Not a developer? Go to MovableType.com

Documentation

Movable Type 6.1.3 release notes

This version of Movable Type was released June 22, 2016.

Movable Type versions 6.2.6, and 6.1.3 were released as mandatory security updates. These updates resolve a vulnerability discovered in Movable Type’s XML-RPC interface . All users should upgrade to this latest release immediately.

Please see Securing Movable Type for additional steps to protect your installation.

SECURITY PATCHES

  • [High] An issue involving possible SQL injection originating through the XML-RPC interface has been fixed. (#114037)

Note: Users who do not use XML-RPC and have disabled the mt-xmlrpc.cgi script per the instructions in Securing Movable Type are not vulnerable to this issue. We nevertheless highly recommend upgrading.

ACKNOWLEDGEMENTS

  • John Lightsey (#114037)

All bugs are documented through an external site. A FogBugz account is required in order to view case details.

Back

Leave a Comment