In response to a few register global related security issues in other web applications a security audit was performed on Ampache. We found that with register globals on a user could gain guest level access to your Ampache instance. This release closes this security hole and corrects some other minor issues with the 3.3.2 release.
This exploit specifically allows them to bypass the session requirements for the standard Ampache pages, however their user will have an acess level of 0 (Guest has 5). They will not be able to stream, download or access any admin functions but they can browse your catalog. This only affects you if you have registered globals turned on. In general it is recommend that you turn off register globals off. If you do not have access to the servers php.ini you can disable register_globals by creating a .htaccess file in your ampache root with php_value register_globals off.
