View Articles

Important Security Fix for all versions of Tiki

Author: gezza - Published

The Tiki Community wishes to alert all users of an important security fix included in the new minor releases of all supported versions of Tiki (14.2, 12.5 LTS, 9.11 LTS and 6.15)

In particular, there is a critical issue that could allow arbitrary code execution affecting the calendar feature.

All users should immediately upgrade their Tiki installations, and if that is not possible, at least disable the calendar feature, or at the very minimum make the calendar feature accessible only to trusted users, until the upgrade can be completed.

Downloads are available at: http://tiki.org/download

Thanks to Dany Ouellet (http://securesc.ca/) for reporting the vulnerability!

Tiki under attack

Author: Oliver Hertel - Published

Maybe you already found this domain partially unavailable this weekend. Some russian hackers are attacking tiki installations currently, trying to install spam and/or DoS bots. We are working at it and hope to have solved the problems soon.

Sorry for the inconveniences.

Details and quick fix here!

Tikiwiki security release

Author: Mose - Published

This release fixes a recently declared XSS vulnerability. Anyone using Tikiwiki 1.9.x should upgrade as soon as possible. This release only fixes the security flaw and doesn't include any new feature.

Security Fix

Author: Florian Gleixner - Published

Gulftech Research pointed us to a bug in the xmlrpc library. This bug can be used to execute any php code remote. This is a serious security flaw and we encourage you to either use a workaround or to install updated xmlrpc libraries immediately.

January Security Alert

Author: Damian Parker - Published

It has been brought to the security team's attention that yet more problems exist in TikiWiki; these are similar to the Christmas Alert, but affect a different directory. Everyone is required to read and take corrective action. If you do not take action you could lose your entire server!

Weihnachts Sicherheitswarnung: php injection

Author: mose - Published

Wichtiger Sicherheitshinweis für alle TikiWiki Administratoren und Entwickler, der alle Versionen von Tikiwiki betrifft: falls Sie ein Tikiwiki System betreiben, dann lesen Sie bitte die Einzelheiten dieses Beitrags, er enthält eine schnelle Lösung (eine Zeile in einer Datei) für ein Sicherheitsproblem.

  • «
  • 1 (current)
  • 2

Upcoming Events

No records to display