TikiWiki 1.8.4 is out! The files can be found at the usual location on Sourceforge. Tiki admins are strongly urged to upgrade to this version due to a vulnerability in versions 1.8 through 1.8.3 that allows individual wiki page permissions to be bypassed. Several path disclosure vulnerabilities have also been removed in the smarty_tiki area. Read on for more information regarding other bugfixes and enhancements, or visit ReleaseProcess184.
Version 1.8.4 - Polaris - * [FIX] individual wiki page permissions could be bypassed * [FIX] path disclosure vulnerabilities in the smarty_tiki area * [FIX] removing any parent categories of an object caused the object to become uncategorized even if there are other parent categories * [FIX] version conflicts related to wiki tag restorations * [FIX] wiki edit permission shouldn't depended on global wiki view permission even if individual permissions are assigned for a wiki page * [FIX] duplicate version numbers when editing wiki pages * [FIX] scrollbar of textarea jumped to the top after using a quicktag in Gecko-based browsers * [FIX] articles plugin ignored displayed 0 comments all the time * [FIX] default groups for users were displayed even when they were not set * [FIX] bugged display of the rating field when selecting article type "Review" * [FIX] workaround for environments where $_SERVER['SERVER_NAME'] is undefined * [MOD] added RSS feeds with optional authentication * [FIX] reply icons were displayed in forum threads even if user has no permission to post * [FIX] forum stats aren't updated after moving a thread (until someone enters the affected forum) * [FIX] broken find function for orphan wiki pages * [FIX] tracker categorization broken on tiki-admin_trackers.php * [FIX] avoid login problems when tiki-index.php is the DirectoryIndex * [FIX] current page was deleted without a trace when rolling back to a previous version, resulting in the inability to undo a rollback and a gap in version numbers * [FIX] CATEGORY() plugin couldn't handle type=directory or type=forum * [FIX] a forum home was selected even when none is set in Admin/Forums * [FIX] directory category removal function left zombie subcategories and member sites * [FIX] buggy wiki page edit-conflict feature * [FIX] users logging in from the Tiki homepage were not sent to their group homepages * [FIX] users logging in from any wiki page were redirected to the wiki homepage * [FIX] inner boxes created by embedding BOX plugins within each other had messed up line spacing * [FIX] author of a shoutbox msg changed to the shoutbox admin who edits the message * [FIX] name inputted by an anonymous user in Live Support was lost * [FIX] overlib tooltips in moreneat.css extended across the entire screen * [MOD] diff engine was replaced with LGPL code to avoid licensing issues