Not a developer? Go to MovableType.com

MovableType.org
Documentation
Home / Documentation / Appendices Appendix: Release Notes

Movable Type 9.2.0 Release Notes

This version of Movable Type was released May 20, 2026.

This is the release notes for Movable Type Cloud Edition 9.2.0. This release includes feature improvements and bug fixes. It also includes fixes and improvements for multiple security issues.

New and improved features

  • Added support for OAuth 2.0 (Gmail, Outlook) as SMTP authentication for email sending (SUPPORT-37)
  • Improved to display the Movable Type schema version on the system information screen (SUPPORT-654)
  • Improved messages related to missing required Perl modules displayed during upgrade and other operations (SUPPORT-724)
  • Added a date range option to the bulk delete function for system logs, allowing deletion of logs prior to the specified date and time (SUPPORT-756)
  • Added the Configuration Directive DisableRegexpSearch. When set to 1, disabling the regular expression option during search and replace in the Admin screen may help avoid performance issues when handling large amounts of data (MTC-29012)
  • Improved error messages that occur during database access and related operations (MTC-30826)
  • Optimized query generation processing in SQL Server environments (MTC-30965)
  • Changed the label of the Publish button to Rebuild on the Template listing screen (MTC-31055)
  • The Configuration Directive SafeMode is deprecated in future versions (MTC-31092)
  • Added the Configuration Directive AllowNonAsciiFilename to prohibit uploading assets that include Japanese file names (MTC-31102)
  • Modified to remove unnecessary Exif Orientation tag information when using the “Automatically correct image orientation” feature during image upload (MTC-31119)
  • Improved mt-search.cgi by adding the Configuration Directive SearchEscapeUnderscore, allowing _ (underscore) to be searched as a character instead of a wildcard (MTC-31155)
    • Changed the default value for Custom Fields of type URL from http:// to https:// (MTC-31191 / FEEDBACK-2655)
  • Changed the client secret input field in the GoogleAnalyticsV4 plugin to a password field (MTC-31207)
  • Updated bundled extlib CPAN modules (MTC-31138, MTC-31175)
    • CGI (4.69 → 4.71)
    • Data::ObjectDriver (0.25 → 0.27)
    • File::Temp (0.2311 → 0.2312)
    • Image::ExifTool (13.30 → 13.44)
    • LWP::Protocol::http (6.78 → 6.81)
    • LWP::UserAgent (6.78 → 6.81)
    • MIME::Lite (3.033 → 3.035)
    • MIME::Types (2.28 → 2.30)
    • Net::HTTPS (6.23 → 6.24)
    • URI (5.32 → 5.34)
    • Updated MT::Image::ExifData used for image metadata processing to the latest version (MTC-31075)

MTRichTextEditor

  • Changed to insert HTML snippets such as embedded video player iframes as HTML tags instead of escaped text when pasted into the editing area (MTC-30817)
  • Added support for svg elements (MTC-31120)
  • Updated the version of Tiptap in use to 3.20.1 (MTC-31054)

Dynamic Publishing

  • Updated bundled ADOdb from 5.22.7 to 5.22.11 (MTC-30718)
  • Updated league/commonmark bundled with the CommonMark plugin from 2.7.0 to 2.8.1 (MTC-31218)

JavaScript libraries

  • Now supporting jQuery 4 and bundled jQuery 4.0.0. The Configuration Directive UsejQuery4 to 1 to enable, and updated SharedPreview plugin to be applied the Configuration Directive (MTC-31132 / MTC-31152)
  • Updated jQuery Validation from 1.20.0 to 1.22.1 (MTC-31150)
  • Updated jQuery UI from 1.14.1 to 1.14.2 (MTC-31151)
  • Updated jquery.ui.touch-punch.js used for touch interactions in the Admin screen to a version with added support for the jQuery 3 series and other improvements (MTC-31169)
  • Changed the graph rendering library to Chart.js used in access analytics on Admin screen (MTC-28555)

