Movable Type 5.05 and 4.36 Release Notes
This version of Movable Type was released May 24, 2011.
Movable Type 4.36 and 5.05 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x.
The impact of the vulnerabilities
A remote attacker could execute arbitrary code in a logged-in users’ web browser. A remote attacker could read or modify the contents in the system under certain circumstances.
Versions Affected
- Movable Type Open Source 4.x
- Movable Type Open Source 5.x
- Movable Type 4.x ( with Professional Pack, Community Pack )
- Movable Type 5.x ( with Professional Pack, Community Pack )
- Movable Type Enterprise 4.x
Solution
Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.
- Movable Type Open Source 4.36
- Movable Type Open Source 5.05
- Movable Type Open Source 5.1
- Movable Type 4.36( with Professional Pack, Community Pack)
- Movable Type 5.05( with Professional Pack, Community Pack)
- Movable Type 5.1( with Professional Pack, Community Pack)
- Movable Type Enterprise 4.36
- Movable Type Advanced 5.1
Specia thanks to Alfasado, Eldar Marcussen and other reporters for reporting the security issues.
Download
- Download Movable Type Open Source
- Download Movable Type Pro
- Download other packages (including MT5.05)
Installation/upgrade instructions
Known Issues
There are known issues in this release. These will be fixed in 5.051 and 4.361
