For some days we have been working on fixing security flaws reported by third party analysts. As always in such case, release is quickly prepared and holes filled.
Here is then the version 1.9.9 of Tikiwiki (1.10 version, still pending or its own release, is fixed in cvs).
As this upgrade fixes various security holes, you are strongly advised to upgrade any 1.9.x tiki (or earlier) that you have at hand, and call your friends to spread the word.
Hopefully, this tamtam method will not be necessary anymore in future releases, because 1.9.9 introduces a new feature which alerts admin (optionally as always) of available new releases upstream.
Please read the details about this release on http://tikiwiki.org/ReleaseProcess199
and get the source on http://sourceforge.net/project/showfiles.php?group_id=64258&package_id=112134&release_id=563456
Thanks for the help of redflo and nkoth that participated in the release process, and others that contributed to this version code.
Thanks also to the analysts that reported the flaws: Jesus Olmos Gonzalez, from http://isecauditors.com and Mesut Timur, from http://www.h-labs.org
cheers,
mose