We strongly recommend all Tiki website administrators to upgrade their sites to the latest relevant Tiki version.
Thanks again to Roberto of the Release Team and several other developers working hard on the security and bug fixes, especially Jonny Bradley.
Special thanks to (in alphabetical order):
- Hanno Böck, freelance journalist and IT security professional (for reporting a bundled third-party vendor library which was outdated and contained an XSS vulnerability)
- Vignesh Chettiyar (for finding an XSS vulnerability in our custom module on the development web site)
- Chirag Mistry, security researcher (for reporting an XSS vulnerability found in one of the Tiki files)
For the full list of changes in Tiki 21.1, please see the Documentation. For the older versions read the changelog file bundled with the release.