Not a developer? Go to MovableType.com

Documentation

Movable Type 8.0.6 Release Notes

This release includes security fixes. Six Apart recommends that you upgrade to the latest version.

New and improved features

  • Updated MTBlockEditor to version 1.2.5
  • Updated MFA (Multi-Factor Authentication) plugin to version 1.0.5
  • Modified to insert an image as Asset not data url when Drag-and-Drop image on Rich Text Editor with TinyMCE 6 (MTC-29947)

Resolved issues

  • Fixed an issue where line breaks were not converted to <br> elements when pasting multi-line text in TinyMCE6 (MTC-30072)
  • Fixed an issue where inserting images in the old block editor caused an error when the width of thumbnails was specified (MTC-29967)
  • Fixed an issue where the user-specific archives of ContentType were not always fully rebuilt (MTC-29907)
  • Fixed to complete the process of mt-search.cgi with mass request parameters (MTC-29943)
  • Fixed performance issues of processing parameters of Data API (MTC-29962)
  • Fixed performance issues of processing parameters of Comment (MTC-29955)
  • Improve performance of mt-search.cgi with specific parameters (MTC-29961)
  • Fixed performance issues of processing parameters of mt-search.cgi (MTC-29953)

Security fixes and improvements

  • Updated TinyMCE 6 to 6.8.5 in the TinyMCE6 plugin (MTC-29922)
  • Updated jQuery Validate to 1.20.0 (MTC-29946)
  • Fixed Cross Site Scripting (XSS) of object embedding in MT Blockeditor using TinyMCE6 Plugin (CVE-2025-24841, MTC-29997)
  • Fixed Cross Site Scripting (XSS) on the page of Edit a Custom Block in MT Blockeditor (CVE-2025-22888, MTC-29937)
  • Fixed Cross Site Scripting (XSS) on Edit user page (CVE-2025-25054, MTC-30057)

Acknowledgement

We would like to thank all those who have reported bugs and requested features for the release. In particular, we would like to thank the following people individually.

  • Koiwai Dairy Products Co., Ltd. Mr. LEE BEOMSEOK (MTC-30057)
  • IPA and JPCERT/CC for their cooperation in notification and handling of vulnerability information.
Back