Secunia advisory SA34321 — How critical?
Note: The WikkaWiki devs have released 1.1.6.7 to address this advisory.
Secunia recently issued a security advisory for WikkaWiki 1.1.6.6 (the most recent release). Secunia has identified this vulnerability as “less critical.” The Wikka devs have also extensively analyzed this exploit, and have determined that (1) the exploit does exist, and (2) the exploit requires that a user with administrator rights is logged in. So long as Wikka administrators are limiting access to their wikis to a trusted subset of users, we do not believe there’s an urgent need to limit access to existing WikkaWiki installations while we prepare a security update.
We have always prided ourselves on the attention we give to making Wikka one of the most secure wiki environments available, and will be releasing 1.1.6.7 in the very near future to address the issues raised in the Secunia advisory. In the meantime, we would suggest Wikka admins continue to exercise common sense and limit administrative access to only those users whom you explicitly trust.
[...] This version introduces no new functionality, but does address security issues raised in a recent Secunia advisory. All WikkaWiki users are encouraged to update to this latest [...]
Security release 1.1.6.7 now available at Wikka Developer Blog
15 Jun 09 at 7:34 am