Not a developer? Go to MovableType.com

MovableType.org
Documentation
Home / Documentation / Appendices Appendix: Release Notes

Movable Type 8.7.0 Release Notes

This version of Movable Type was released August 20, 2025.

This version is an internal release.

New and improved features

  • Added the following endpoints to the Data API v7 to enable retrieval of Google Analytics access statistics not only daily but also weekly, monthly, and yearly (SUPPORT-36)
    • View count
    • Weekly
      /sites/{site_id}/stats/yearWeek/screenPageViews
    • Monthly
      /sites/{site_id}/stats/yearMonth/screenPageViews
    • Yearly
      /sites/{site_id}/stats/year/screenPageViews
    • Sessions
    • Weekly
      /sites/{site_id}/stats/yearWeek/sessions
    • Monthly
      /sites/{site_id}/stats/yearMonth/sessions
    • Yearly
      /sites/{site_id}/stats/year/sessions
    • Renamed the stats endpoint from views to sessions and from pageviews to screenPageViews for Data API versions v1 to v6 in accordance with the Google Analytics metric name changes (MTC-28996)
  • Update bundled MTBlockEditor from version 1.2.5 to 1.2.7 (MTC-30425)
    • Fixed the issue where the initial value of the image insertion option was unset when “left” or “right” was selected in the image insertion position option of site posting settings (MTC-28893)
    • Fixed an issue where, when changing the selected asset in Image block or File block, if an image other than the latest 25 was selected, the modal window would not operate correctly (MTC-30421)
    • Fixed an issue where, when saving or previewing with focus remaining on the Block Editor editing area, asynchronously updated information would not be reflected (MTC-30496)
  • Allowed limiting the number of characters in search queries for mt-search.cgi and mt-cdsearch.cgi by setting the configuration directive SearchMaxCharCount. If you want to set separate limits for each, the configuration directive ContentDataSearchMaxCharCount can be used for mt-cdsearch.cgi (MTC-30274)
  • Modified the system to display a warning on the dashboard and other screens if any core modules are missing during upgrade (MTC-30420)
  • Enabled support for YAML::XS and YAML::PP in addition to YAML::Syck and YAML::Tiny via the configuration directive YAMLModule (MTC-30393)
    Added the security parameter to each endpoint in the OpenAPI JSON schema of the Data API, allowing authentication switching in tools such as Swagger UI (MTC-30435)

Resolved issues

  • Addressed an issue where email delivery failed when using the SMTP servers of Microsoft 365 or Amazon SES by modifying the authentication module to use Authen::SASL::Perl (MTC-30446)
  • Modified the behavior to use the first authentication method that succeeds when the SMTP server supports multiple authentication mechanisms (MTC-30320)
  • Changed the description of the Mont-Blanc theme (MTC-30433)
  • Removed unnecessary code from the processing in the Data API endpoint /sites/{site_id}/tags (MTC-30424)
  • Fixed an issue where non-numeric input could be entered in the Created On field when downloading logs as CSV from the log list (MTC-30305)
  • Reduced the display load and improved the rendering speed of the admin screen (MTC-30387)
  • Fixed an issue where signing in to comment on an entry failed when the domain of the Admin screen and the public site differed (MTC-30406)
  • Added missing fields to default_params in the OpenAPI JSON schema of the Data API, such as the saveRevision parameter for the entry create and update endpoints (MTC-30359)
  • Suppressed Perl warnings from being output to the log when uploading an image from the rich text editor (MTC-29533)
  • Added log output when saving asset association information fails during saving of an Entry or ContentData (MTC-27701)
  • Fixed broken tag formatting in the description of the Data API v7 endpoint /sites/{site_id}/export_theme (MTC-30388)
  • Fixed an issue where regular expression search in the “Search/Replace” screen could return incorrect results when performed by users other than the system administrator (MTC-30084)
  • Updated the bundled module Data::ObjectDriver from version 0.23 to 0.25 (MTC-30353)
  • Fixed an issue where thumbnail generation failed for images with certain ICC profiles when the configuration directive ImageDriver was set to GraphicsMagick (MTC-30357)
  • Corrected the use of encode_xml in feed_recent.mtml (the recent entries feed) of each bundled theme to encode_xml (MTC-6658)
  • Fixed an issue where searching by the data label did not work when a field was specified as the data label of a ContentType (MTC-29783)
  • Fixed an issue where DefaultLanguage was ignored in environments where the user was not logged in (MTC-30346)
  • Modified the deprecation log to record the line number of the deprecated implementation instead of the caller (MTC-30338)
  • Fixed an issue where using deprecated features on Windows could cause a regular expression error no longer supported in regex (MTC-30336)
  • Fixed an issue where the manifest file in site export became invalid when an asset with special characters in its filename existed (MTC-30362)
  • Fixed an issue where no revision history was created when creating or updating a ContentType or updating a template via the Data API (MTC-30350)
  • Restricted the text input field for file extensions in Site Settings > Archive Settings > File Extension so that it does not accept more than 10 characters (MTC-29187)
  • Renamed the MT tags MTScript and MTStylesheet to MTApp:Script and MTApp:Stylesheet (MTC-30323)
  • Fixed an issue where the calendar for date and time fields in the content data creation and editing screen was displayed below other elements (MTC-30473)
  • Added Data API JavaScript SDK v7 to mt-static/data-api (MTC-30488)
  • Fixed an issue where adding a numeric field with minimum value left blank and decimal places set to 1 or more prevented opening the ContentData creation screen (MTC-30495)
  • Fixed an issue where no margin was applied to the left and right of the “Date and Time” ContentField (MTC-30474)
  • Suppressed Perl warnings from being output to the log when field data was undefined during ContentData search (MTC-30477)
  • Suppressed Perl warnings from being output to the log when image_width or image_height was undefined in the Data API response containing an asset (MTC-30479)
  • Set the required version of the YAML::XS module to v0.903.0 or higher in mt-check.cgi and System Information (MTC-30481)
  • Suppressed Perl warnings from being output to the log when thumbnail size could not be retrieved, such as during image upload (MTC-30478)
  • Suppressed Perl warnings from being output to the log when sorting by parent site in the site list (MTC-30480)

Dynamic Publishing

  • Corrected a typo in the PHP code within the exception handling of dynamic publishing (MTC-30334)

Security fixes and improvements

  • Fixed an issue where manipulation of the HTTP request Host header could lead to redirection to malicious sites (MTC-30358) (CVE-2025-53522)
    • Allowed setting trusted hostnames via the configuration directive TrustedHosts
  • Improved the password reset screen to reject invalid parameters (MTC-30384)(CVE-2025-55706)
Back