We are releasing Movable Type 6.2.6 and 6.1.3 as mandatory security updates. These updates resolve security-related issues discovered in all previous versions of Movable Type 6. We highly recommend upgrading to the latest version.
Please see Securing Movable Type for additional steps to protect your installation.
DETAILS OF THE SECURITY UPDATES
Previous versions, including Movable Type 6.2.4 and 6.1.2, are susceptible to SQL injection attacks via XML-RPC interface.
AFFECTED VERSIONS OF MOVABLE TYPE
- Movable Type Pro 6.0.x, 6.1.x, 6.2.x
- Movable Type Advanced 6.0.x, 6.1.x, 6.2.x
STEPS REQUIRED TO CLOSE THE SECURITY VULNERABILITIES
Please upgrade to the latest versions of Movable Type:
- Movable Type Pro 6.2.6
- Movable Type Pro 6.1.3
- Movable Type Advanced 6.2.6
- Movable Type Advanced 6.1.3
Please review the Movable Type release notes to see everything that was added and improved since the version you are currently using. Also, review the known issues sections in case there are items of which you should be aware before upgrading.
If you have an existing Movable Type 6 license, you can download the latest Movable Type from our download portal using your Six Apart ID.