Hello everybody!
Bad news: Stefan Esser from the Hardened-PHP project found a security problem in DokuWiki's spellchecking backend which allows insertion of arbitrary PHP code. This is a serious flaw and you should fix this immediatly.
Users who don't use the spellchecking feature can fix the bug by simply deleting the lib/exe/spellcheck.php file.
Detailed infos on how to fix the problem properly are available at
http://bugs.splitbrain.org/?do=details&id=823
The package available for download at
http://www.splitbrain.org/go/dokuwiki was fixed for this bug and another minor XSS bug described at
http://bugs.splitbrain.org/?do=details&id=820
Regards,
Andi