Movable Type 6.2.6 release notes

This version of Movable Type was released June 22, 2016.

Movable Type versions 6.2.6, and 6.1.3 were released as mandatory security updates. These updates resolve a vulnerability discovered in Movable Type’s XML-RPC interface . All users should upgrade to this latest release immediately.

Please see Securing Movable Type for additional steps to protect your installation.

SECURITY PATCHES

• [High] An issue involving possible SQL injection originating through the XML-RPC interface has been fixed. (#114037)

Note: Users who do not use XML-RPC and have disabled the mt-xmlrpc.cgi script per the instructions in Securing Movable Type are not vulnerable to this issue. We nevertheless highly recommend upgrading.

RESOLVED ISSUES

Movable Type for AWS

• Address an issue with log rotation. (#114004)

ACKNOWLEDGEMENTS

• John Lightsey (#114037)

All bugs are documented through an external site. A FogBugz account is required in order to view case details.