CALENDARSCRIPT IS NOT FREE SOFTWARE!
Registered users of CalendarScript received notification of this vulnerability shortly after it was found and fixed.

If you have not paid for your copy of CalendarScript, please do so.
Payment details can be found on the Pricing Page

Why Is The 3.21 Patch Important?

A security vulnerability was found earlier this year in the CalendarScript application -- in versions 3.2 and earlier.
It allowed malicious hackers to execute commands on web servers by going through a hole in the CalendarScript application.
Immediately after the bug was found, in February 2004, a patch was released (version 3.21) which fixed this bug.
There are now hackers actively crawing the web looking for sites to attack. It's vital that you upgrade.

How Do I Know If I'm Vulnerable?

If you downloaded CalendarScript after February, 2004, then you are safe. You downloaded version 3.21. If you downloaded and installed CalendarScript before then and haven't downloaded and installed version 3.21, then you are vulnerable and need to upgrade ASAP.
To check your version of CalendarScript, you can do one of the following:

Look at the source of calendar.pl. At the top, it will say the version number.
Check the readme.txt file. This file was included in the CalendarScript distribution, at the root of the directory tree. It should be in the same folder as calendar.pl, unless you've deleted it. At the top of this file, it will say the version.
Login to the Calendar Admin application, and go to "Feedback/Support" at the bottom of the main menu. At the bottom of this screen, it will say your version number. If you downloaded after February 2004, the number here might say 3.2 instead of 3.21. This was a problem that was fixed later, and the two methods above will be more reliable to tell your version number.

How Do I Upgrade?

The upgrade to version 3.21 can be found here: CalendarScript Downloads.

If you are running a version earlier than 3.2, you will need to first apply the upgrade patches under "Archived Downloads" to bring your version to 3.2, then install the patch to version 3.21.

Inside each version download, there is a file with instructions on how to perform the upgrade. Your data and customizations will not be lost in the upgrades. But it is very important to back up your files before applying the updates just in case.

If you have customized the source of calendar.pl or calendar_admin.pl, you can make the required security change manually.
In calendar.pl, change this function:

sub showScreen {
	&populateTemplateVariables();
	$template_dir = $BASE_DIR . "templates/calendars/" . $Config->get("template_dir") . "/";
	$template_file = $template_dir . $in{'template'};
	$template = &ASPLoadTemplate($template_file);
	&ASPEval($template,$template_dir);
	&ASPError($tmp_parsed_template) if $@;
	exit(0);
	}

to this:

sub showScreen {
	&populateTemplateVariables();
	$template_dir = $BASE_DIR . "templates/calendars/" . $Config->get("template_dir") . "/";
	$template_file = $template_dir . $in{'template'};
	unless (-e $template_file) { &FATALERROR(&getMessage("TEMPLATE_FILE_DOES_NOT_EXIST")); }
	$template = &ASPLoadTemplate($template_file);
	&ASPEval($template,$template_dir);
	&ASPError($tmp_parsed_template) if $@;
	exit(0);
	}

And in calendar_admin.pl, change this function:

sub showScreen {
	$template_dir = $BASE_DIR . "templates/admin/$admin_template_dir/";
	$template_file = &getFile($template_dir . $in{template});
	$Template::thisTemplate = $in{template};
	$template = &ASPLoadTemplate($template_file);
	&ASPEval($template,$template_dir);
	&ASPError($tmp_parsed_template) if $@;
	&exitGracefully();
	}

to this:

sub showScreen {
	$template_dir = $BASE_DIR . "templates/admin/$admin_template_dir/";
	$template_file = &getFile($template_dir . $in{template});
	unless (-e $template_file) { &FATALERROR(&getMessage("TEMPLATE_FILE_DOES_NOT_EXIST")); }
	$Template::thisTemplate = $in{template};
	$template = &ASPLoadTemplate($template_file);
	&ASPEval($template,$template_dir);
	&ASPError($tmp_parsed_template) if $@;
	&exitGracefully();
	}

However, I do not recomment this approach as there are a couple of other things included in the 3.21 update.

What If I Have Questions Or Problems?

If you have any problems or questions about upgrading, please use the Support Forum.

How Can I Be Notified Of Future Updates?

A notice of the vulnerability and the patch release was sent out via email in February 2004 to all users who have signed up for Email Updates. If you are not on this mailing list and would like to be, you can sign up using the form in Support. Only important security notices and release notices are sent to this mailing list, usually 1 or 2 a year. Your email address will remain private. I strongly encourage you to sign up for the list.