.01) release of Galaxy.

Galaxy administrators should also be aware of the

security announcements linked to below.

Highlights

Interactive Tours

The interactive tours framework allows developers and deployers to build interactive tutorials for users superimposed on the actual Galaxy web front end. Unlike video tutorials, these will not become stale and are truly interactive (allowing users to actually navigate and interact with Galaxy). Galaxy 16.01 ships with two example tours and new ones can easily be added by creating a small YAML file describing the tour. Try the Galaxy UI tour on Main.

Wheels

Galaxy’s Python dependencies have traditionally been distributed as eggs using custom dependency management code to enable Galaxy to distribute binary dependencies (enabling quick downloads and minimal system requirements). With this release all of that infrastructure has been replaced with a modern Python infrastructure based on pip and wheels. Work done as part of this to enable binary dependencies on Linux has been included with the recently released pip 8.

Detailed documentation on these changes and their impact under a variety of Galaxy deployment scenarios can be found in the Galaxy Framework Dependencies section of the Admin documentation.

Nested Workflows

Workflows may now run other workflows as a single abstract step in the parent workflow. This allows for reusing or subworkflows in your analyses.

Github

New
% git clone -b master https://github.com/galaxyproject/galaxy.git

Update to latest stable release
% git checkout master && pull --ff-only origin master

Update to exact version
% git checkout v16.01
BitBucket

Upgrade
% hg pull
% hg update latest_16.01
See the Get Galaxy page for additional details regarding the source code locations.

Deprecation Notices

Barring a strong outcry from deployers, 16.01 will be the last release of Galaxy to support Python 2.6. For more information, see Galaxy Github Issue #1596.



**Security Announcements**

Read/write arbitrary filesystem paths, arbitrary code execution

Multiple security vulnerabilities were recently discovered in Galaxy that allow malicious actors to read and write files on the Galaxy server. Additionally, Galaxy servers on which a rarely used feature has been enabled are vulnerable to an arbitrary code execution exploit.

This issue affects all known releases of Galaxy in at least the last 3 years. See the full announcement for details.

Tool Shed Security Vulnerability - Read/write arbitrary filesystem paths

Multiple security vulnerabilities were recently discovered in the Tool Shed that allow malicious actors to read and write files on the Tool Shed server outside of normal Tool Shed repository directories.

This issue affects all known releases of Galaxy in at least the last 3 years. See the full announcment for details.