Movable Type versions 6.0.6, 5.2.11 and 5.18 were released as mandatory security updates. These updates resolve a vulnerability discovered in Movable Type’s XML-RPC interface (CVE-2014-9057). All users should upgrade to this latest release immediately.
Please see Securing Movable Type for additional steps to protect your installation.
Please review the Movable Type release notes to see everything that was added and improved since the version you are currently using. Also review the known issues sections in case there are items of which you should be aware before upgrading.
If you have an existing Movable Type 6 license, you can download the latest Movable Type from our download portal using your Six Apart ID.
Patches for 6.0.6 / 5.2.11 / 5.18
“Invalid parameter” error appears when you using Windows Live Writer. A patch for this issue was subsequently release Dec 24, 2014. Please download the version that corresponds to your version of Movable Type:
- 6.0.6: MT-6.0.6-xmlrpc-post-error.zip
- 5.2.11: MT-5.2.11-xmlrpc-post-error.zip
- 5.18: MT-5.18-xmlrpc-post-error.zip
Install the patch by extracting the archive contents on top of the Movable Type installation folder, resulting in lib/MT/XMLRPCSeerver.pm getting replaced with the patched version.
Note this issue only affects Movable Type versions 6.0.6, 5.2.11 and 5.18. It does not affect versions 6.0.5, 5.2.10, 5.17 and prior versions.