Bad news: Stefan Esser from the Hardened-PHP project found a security problem in DokuWiki's spellchecking backend which allows insertion of arbitrary PHP code. This is a serious flaw and you should fix this immediatly.
Users who don't use the spellchecking feature can fix the bug by simply deleting the lib/exe/spellcheck.php file.
Detailed infos on how to fix the problem properly are available at
The package available for download at http://www.splitbrain.org/go/dokuwiki
was fixed for this bug and another minor XSS bug described at http://bugs.splitbrain.org/?do=details&id=820