We are releasing Movable Type 6.0.1, 5.2.9, and 5.161 as mandatory security updates. These updates resolve multiple security-related issues discovered in all previous versions of Movable Type 6 and Movable Type 5.
Details of the Security Updates
These vulnerabilities were reported by a member of the Movable Type community, and were kept confidential until the release of the updated versions of Movable Type.
Affected Versions of Movable Type
- Movable Type Pro 6.0
- Movable Type Pro 5.2.x, 5.1x, 5.0x
- Movable Type Open Source (MTOS) 5.2.x, 5.1x, 5.0x
- Movable Type Advanced / Movable Type Enterprise 5.2.x, 5.1x, 5.0x
Steps Required to Close the Security Vulnerabilities
Please upgrade to the latest versions of Movable Type:
- Movable Type Pro 6.0.1
- Movable Type Pro 5.2.9
- Movable Type Pro 5.161
- Movable Type Open Source 5.2.9
- Movable Type Open Source 5.161
- Movable Type Advanced / Movable Type Enterprise 5.2.9
- Movable Type Advanced / Movable Type Enterprise 5.161
Versions That Are Not Affected
- Movable Type Advanced 6
- Movable Type Enterprise 6
Movable Type Enterprise has not yet been released for Version 6.
- Movable Type 5.0x has reached End of Life and is no longer supported. For users that are running any version of 5.0, please upgrade to Movable Type 5.2.9, which is available at no additional charge to paid licensees of Movable Type 5 or users of Movable Type Open Source.
- Movable Type 4.38 will reach End of Life on December 31, 2013. Users of Movable Type 4.38 and earlier versions are urged to immediately begin planning for an upgrade to Movable Type 5.2.9 or Movable Type 6.0.1 if you wish to continue to have access to security fixes.
Non-Security Issues Fixed in These Releases
110748: [CMS] [Listing] An error occurs when an administrator attempts to delete all members of a website or blog
Availability of Updated Versions of Movable Type
Movable Type Pro 6.01, Movable Type Pro, Advanced, and Enterprise 5.2.9 and 5.161 are available through the Movable Type Software Repository Server. That server is located at https://mtuser.sixapart.jp/en/.
Movable Type Open Source 5.2.9 and 5.161 are available on request. Instructions will be posted on November 18, 2013, or shortly thereafter.