Not a developer? Go to MovableType.com

Documentation

Movable Type 5.05 and 4.36 Release Notes

This version of Movable Type was released May 24, 2011.

Movable Type 4.36 and 5.05 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x.

The impact of the vulnerabilities

A remote attacker could execute arbitrary code in a logged-in users’ web browser. A remote attacker could read or modify the contents in the system under certain circumstances.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.36
  • Movable Type Open Source 5.05
  • Movable Type Open Source 5.1
  • Movable Type 4.36( with Professional Pack, Community Pack)
  • Movable Type 5.05( with Professional Pack, Community Pack)
  • Movable Type 5.1( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.36
  • Movable Type Advanced 5.1

Specia thanks to Alfasado, Eldar Marcussen and other reporters for reporting the security issues.

Download

(What is the difference?)

Installation/upgrade instructions

Known Issues

There are known issues in this release. These will be fixed in 5.051 and 4.361

  • 106228 Permission: Can't locate object method "permission_error" via package "MT::App::CMS" ( effects to 5.05 and 4.36 )
  • 106229 Permission: Manage Website cannot edit website settings ( effects to 5.05 )
Back

Leave a Comment