Not a developer? Go to MovableType.com

Documentation

Movable Type 8.4.2 Release Notes

This version of Movable Type was released February 19, 2025.

This release includes security fixes. Six Apart recommends that you upgrade to the latest version.

New and improved features

  • Updated Smarty from 4.5.3 to 4.5.5 (MTC-29974)
  • Updated MTBlockEditor to version 1.2.5
  • Updated MFA (Multi-Factor Authentication) plugin to version 1.0.5
  • Added support for MySQL caching_sha2_password authentication (MTC-29715)
  • Improved the response time of the admin screen by revising the processing of MT::Permission (MTC-29836)

Resolved issues

  • Fixed an issue where line breaks were not converted to <br> elements when pasting multi-line text in TinyMCE6 (MTC-30072)
  • Removed unnecessary files included in the package (MTC-30173)
  • Fixed an issue where inserting images in the old block editor caused an error when the width of thumbnails was specified (MTC-29967)
  • Fixed an issue where the user-specific archives of ContentType were not always fully rebuilt (MTC-29907)
  • Removed the use of the deprecated window.unload event in the Chrome browser (MTC-29851)
  • Fixed timing to call listReady event from Svelte on List view (MTC-29915)
  • Fixed to show confirm dialog after add/remove line on Table ContentField with browser backwording (MTC-29965)
  • Fixed to remove the filter item of username at List view with Svelte (MTC-29928)
  • Fixed to set a parameter to input field with filter_key on List view (MTC-29925)
  • Fixed the setting add / remove rows and lines swapped on Edit ContentType (MTC-29839)
  • Fixed to complete the process of mt-search.cgi with mass request parameters (MTC-29943)
  • Fixed performance issues of processing parameters of Data API (MTC-29962)
  • Fixed performance issues of processing parameters of Comment (MTC-29955)
  • Improve performance of mt-search.cgi with specific parameters (MTC-29961)
  • Fixed performance issues of processing parameters of mt-search.cgi (MTC-29953)

Updates JavaScript Libraries

  • Update a-table.js from 1.5.9 to 1.5.10 (MTC-29854)

Security fixes and improvements

  • Update TinyMCE 6 from 6.8.4 to 6.8.5 in the TinyMCE6 plugin (MTC-29922)
  • Fixed Cross Site Scripting (XSS) of object embedding in MT Blockeditor using TinyMCE6 Plugin (CVE-2025-24841, MTC-29997)
  • Fixed Cross Site Scripting (XSS) on the page of Edit a Custom Block in MT Blockeditor (CVE-2025-22888, MTC-29937)
  • Fixed Cross Site Scripting (XSS) on Edit user page (CVE-2025-25054, MTC-30057)

Acknowledgement

We would like to thank all those who have reported bugs and requested features for the release. In particular, we would like to thank the following people individually.

  • Koiwai Dairy Products Co., Ltd. Mr. LEE BEOMSEOK (MTC-30057)
  • IPA and JPCERT/CC for their cooperation in notification and handling of vulnerability information.
Back