A new breed of Tiki has been released a week ago and the Tiki Community urge every user to update as it solve critical security issues. LTS (Long Term Services) versions are concerned, 12.x and 15.x, as well as the under going development 16.x branch so you got no excuses. With so many improvement and a few regression and bug fixes it is in your best interest to upgrade as those version not only contain security fixes but hundreds of small improvement, enhancement and regressions fixes.
The process is pretty smooth and doesn’t require that much knowledge thanks to the Tiki Install/Update process and your data will be safer as well as your files. As usual do backup of your database and if you feel it is too complicate for you ask from the Tiki Community for help, contact me or check the Tiki consultant list to have it done.
Here the communique that was sent to all Tiki users;
The Tiki Community has released updates to all current versions of Tiki Wiki CMS Groupware. These updates address a cross-site scripting vulnerability in Tiki (CVE-2016-9889). The updates also include many other fixes and improvements.
Special thanks to 0xExploit for the cooperation and assistance in reporting the security issue.
We highly encourage all Tiki administrators to upgrade their sites to the latest Tiki versions: Tiki 16.1, Tiki 15.3 LTS, and Tiki 12.10 LTS.
Visit https://tiki.org/Download to get the latest version.
Yesterday one of my customer asked me, "why so many version" ?
The https://tiki.org/" class="wiki wikinew text-danger tips">Tiki community offer extended support on LTS version so Admins and Webmasters are not rushed to update and can use several years the same version by just doing the minor update. It is a better way to control feature and regression in an Open Community system (all commit are welcome and there is no authority to control the project). They call it the "Tiki Way" and it seems to work for more than 17 years now.
With several update on serious website Tiki I maintain for my customer I can say that beside very minor CSS adaptation the update was done without problems. I don’t rely a lot on Tiki 12 but more on Tiki 15 and Tiki 16 and I’m very happy with https://doc.tiki.org/Tiki15" class="wiki wikinew text-danger tips">the improvements. Better response, less maintenance, better interface what else... Even as it is stamped "Dev" Tiki 16 it is a very solid release and the website you are looking at is Tiki 16 and it is good enough for production on my own business website.
So again you don’t have to think a lot and with security "we don’t play".
Update your Tiki: https://tiki.org/Download