Movable Type 6.3.12 Release Notes
This version of Movable Type was released May 13, 2020.
Movable Type 6.3.12 includes several security fixes.
- [MTC-27147] Fix XSS in __mode=rebuild. (CVE-2020-5575)
- [MTC-27146] Fix CSRF in _mode=startrebuild. (CVE-2020-5576)
- [MTC-27144] Fix XSS in template list. (CVE-2020-5575)
- [MTC-27143] Fix CSRF via Sign-In page. (CVE-2020-5576)
- [MTC-27142] Fix not to upload a double extension PHP file. (CVE-2020-5577)
- [MTC-27141] Fix an open redirect issue in __mode=recover. (CVE-2020-5574)
- [MTC-27140] Fix XSS in _mode=startrebuild. (CVE-2020-5575)
Many bug fixes and patch offerings reported by the Movable Type community are included in this release. The names of community members who provided patches and bug reports through Jira are as follows. I appreciate your cooperation! (In no particular order, titles omitted)
- Toshitsugu Yoneyama / Mitsui Bussan Secure Directions, Inc., IPA, JPCERT/CC, - MTC-27147、MTC-27146、MTC-27144、MTC-27143、MTC-27141、MTC-27140
- Yuji Tounai / Mitsui Bussan Secure Directions, Inc., IPA, JPCERT/CC, - MTC-27142
- Lift - MTC-27141