Not a developer? Go to


Movable Type 7 r.5501 (v.7.902.0) Release Notes

This version includes security fixes.

Security issues

  • Fixed some XSS vulnerabilities on mt.cgi (CVE-2023-45746) (MTC-28624, MTC-28647, MTC-28650, MTC-28651, MTC-28652)

New and Improved features

  • PHP 8.2 is now supported (MTC-28855)
  • Added a new MT tag MTTextFormat to retrieve the text format specified for Posts, and multi-line text fields in ContentData (MTC-29037)
  • GoogleAnalytics v4 Plugin now responses according to parameters in _request method (MTC-29017)
  • Added JavaScript SDK for Data API v5, v6 (MTC-28853)
  • Improved MT::Object timing to get ObjectDriver, and cache ObjectDriver properly (MTC-28379)
  • Updated Data::ObjectDriver to 0.22 (MTC-28766)
  • Add Configuration Directive DBIConnectOptions for setting database connection options (MTC-28894)
  • When using the browser’s search function on the template edit screen, the entire template can now be searched. Also, shortcuts assigned to the browser’s search function are now available (MTC-28902)
  • Implemented “Background Jobs” menu to list background jobs and check their status and other information. The menu appears and can be used by setting the ShowTsJob environment variable to 1 (CLOUD-76)
  • Updated Smarty to 4.3.2 (MTC-29019)
  • Updated adodb to 5.22.6 (MTC-28936)
  • Updated jQuery to 3.7.0 (MTC-28908)
  • Updated TinyMCE6 to 6.5.1 (MTC-28937)
  • When there are more than 125 results, the message “Show first 125 results” is now also displayed below the search results (MTC-28903)
  • Renamed the Bootstrap5 based theme in mt.cgi to admin2023 (MTC-28947)

Sync.pack (available on Movable Type Advanced)

  • Add hook for PeriodicSync plugin (MTC-29086)
  • FIxed design issues for admin2023 theme (MTC-28958)

Resolved issues

  • Fixed a problem that caused “Not a HASH reference error” when filtering a content data list with a less privileged user (MTC-29208)
  • Fixed to detect installed templates correctly at completing system templates (MTC-29097)
  • Removed zenback module from Eiger theme (MTC-29084)
  • Fixed not to load template from other Site at using MTInclude Tag with Identifier (MTC-29054)
  • Fixed Data API Statistics value correctly when associated with GA4 (MTC-28885)
  • Fixed Data API Stats resource with GA4 (MTC-28985)
  • Fixed MTApp:Setting Tag not to attach unnecessary <__trans_section> (MTC-28992)
  • FIxed MT::Util::Archive failed to check in WIn32 (MTC-28969)
  • Fixed not to update Site created_on at upgrading from 7.9.4 or before (MTC-28967)
  • Fixed to apply basename to add Post and Pages defaultly in theme.yaml (MTC-28963)
  • Fixed list_header template in Listing View to complaint to AdminThemeID (MTC-28954)
  • Fixed to store config correctly in MT::Upgrade::Core (MTC-28956)
  • Fixed not to use cache without cache_keys at search (MTC-28927)
  • Fixed UUV possibility at using an asset without file extension as Image (MTC-28926)
  • Fixed UUV possibility at associate role (MTC-28925)
  • Fixed UUV when menus data is incomplete in plugin configuration (MTC-28924)
  • Fixed UUV at applytextfilters (MTC-28923)
  • Fixed UUV at regex_replace and replace modifier (MTC-28922)
  • Fixed UUV at MTSetVar tag (MT-28932)
  • Fixed UUV at deleting ContentData in List action (MTC-28939)
  • Fixed UUV at existing arguments given undefined value in modifier (MTC-28935)
  • Fixed UUV to set non-integer value to SearchMaxResults (MTC-28933)
  • Fixed UUV at arguments empty in MT->model (MTC-28934)
  • Fixed to enable to hide widgets in right side panel (SUPPORT-265)
  • Fixed when exists an incorrect plugin, other plugins might not add object_types (MTC-28867)
  • improved validation check of Date, Time field in browser (MTC-25728)
  • Improved MT::ObjectDriver::Cache::RAM, caching in MT::Request and cleared by each request to avoid inconsistencies on PSGI environment (MTC-27223)
  • Fixed “Too many connections” error in MySQL due not to work to reuse connection (MTC-28722)
  • Fixed “An error occurred while loading objects” occurred at filtering at second pages or later in listing view (MTC-28841)
  • Fixed to work the cache of MTCategoryNext andMTContentPermalink tags (MTC-28841)
  • Fixed MTAuthorNext and MTAuthorPrevious tags which might affect subsequent tags (MTC-28842)
  • Fixed to save a template correctly after editing the file set as filelink (MTC-28852)
  • Fixed UUV occurred at the filter of data identified label when a plugin customs the data identified label in List view of ContentData (MTC-28871)
  • Fixed an issue to incomplete to reset password during Movable Type to be upgraded (MTC-28872)
  • Removed the “Selected Categories” phrase on Create/Edit a Page in mt.cgi (MTC-28877)
  • Fixed a javascript error on the details of a module which is not installed in [System] - [Settings] - [System Information] (MTC-28899)
  • Fixed an issue that a Widget belonged with site is called from global WidgetSet (MTC-28907)
  • Fixed many style issues in admin2023 theme

Obsoleted features

  • Removed Ping send option for the Rebuild Trigger (MTC-26646)


We would like to thank all those who have reported bugs and requested features for the release. In particular, we would like to thank the following people individually.

  • [MTC-29017] Mr. Makoto Tajima, M-Logic, Inc.

IPA and JPCERT/CC for their cooperation in notification and handling the vulnerability information.