We are releasing Movable Type 6.3.6 and 6.2.7 as mandatory security updates. These updates resolve security-related issues discovered in all previous versions of Movable Type 6. We highly recommend upgrading to the latest version.
Please see Securing Movable Type for additional steps to protect your installation.
DETAILS OF THE SECURITY UPDATES
Previous versions, including Movable Type 6.3.5 and 6.2.6, are susceptible to an issue that is the ‘Edit Template’ privilege on websites or blogs may be still enabled even if the ‘Edit Template’ system privilege is revoked from a user.
AFFECTED VERSIONS OF MOVABLE TYPE
- Movable Type Pro all versions
- Movable Type Advanced all versions
STEPS REQUIRED TO CLOSE THE SECURITY VULNERABILITIES
Please upgrade to the latest versions of Movable Type:
- Movable Type Pro 6.3.6
- Movable Type Pro 6.2.7
- Movable Type Advanced 6.3.6
- Movable Type Advanced 6.2.7
* A patch for Movable Type 6.1.x and older versions has not been released because its life cycle is already ended. Please update to latest version.
RELEASE NOTES
Please review the Movable Type release notes to see everything that was added and improved since the version you are currently using. Also, review the known issues sections in case there are items of which you should be aware before upgrading.
DOWNLOAD
If you have an existing Movable Type 6 license, you can download the latest Movable Type from our download portal using your Six Apart ID.
To purchase a new license or an upgrade, please visit MovableType.com for more information, or feel free to contact us if you have any questions.
Yuji is the Movable Type Lead Engineer and Senior Product Manager. I’m worked on Six Apart from 2006.