Last week we released Movable Type 4.01 Release Candidate 1. This release contains a number of fixes, but a couple in particular that we feel we should highlight for our users:
- A fix for an XSS vulnerability that affects blogs in which the primary Movable Type application is hosted on a different domain then their blog. The vulnerability results from a commenter name of an authenticated user that contains apostrophes. For users who host their blog and application on different domains, we ask that you please upgrade to 4.01 when it is released.
- A fix for a low-level bug that affects Movable Type's data abstract layer called Data::ObjectDriver. In this bug, any page within the application or on the published blog that needs to compose links to the next and previous entries in a sequence of entries, will result in Movable Type querying and pulling from the database more entries then is technically necessary. This has an adverse affect on performance and memory utilization during publishing operations and page load operations. This bug has the largest impact on large blogs with thousands of entries. For users with blogs of this size we strongly recommend you upgrade.
The rest of the bug fixes are relative minor, but significant to the many, many people who reported them and worked with us to resolve them. A special shout out to Tim Appnel, Michele Neylon, Bud Gibson and a number of our ProNet comrades in Japan who for their detailed bug reports and help in fixing a number of different issues for users and developers.
Finally, we expect to release one more release candidate for Movable Type 4.01 in order to incorporate some final translations that did not make the last release candidate. On the bright side, I suppose we have a good excuse for the missed translations: Maarten Schenk, who is responsible for translating Movable Type into Spanish, German, Dutch and French has been a little busy lately; as Maarten just welcomed his third child into the world. Congratulations to Maarten, his wife, Klaartj, Fien and of course Anna!
ambs.myopenid.com on September 12, 2007, 11:26 a.m. Reply
Is there any known bug on mt-submit.cgi? Mine is putting my machine down, using all physical memory (3GB) and swap :-S
http://openid.aol.com/sediment99 on September 12, 2007, 12:39 p.m. Reply
Is there a problem with the preview entry functionality in 4.01rc1? After upgrading, the preview frame for an unsaved entry is accessing 2007/09/.html (for example), and for a previously saved entry it accesses the html page of the saved entry, even if it hadn’t been published yet.
How to repeat:
1) Write new entry, but do not save it. 2) Click on Preview. 3) Preview frame is trying to access 2007/09/.html
1) Start new entry with title “Test”, but do not save it. 2) Set status to Unpublished. 3) Save. 4) Click on Preview. 5) Preview frame will try to access the page as 2007/09/test.html, the name it would be saved under for static publishing.
ambs.myopenid.com on September 13, 2007, 10:51 a.m. Reply
Hi, Byrne.
Sorry but I confused the script name. It is mt-comments.cgi that is taking my full memory.
I have two blogs in the same machine. One of them is working quite well (at least I didn’t notice anything) but is very small. The other one which is giving me troubles has about 600 posts and 500 comments.
Thanks for any hint, as I needed to disable the blog for now :(
Cheers
Alberto
Tmaxim on October 9, 2007, 5:14 a.m. Reply
If I knew what CMS you use, probably could help you.
Proflogistics on January 23, 2008, 5:42 a.m. Reply
Release Candidate 2 - Released January 22, 2008
alexa deer on July 16, 2012, 3:25 a.m. Reply
I am going to have a web page on bulgarian. Do you have translation for MT 5 on that language?
Lina Torstein on August 3, 2012, 2:46 a.m. Reply
There is no such translation as far as I know.
Rick Banister on August 30, 2012, 8:20 p.m. Reply
I remember that the problem with a Movable Type application hosted on a different domain then the blog or site was a huge one before this update. When I did it everything run smoothly.
Kelly Crauberg on October 27, 2012, 12:01 a.m. Reply
Hi Byrne, I saw something very interesting to me, an option of Moveable Type about which I didn’t know. You say that you have fix a case where a blog in which the primary Movable Type application is hosted on a different domain then their blog. So, my question is how can I host MT on different domain?
Delano on November 25, 2012, 10:45 p.m. Reply
Movable Type is translated only to six major languages, which in my opinion is serious disadvantage of the platform. However, it is Six Apart’s decision.
Theo Gormeo on December 23, 2012, 8:23 a.m. Reply
Can you please specify where is stored this data abstract layer Data::ObjectDriver. I want to have a deeper look at it. Thank you in advance :)