Not a developer? Go to


Movable Type 7 r.4607 (7.3.0) Release Notes

This version of Movable Type was released May 13, 2020.

Movable Type 7 r.4607 (7.3.0) includes several changes including security fixes.

When updating, it is strongly recommended that you take a snapshot of the database before updating, then install Movable Type in a different directory instead of overwriting your current installation.

New and Improved functions

  • [MTC-26528] Add Table in RichText Editor.
  • [MTC-27218] Enable selecting tasks via run-periodic-tasks
  • [MTC-27190] Improve not to insert unnecessary line-feed or space in “Convert to Linefeed”.
  • [MTC-27130] Log to STDERR when MT::Util::Log is not set.
  • [MTC-27119] Add PurePerl Digest::SHA、Digest::MD5 modules for fallback.
  • [MTC-27063] Log removing a file at rebuilding.
  • [MTC-27039] Improve the UI of editing category fields in Content Data.
  • [MTC-27011] Support PHP 7.4
  • [MTC-27006] Enable DBHost with Oracle.
  • [MTC-26629] Enable “requiresslreuse=YES” in Content Sync.
  • [MTC-26558] Add ids of HTML elements in the admin menu.
  • [MTC-10962] Support Emoji, with utf8mb4 of MySQL / MariaDB.

Updated Functions

  • [MTC-27196] The default email encoding is changed to UTF-8.
  • [MTC-27137] Remove DjDT modules used in debug mode.
  • [MTC-27120] The file list of Content Sync is not included when exporting a site.
  • [MTC-27117] The first frame of Animation GIF is used as a thumbnail.
  • [MTC-27116] Remove ezsql.
  • [MTC-27115] Update ADOdb to 5.20.16
  • [MTC-27114] Update Smarty to 3.1.31.
  • [MTC-27103] Update Image::ExifTool to 11.85.
  • [MTC-26913] Remove some ping update services that were closed.
  • [MTC-12579] Remove unnecessary method definition in Group feature.
  • [MTC-11694] Remove unnecessary CSS and Javascript files.
  • [MTC-7105] Remove unnecessary codes from a list of templates.

Resolved Issues

Security Fixes and Improvements

  • [MTC-27147] Fix XSS in __mode=rebuild. (CVE-2020-5575)
  • [MTC-27146] Fix CSRF in _mode=startrebuild. (CVE-2020-5576)
  • [MTC-27144] Fix XSS in template list. (CVE-2020-5575)
  • [MTC-27143] Fix CSRF via Sign-In page. (CVE-2020-5576)
  • [MTC-27142] Fix not to upload a double extension PHP file. (CVE-2020-5577)
  • [MTC-27141] Fix an open redirect issue in __mode=recover. (CVE-2020-5574)
  • [MTC-27140] Fix XSS in _mode=startrebuild. (CVE-2020-5575)


  • [MTC-27247] Unlist some OpenID providers that were obsolete.
  • [MTC-27245] Fix a class name of validation in form parts.
  • [MTC-27240] Fix to rebuild category archives correctly when there are two and more category content fields.
  • [MTC-25943] Fix not to show an alert at creating a site.
  • [MTC-27225] Fix to remove unnecessary data in MT::ContentType and MT::ContentData even when a site is removed.
  • [MTC-27222] Fix dialog of rebuilding to be handled in rebuild-pages.
  • [MTC-27211] Fix an error of MTCanonicalURL with multiple archive mapping.
  • [MTC-27192] Fix to register object type with long_datasource.
  • [MTC-27188] Fix to store the status of the checkbox field in Content Data.
  • [MTC-27184] Fix to update the file information correctly in Content Sync.
  • [MTC-27177] Fix an error at sorting child sites in the site list of the System.
  • [MTC-27158] Fix to show “Back” button correctly on internal errors.
  • [MTC-27126] Fix to apply filters when a Content Type refers to another Content Type which includes multiple text.
  • [MTC-27111] Fix enabling to replace in text fields created with block editor.
  • [MTC-27099] Fix style in activity log.
  • [MTC-27091] Fix to allow single quotation in labels of Content Field.
  • [MTC-26951] Fix not to show jQuery alerts.
  • [MTC-26734] Fix the number of tags in Content Type.
  • [MTC-26505] Fix to add a category when editing Content Data.
  • [MTC-26362] Fix to store entry preferences when editing Entries.
  • [MTC-26329] Fix to trigger rebuild at publishing a comment.
  • [MTC-26287] Fix to insert an image in a template.
  • [MTC-25961] Adjust the style of error message of thumbnail width in the modal dialog of inserting images.
  • [MTC-25376] Fix some MT tags in preview mode.
  • [MTC-24981] Fix sort order of the list of users in system view.
  • [MTC-13236] Fix to store iframe in embed object of Custom Field.
  • [MTC-12652] Remove unnecessary spaces in the error message of Database Setting.
  • [MTC-12078] Fix a validation rule of filter name.
  • [MTC-7280] Fix to check uniqueness of Role name.
  • [MTC-7218] Fix to allow the role of “managing web pages” to create a new folder.

Features to be deprecated in the next or future release.

  • [MTC-27297] Remove OpenID Plugin
  • [MTC-26983] Remove Crypt code from MT Core.
  • [MTC-27074] Deprecate MT::Util::perlsha1digest(_hex)
  • [MTC-27298] Deprecate Update Ping


Many bug fixes and patch offerings reported by the Movable Type community are included in this release. The names of community members who provided patches and bug reports through Jira are as follows. I appreciate your cooperation! (In no particular order, titles omitted)

  • Toshitsugu Yoneyama / Mitsui Bussan Secure Directions, Inc., IPA, JPCERT/CC, - MTC-27147、MTC-27146、MTC-27144、MTC-27143、MTC-27141、MTC-27140
  • Yuji Tounai / Mitsui Bussan Secure Directions, Inc., IPA, JPCERT/CC, - MTC-27142
  • Lift - MTC-27141
  • Skyarc Co., Ltd. - MTC-27222
  • Homare Urayama - MTC-27099
  • Date - MTC-26362