We just released a Hotfix Release "2011-05-25a Rincewind". It contains the following changes: 1. Security fix for a Cross Site Scripting vulnerability. Malicious users could abuse DokuWiki's RSS embedding mechanism to create links containing arbitrary JavaScript. Note: this security problem is present in at least Anteater and Rincewind but probably in older releases as well. 2. Bugfix for encoding Non-ASCII mail subjects 3. Bugfix for the indexer. On certain PHP versions (5.2.0-8+etch11 is known) the fulltext search failed to work correctly with upper- or mixed case words To update your DokuWiki installation you can simply download the new tarball from http://www.splitbrain.org/go/dokuwiki and follow the usual update procedure described at http://www.dokuwiki.org/install:upgrade. Alternatively you can replace the following files with their counter parts at github: inc/parser/xhtml.php -> https://raw.github.com/splitbrain/dokuwiki/stable/inc/parser/xhtml.php inc/mail.php -> https://raw.github.com/splitbrain/dokuwiki/stable/inc/mail.php inc/indexer.php -> https://raw.github.com/splitbrain/dokuwiki/stable/inc/indexer.php VERSION -> https://raw.github.com/splitbrain/dokuwiki/stable/VERSION doku.php -> https://raw.github.com/splitbrain/dokuwiki/stable/doku.php If you are still running Anteater, we recommend updating to the above release. If this is not possible for some reason, you can fix the security problem by manually replacing the following files with their github counter part: inc/mail.php -> https://raw.github.com/splitbrain/dokuwiki/old-stable/inc/mail.php VERSION -> https://raw.github.com/splitbrain/dokuwiki/old-stable/VERSION Andi -- splitbrain.org -- DokuWiki mailing list - more info at http://www.dokuwiki.org/mailinglist