Here the communique that was sent to all Tiki users;

The Tiki Community has released updates to all current versions of Tiki Wiki CMS Groupware. These updates address a cross-site scripting vulnerability in Tiki (CVE-2016-9889). The updates also include many other fixes and improvements.

Special thanks to 0xExploit for the cooperation and assistance in reporting the security issue.

We highly encourage all Tiki administrators to upgrade their sites to the latest Tiki versions: Tiki 16.1, Tiki 15.3 LTS, and Tiki 12.10 LTS.

Visit to get the latest version.

Tiki Wiki Package picture
Download Tiki Wiki

Yesterday one of my customer asked me, "why so many version" ?
The" class="wiki wikinew text-danger tips">Tiki community offer extended support on LTS version so Admins and Webmasters are not rushed to update and can use several years the same version by just doing the minor update. It is a better way to control feature and regression in an Open Community system (all commit are welcome and there is no authority to control the project). They call it the "Tiki Way" and it seems to work for more than 17 years now.

With several update on serious website Tiki I maintain for my customer I can say that beside very minor CSS adaptation the update was done without problems. I don’t rely a lot on Tiki 12 but more on Tiki 15 and Tiki 16 and I’m very happy with" class="wiki wikinew text-danger tips">the improvements. Better response, less maintenance, better interface what else... Even as it is stamped "Dev" Tiki 16 it is a very solid release and the website you are looking at is Tiki 16 and it is good enough for production on my own business website.

So again you don’t have to think a lot and with security "we don’t play".
Update your Tiki: