Not a developer? Go to MovableType.com

Documentation

Movable Type 5.04 and 4.35 Release Notes

This version of Movable Type was released December 7, 2010.

Movable Type 5.04 and Movable Type 4.35 are mandatory security updates for all users. These updates resolve multiple vulnerabilities discovered in the previous versions of Movable Type 5.x and Movable Type 4.x.

Impact

A remote attacker could execute arbitrary code in a logged-in users’ web browser (XSS). A remote attacker could read or modify the contents in the system under certain circumstances (SQL injection).

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.35
  • Movable Type Open Source 5.04
  • Movable Type 4.35( with Professional Pack, Community Pack)
  • Movable Type 5.04( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.35

Other Security Fixes

Movable Type 4.35 and 5.04 also contain security fixes listed below.

  • Fixed issues in mt:AssetProperty and mt:EntryFlag tags.
  • Fixed an issue in the dynamic publishing error message.

Other Compatibility Fixes

Movable Type 4.35 contains fixes to resolve “PHP Deprecated” warnings that occur when mt.php is used in conjunction with PHP 5.3.0 and later.

Back