January 23, 2013
Movable Type 5.2.3
Movable Type 5.2.3 is the latest version of Movable Type and offers patches for an issue found in Movable Type 5.2.2. This release does not include security related patches. Users who have already upgraded to Movable Type 5.2.2 and who use a database other than MySQL, do not need to upgrade to Movable Type 5.2.3. 5.2.3 release notes Released Versions Movable Type Open Source 5.2.3 Movable Type Pro 5.2.3 Movable Type Advanced 5.2.3 Download Download Movable Type Open Source Download Movable Type Pro Download Movable Type Advanced (What is the difference?) Installation/upgrade instructions Installation guide Upgrade guide Note: if you purchased a Movable Type license you can also purchase our installation or upgrade service and have all the work done by our excellent support team….
January 7, 2013
Movable Type 4.38 patch to fix a known upgrading security issue
Six Apart has found a security issue and fixed it in Movable Type 4.2 and MT 4.3. For those of you who use Movable Type 4.2 and 4.3, Six Apart strongly recommends that you upgrade to the latest released version of Movable Type or execute the following steps immediately. This vulnerability does not exist in Movable Type versions 5.0 or later, including the latest Movable Type, version 5.2.2. The Issue Through the upgrade program of MT (mt-upgrade.cgi), OS command injection and SQL injection can be performed, and potentially open a vulnerability. This issue may occur when mt-upgrade.cgi can be executed on the Internet. Versions affected Movable Type 4.2x, 4.3x Movable Type Open Source 4.2x, 4.3x Movable Type Enterprise 4.2x, 4.3x The Fix for Movable Type 4.38 users Six Apart will provide the patch code file for Movable Type 4.38 users. Please download and unzip the patch code file. Download “lib / MT / Upgrade.pm” file from Movable Type in use for backup. Then, upload unzipped Upgrade.pm, and replace it. MT4.38-Upgrade-Patch.zip The Fix for those who cannot apply the patch code file (users who do not use Movable Type 4.38) Those who cannot use the patch code file, please execute…