Movable Type 6.2.6 release notes
This version of Movable Type was released June 22, 2016.
Movable Type versions 6.2.6, and 6.1.3 were released as mandatory security updates. These updates resolve a vulnerability discovered in Movable Type’s XML-RPC interface . All users should upgrade to this latest release immediately.
Please see Securing Movable Type for additional steps to protect your installation.
- [High] An issue involving possible SQL injection originating through the XML-RPC interface has been fixed. (#114037)
Note: Users who do not use XML-RPC and have disabled the mt-xmlrpc.cgi script per the instructions in Securing Movable Type are not vulnerable to this issue. We nevertheless highly recommend upgrading.
- Address an issue with log rotation. (#114004)
- John Lightsey (#114037)
All bugs are documented through an external site. A FogBugz account is required in order to view case details.