Movable Type 6.0.6 release notes

This version of Movable Type was released December 10, 2014.

Movable Type versions 6.0.6, 5.2.11 and 5.18 were released as mandatory security updates. These updates resolve a vulnerability discovered in Movable Type’s XML-RPC interface (CVE-2014-9057). All users should upgrade to this latest release immediately.

Please see Securing Movable Type for additional steps to protect your installation.

Security patches

An issue involving possible SQL injection originating through the XML-RPC interface has been fixed. (#112625)

Note: Users who do not use XML-RPC and disabled the mt-xmlrpc.cgi script per instructions in Securing Movable Type are not vulnerable to this issue. We nevertheless highly recommend upgrading.

Resolved issues

Backup / Restore

When restoring from a compressed backup file, items included with the backup file were not being restored. (#112585)

Known issues

There are several known issues and restrictions with Movable Type 6. For more information, please see Movable Type 6 Installation Notes.

Acknowledgements

• Netanel Rubin from Check Point Software Technologies (#112625)

All bugs are documented through an external site. A FogBugz account is required in order to view case details.