Not a developer? Go to MovableType.com

MovableType.org
Documentation
Home / Documentation / Appendices Appendix: Release Notes

Movable Type 8.4.2 Release Notes

This release includes security fixes. Six Apart recommends that you upgrade to the latest version.

New and improved features

  • Updated Smarty from 4.5.3 to 4.5.5 (MTC-29974)
  • Updated MTBlockEditor to version 1.2.5
  • Updated MFA (Multi-Factor Authentication) plugin to version 1.0.5
  • Added support for MySQL caching_sha2_password authentication (MTC-29715)
  • Improved the response time of the admin screen by revising the processing of MT::Permission (MTC-29836)

Resolved issues

  • Fixed an issue where line breaks were not converted to <br> elements when pasting multi-line text in TinyMCE6 (MTC-30072)
  • Removed unnecessary files included in the package (MTC-30173)
  • Fixed an issue where inserting images in the old block editor caused an error when the width of thumbnails was specified (MTC-29967)
  • Fixed an issue where the user-specific archives of ContentType were not always fully rebuilt (MTC-29907)
  • Removed the use of the deprecated window.unload event in the Chrome browser (MTC-29851)
  • Fixed timing to call listReady event from Svelte on List view (MTC-29915)
  • Fixed to show confirm dialog after add/remove line on Table ContentField with browser backwording (MTC-29965)
  • Fixed to remove the filter item of username at List view with Svelte (MTC-29928)
  • Fixed to set a parameter to input field with filter_key on List view (MTC-29925)
  • Fixed the setting add / remove rows and lines swapped on Edit ContentType (MTC-29839)
  • Fixed to complete the process of mt-search.cgi with mass request parameters (MTC-29943)
  • Fixed performance issues of processing parameters of Data API (MTC-29962)
  • Fixed performance issues of processing parameters of Comment (MTC-29955)
  • Improve performance of mt-search.cgi with specific parameters (MTC-29961)
  • Fixed performance issues of processing parameters of mt-search.cgi (MTC-29953)

Updates JavaScript Libraries

  • Update a-table.js from 1.5.9 to 1.5.10 (MTC-29854)

Security fixes and improvements

  • Update TinyMCE 6 from 6.8.4 to 6.8.5 in the TinyMCE6 plugin (MTC-29922)
  • Fixed Cross Site Scripting (XSS) of object embedding in MT Blockeditor using TinyMCE6 Plugin (CVE-2025-24841, MTC-29997)
  • Fixed Cross Site Scripting (XSS) on the page of Edit a Custom Block in MT Blockeditor (CVE-2025-22888, MTC-29937)
  • Fixed Cross Site Scripting (XSS) on Edit user page (CVE-2025-25054, MTC-30057)

Acknowledgement

We would like to thank all those who have reported bugs and requested features for the release. In particular, we would like to thank the following people individually.

  • Koiwai Dairy Products Co., Ltd. Mr. LEE BEOMSEOK (MTC-30057)
  • IPA and JPCERT/CC for their cooperation in notification and handling of vulnerability information.
Back