Resolved issues

  • Fixed an issue where an Invalid Query error occurred when searching with only one of the symbols ", !, -, or + in the search string (MTC-7525)
  • Fixed an issue where, during Archive preview, the file extension set in the general site settings took precedence and the extension specified in the Archive path settings was not applied (MTC-26494)
  • Fixed an issue where include/template_table.tmpl was unintentionally displayed in the system template list when creating a widget set in a global template (MTC-30418)
  • Fixed an issue where changing the “replacement path” caused an undefined function to be called and resulted in an error when importing using the WXRImporter plugin (MTC-30628)
  • Fixed an issue in the ContentData editing screen where the variable for the title attribute during delete and preview operations was uninitialized, and ensured that the ContentType name is displayed correctly (MTC-30717)
  • Fixed an issue where the ContentType name in the message was displayed in lowercase on the listing screen when no ContentData exists (MTC-30970)
  • Fixed HTML syntax errors in the Admin screen (MTC-31012)
  • Fixed an issue where the confirmation message during list action execution was not displayed correctly depending on parameter settings (MTC-31064)
  • Fixed an issue where string search in dialogs did not work correctly when only 0 was specified as the search query (MTC-31144)
  • Fixed an issue where the ContentType name was displayed in lowercase in the confirmation dialog when pressing the delete button on the ContentData editing screen in mobile view (MTC-31171)
  • Fixed an issue where % (percent) could not be searched as a character and was treated as a wildcard in searches using mt-cdsearch.cgi (MTC-31195)
  • Fixed issues where translations were not applied correctly in some parts of the LicenseVerification plugin and the Comments plugin (MTC-31196)
  • Changed to avoid using empty strings when checking whether numeric columns have values, preventing type errors in SQL Server (MTC-30955)
  • Fixed an issue in the permission check processing of MT::App::CMS::is_authorized (MTC-30959)
  • Fixed an issue where an error occurred in Oracle Database when an empty value was set in the changed column of MT::Revisable::Local (MTC-30960)
  • Fixed an issue where the asset_from_url method of MT::Util was not included in the export target (MTC-31072)
  • Fixed an issue where incorrect characters were included in the HTTP Content-Type header when loading ContentData in a modal window (MTC-31116)
  • Fixed uninitialized variable warnings that occurred when corrupted ContentField data was included during processes such as data import and search, and changed to ignore the affected data (MTC-31136)
  • Fixed an issue where jQuery Migrate warnings were output in the browser developer tools when displaying the Shared Preview screen (MTC-30569)
  • Fixed an issue where a 404 error occurred when operating the ContentType editing screen if the Configuration Directive UseRiot was set to 1 (MTC-30625)
  • Fixed an issue where users with only the “create ContentData” permission for each ContentType could not edit their own published ContentData from the listing screen (MTC-30910)
  • Fixed an issue in the Entry import and export feature where exported data could not be correctly imported if the separator string in MT format was included in the Entry data (MTC-31058)
  • Excluded mt_deletefileinfo table from Export of Site Data targets, to avoid unexpected behavior at Site Import (MTC-31093)
  • Fixed an issue where mirroring was not performed correctly for certain values of the Exif Orientation tag when the “Automatically correct image orientation” feature was enabled during asset upload (MTC-31118)
  • Fixed an issue in the BlockEditor plugin where uninitialized variable warnings occurred when searching ContentData that included image fields if image data did not exist (MTC-31134)
  • Fixed an issue where uninitialized variable warnings occurred during ContentData search when information for ContentField of type ContentType could not be retrieved due to corruption or other issues (MTC-31135)
  • Fixed an issue where uninitialized variable warnings occurred when sorting by author on the listing screen that included Entry created by deleted users (MTC-31137)
  • Excluded YAML::PP from the automatic detection targets of MT::Util::YAML to avoid issues in specific environments (MTC-31145)
  • Fixed an issue where deleting old ContentData of a ContentType using a date field in Archive mapping unintentionally updated the latest ContentType Archive content (MTC-31167)
  • Fixed an issue where saving continued without being properly handled as an error when the pre-save callback cms_pre_save.content_data returned a false value (MTC-31172)
  • Changed to exclude the mt_preview table, which stores session data for Shared Preview, from site export targets (MTC-31176)
  • Fixed an issue to skip restoration when data from tables specified as excluded were included during site backup restoration (MTC-31094)
  • Modified to validate requests using the state parameter when obtaining tokens in the GoogleAnalyticsV4 plugin (MTC-31208)
  • Fixed an issue where the “Always export all options” checkbox on the export screen was unintentionally unchecked when exporting a theme with overwrite (SUPPORT-770)

