Movable Type 6.1.3 release notes

This version of Movable Type was released June 22, 2016.

Movable Type versions 6.2.6, and 6.1.3 were released as mandatory security updates. These updates resolve a vulnerability discovered in Movable Type’s XML-RPC interface . All users should upgrade to this latest release immediately.

Please see Securing Movable Type for additional steps to protect your installation.

SECURITY PATCHES

• [High] An issue involving possible SQL injection originating through the XML-RPC interface has been fixed. (#114037)

Note: Users who do not use XML-RPC and have disabled the mt-xmlrpc.cgi script per the instructions in Securing Movable Type are not vulnerable to this issue. We nevertheless highly recommend upgrading.

ACKNOWLEDGEMENTS

• John Lightsey (#114037)

All bugs are documented through an external site. A FogBugz account is required in order to view case details.