The Tiki Wiki CMS Groupware project has released a security patch for its stable and LTS (long term support) versions. Both versions are available for immediate download.
Tiki 8.3 includes bug fixes and security patches. Tiki 6.6 LTS includes only the security fixes. Both releases address a Cross Site Scripting vulnerability (first reported by Mario Gomes) and a Null Byte Injection vulnerability (first reported by Egidio Romano aka EgiX). Both vulnerabilities are exploitable only by users with full administrator permissions. Refer to the release notes and change logs for complete information.
All Tiki administrators are highly encouraged to upgrade to version 6.6 or 8.3. You can download these versions (and all other Tiki releases) from http://tiki.org/download .
Log in to post a comment.