Important Security Fix for all versions of Tiki

Author: gezza - Published

The Tiki Community wishes to alert all users of an important security fix included in the new minor releases of all supported versions of Tiki (14.2, 12.5 LTS, 9.11 LTS and 6.15)

In particular, there is a critical issue that could allow arbitrary code execution affecting the calendar feature.

All users should immediately upgrade their Tiki installations, and if that is not possible, at least disable the calendar feature, or at the very minimum make the calendar feature accessible only to trusted users, until the upgrade can be completed.

Downloads are available at: http://tiki.org/download

Thanks to Dany Ouellet (http://securesc.ca/) for reporting the vulnerability!

Tikiwiki security release

Author: Mose - Published

This release fixes a recently declared XSS vulnerability. Anyone using Tikiwiki 1.9.x should upgrade as soon as possible. This release only fixes the security flaw and doesn't include any new feature.