We are releasing Movable Type 6.0.8 and 5.2.13 as mandatory security updates. These updates resolved security-related issue discovered in all previous versions of Movable Type 6 and Movable Type 5. We strongly recommend upgrading to the newest version.
Details of the security updates
In previous versions, including the Movable Type 6.0.6 and 5.2.11 are susceptible to Remote Code Execution vulnerability. It allows an attacker is able to run any perl script on the web server. (CVE-2015-0845)
Affected versions of Movable Type
- Movable Type Pro 6.0.x
- Movable Type Pro 5.2.x
- Movable Type Open Source (MTOS) 5.2.x
- Movable Type Advanced 6.0.x, 5.2.x
Steps required to close the security vulneravilities
Please upgrade to the latest versions of Movable Type:
- Movable Type Pro 6.0.8
- Movable Type Pro 5.2.13
- Movable Type Open Source 5.2.13
- Movable Type Advanced 6.0.8
- Movable Type Advanced 5.2.13
Versions that are not affected
- Movable Type Pro 6.1.1
- Movable Type Advanced 6.1.1
Movable Type 6.1.1 is already solved this issue.
Movable Type 5.0x and 5.1x has reached End of Life and is no longer supported. For users that are running any version of 5.0x and 5.1x, please upgrade to Movable Type 5.2.13, which is available at no additional charge to paid licensees of Movable Type 5 or users of Movable Type Open Source.
Availability of updated versions of Movable Type
Movable Type Pro / Advanced 6.0.8, Movable Type Pro, Advanced, and Enterprise 5.2.13 are available through the Movable Type Software Repository Server. That server is located at https://mtuser.sixapart.jp/en/.
Movable Type Open Source 5.2.13 are available on download site.