On deeper analysis of the ACL Manager security for
FS#1847 another security problem was identified.
The plugin does no checks against cross-site request forgeries (CSRF) which can be exploited to e.g. change the access control rules by tricking a logged in administrator into visiting a malicious web site.
A fixed DokuWiki version named 2009-12-25c was released and can be downloaded at
http://www.splitbrain.org/go/dokuwiki
The problem can be fixed manually by replacing the ACL Manager plugin in lib/plugins/acl with the fixed version provided at
http://www.dokuwiki.org/_media/plugin:acl-plugin.tgz and increasing conf/msg to 25.