Tiki is een webbased Groupware en content management systeem en maakt gebruik van een omgeving met PHP, ADOdb en smarty. Het programma is ook bekend onder de pakkende naam TikiWiki. De ontwikkelaars hebben een nieuwe versie in de sirius-reeks vrijgegeven met 1.9.8.1 als het versienummer. Hierin wordt onder andere een beveilingslek in het onderdeel tiki-graph_formula.php opgelost zoals de onderstaande aankondiging ons laat weten:
A security flaw have been found in one file, you should consider upgrading immediately, get the new 1.9.8.1 version on Sourceforge. It is important that you upgrade, as there have been known incidents due to this vulnerability.
Version 1.9.8.1 - security release:
- tiki-graph_formula.php: [FIX] Potential security injection
- tiki-login.php: [FIX] quickfix for double-slash in URL problem after logging in (SSL used, some servers/configs). Things are much neater in 1.10 and it should not need fix there.
- tiki-view_tracker.php: [FIX]tracker: monitoring tracker in another language tw1370
- lib/graph-engine/: core.php, graph.bar.php: Adding support for hooks during data display.
- lib/polls/polllib_shared.php: [FIX] when poll is removed, link of poll to object should also be removed
- lib/Galaxia/src/ProcessManager/ActivityManager.php: [FIX] Activity manager fixed so it now shows activities for new workflow installations.
- lib/Galaxia/src/ProcessManager/ProcessManager.php: [FIX] Galaxia now cleanly and correctly deletes processes (pear db call was not provided argument); resolves several issues.
- lib/graph-engine/: core.php, gd.php, graph.bar.php, pdflib.php, ps.php: Adding image map generation in GD based graphics
