Movable Type 8.0.6 Release Notes
This version of Movable Type was released February 19, 2025.
This release includes security fixes. Six Apart recommends that you upgrade to the latest version.
New and improved features
- Updated
MTBlockEditorto version 1.2.5 - Updated
MFA(Multi-Factor Authentication) plugin to version 1.0.5 - Modified to insert an image as Asset not data url when Drag-and-Drop image on Rich Text Editor with TinyMCE 6 (MTC-29947)
Resolved issues
- Fixed an issue where line breaks were not converted to
<br>elements when pasting multi-line text in TinyMCE6 (MTC-30072) - Fixed an issue where inserting images in the old block editor caused an error when the width of thumbnails was specified (MTC-29967)
- Fixed an issue where the user-specific archives of ContentType were not always fully rebuilt (MTC-29907)
- Fixed to complete the process of mt-search.cgi with mass request parameters (MTC-29943)
- Fixed performance issues of processing parameters of Data API (MTC-29962)
- Fixed performance issues of processing parameters of Comment (MTC-29955)
- Improve performance of
mt-search.cgiwith specific parameters (MTC-29961) - Fixed performance issues of processing parameters of
mt-search.cgi(MTC-29953)
Security fixes and improvements
- Updated TinyMCE 6 to 6.8.5 in the
TinyMCE6plugin (MTC-29922) - Updated
jQuery Validateto 1.20.0 (MTC-29946) - Fixed Cross Site Scripting (XSS) of object embedding in MT Blockeditor using TinyMCE6 Plugin (CVE-2025-24841, MTC-29997)
- Fixed Cross Site Scripting (XSS) on the page of Edit a Custom Block in MT Blockeditor (CVE-2025-22888, MTC-29937)
- Fixed Cross Site Scripting (XSS) on Edit user page (CVE-2025-25054, MTC-30057)
Acknowledgement
We would like to thank all those who have reported bugs and requested features for the release. In particular, we would like to thank the following people individually.
- Koiwai Dairy Products Co., Ltd. Mr. LEE BEOMSEOK (MTC-30057)
- IPA and JPCERT/CC for their cooperation in notification and handling of vulnerability information.
