Last week we released Movable Type 4.01 Release Candidate 1. This release contains a number of fixes, but a couple in particular that we feel we should highlight for our users:
- A fix for an XSS vulnerability that affects blogs in which the primary Movable Type application is hosted on a different domain then their blog. The vulnerability results from a commenter name of an authenticated user that contains apostrophes. For users who host their blog and application on different domains, we ask that you please upgrade to 4.01 when it is released.
- A fix for a low-level bug that affects Movable Type's data abstract layer called Data::ObjectDriver. In this bug, any page within the application or on the published blog that needs to compose links to the next and previous entries in a sequence of entries, will result in Movable Type querying and pulling from the database more entries then is technically necessary. This has an adverse affect on performance and memory utilization during publishing operations and page load operations. This bug has the largest impact on large blogs with thousands of entries. For users with blogs of this size we strongly recommend you upgrade.
The rest of the bug fixes are relative minor, but significant to the many, many people who reported them and worked with us to resolve them. A special shout out to Tim Appnel, Michele Neylon, Bud Gibson and a number of our ProNet comrades in Japan who for their detailed bug reports and help in fixing a number of different issues for users and developers.
Finally, we expect to release one more release candidate for Movable Type 4.01 in order to incorporate some final translations that did not make the last release candidate. On the bright side, I suppose we have a good excuse for the missed translations: Maarten Schenk, who is responsible for translating Movable Type into Spanish, German, Dutch and French has been a little busy lately; as Maarten just welcomed his third child into the world. Congratulations to Maarten, his wife, Klaartj, Fien and of course Anna!