Movable Type Advanced

  • Fixed an issue where the EXTRACT function used during archive creation did not work correctly in SQL Server (MTC-30954)
  • Fixed an issue where columns including composite indexes could not be deleted in SQL Server by correcting the processing order to drop indexes first (MTC-30956)
  • Fixed issues in datetime conversion processing in SQL Server to resolve problems when saving data to the database caused by fractional precision (MTC-30957)
  • Fixed a warning in Oracle Database caused by MT::Blog::archive_type being undefined (MTC-30962)

Dynamic Publishing

  • Fixed an issue where the template tag MTContentFieldValue did not correctly reference the data identifier label of ContentField (MTC-31076)
  • Fixed an issue where the template tag MTAssetFilePath could not correctly handle pseudo paths such as %r and %a, resulting in incorrect file path output (MTC-31215)

MTRichTextEditor

  • Fixed an issue where unnecessary spaces were inserted and displayed when using ruby elements (MTC-31168)
  • Fixed to allow removal of p elements inserted before oEmbed objects (MTC-31101)
  • Fixed an issue where images were deleted when attempting to set links on images in the Entry editing screen (MTC-31113)
  • Fixed an issue where the context toolbar was displayed above modal windows (MTC-31125)
  • Fixed behavior where empty div elements were difficult to delete using keyboard operations (MTC-31224)
  • Fixed behavior where p elements were added inside empty div elements when saving (MTC-31223)
  • Fixed behavior where a elements directly under div elements were wrapped with p elements (MTC-31222)
  • Fixed the HTML structure when pasting text including line breaks and other content (MTC-31173)
  • Fixed an issue where unintended p elements were inserted when editing text contained in td and th elements (MTC-31291)

AssetUploader

  • #### Fixed an issue where the drop area display did not disappear even after canceling a drag operation (MTC-30985MTC-30977)

Server Sync

  • Fixed an issue where delivery restarted after server delivery was interrupted midway (MTC-31106)

Security fixes and improvements

  • Fixed an issue where a user without appropriate permissions could proceed with the upgrade process upon signing in while the installed Movable Type or plugins are being upgraded. The behavior can be reverted to the previous state using the RequireUpgradePermission configuration directive (MTC-30699)
  • Enhanced escaping processing for variables used in event handler attributes in the Admin screen (MTC-30998)

Updated plugins

  • Updated the Shared Preview plugin to version 0.6 (MTC-31187)
  • Updated MTRichTextEditor from 1.0.4 to 1.0.5 (MTC-31302)
  • Updated AssetUploader from 1.0.3 to 1.0.4 (MTC-31301)

Deprecated features

  • Changed to output warnings to the log for future deprecation when using the file modifier of the MTInclude tag (MTC-31088)
  • Removed obsolete ADOdb-related code associated with the mysql extension module removed in PHP 7.0.0 (MTC-31071)
  • Removed unnecessary $var_export-related code in the PHP implementation (MTC-31081)
  • Removed unused code in ContentData save processing (MTC-31157)
  • Removed the definition of the already deprecated dialog_select_assoc_type method (MTC-31159)

Acknowledgments

We would like to thank those who reported these vulnerabilities for their contribution to this release. We would also like to thank JPCERT/CC and IPA for their assistance in handling the vulnerability information.

Back