Posted on: 01/17/11 07:22am
By: ::Ben
dokuwiki.org just released a Security Fix for Anteater
This security update fixes problems in the XMLRPC interface where ACLs where not checked correctly sometimes, making it possible to access information that should not have been accessible. This only affects users who have enabled the XMLRPC interface (default is off).
This update also includes a fix that caused errors in the general ACL checking function that could be exploited to gain access to restricted pages in rare conditions.
If you want to manually update, replace
lib/exe/xmlrpc.php with https://github.com/splitbrain/dokuwiki/raw/stable/lib/exe/xmlrpc.php
inc/auth.php with https://github.com/splitbrain/dokuwiki/raw/stable/inc/auth.php
And increase the $updateVersion variable in doku.php to 30.
::Ben