The recently released TikiWiki 2.2 version is said to address some bug and security issues, just that we cannot provide any specific information on said bugs and security problems. The WikiTiki team is keeping this very hush-hush and has not released any details on the matter.

“Tiki 2.2 is a security & bugfix release of version 2.1. Updating to version 2.2 is highly recommended. In addition to several minor fixes and enhancements, the update provides two undisclosed security fixes,” says IT consultant Marc Laporte. The one person that can shed some light on the matter is Emanuele Gentili who has detected at least one security vulnerability within TikiWiki.

I can understand why a software company would not want to release any specific details about security flaws that affect their products. After all, you wouldn't want that kind of information floating around and reaching the wrong kind of people. But since the problems have been fixed, why not let us in on the specifics? The “keep quiet about it” tactic works when the company knows about the problem but wants to keep it under wraps so that people with malicious intent do not take advantage of it. But the thing is that a skilled attacker does not need to read security feeds to figure this stuff out.

The TikiWiki team has gone ahead and announced that a 3.0 version of the software will be released in the spring of 2009, most likely in April. Users can expect changes to user and admin interface, built-in themes, various webservices and better plugins.

TikiWiki was initially released back in 2002, on the 9th of October, under the official name of TikiWiki CMS/Groupware. The software is completely customizable and can be used for several applications ranging from from Internet forums to bug tracking.