The Tiki Community wishes to alert all users of an important security fix included in the new minor releases of all supported versions of Tiki (14.2, 12.5 LTS, 9.11 LTS and 6.15)
In particular, there is a critical issue that could allow arbitrary code execution affecting the calendar feature.
All users should immediately upgrade their Tiki installations, and if that is not possible, at least disable the calendar feature, or at the very minimum make the calendar feature accessible only to trusted users, until the upgrade can be completed.
Downloads are available at: http://tiki.org/download
Thanks to Dany Ouellet (http://securesc.ca/) for reporting the vulnerability!