Movable Type 8.4.4 Release Notes
This version of Movable Type was released October 22, 2025.
Resolved issues
- Fixed distorted display when multiple filter conditions in site listing screen with Configuration Directive
UseRiotis0, Svelte used (MTC-30403) - Fixed an issue where specifying a subdomain wildcard in the
TrustedHostsconfiguration directive unintentionally matched IP addresses (MTC-30564) - Updated the system to invalidate all other active login sessions when a password is changed. Also recorded password change events in the log. When a password is changed by an administrator, the user is required to sign in again (MTC-30687)
Security fixes and improvements
- Fixed a cross-site scripting (XSS) vulnerability in Edit ContentData page on mt.cgi(CVE-2025-54856, MTC-30710)
- Fixed a cross-site scripting (XSS) vulnerability in Edit CategorySet of ContentType page on mt.cgi (CVE-2025-62499, MTC-30711)
