1.7.7 backports some security problems addressed in Tikiwiki 1.8.2, mainly Path Disclosure, XSS and improved CSRF routines (thanks to http://gulftech.org). It is offered for Eta Carinae Tikis that don’t want to go to Polaris.
Damian Parker was the coordinator of this release.
Some links for more information about this release
- SF release info
Those on ReleaseNotes181 are the best available.
- Creation of index.php to prevent directory listing
- All libraries protect against being called directly
- var check cleaning
- Confirmation button on all destructive actions
- Updated robots.txt file for better search engine robot control.
- Removed tabs library because it’s not free -- mose