April 14, 2015
Movable Type 6.0.8 and 5.2.13 released to close security vulnerability
By Yuji Takayama and posted in News.
We are releasing Movable Type 6.0.8 and 5.2.13 as mandatory security updates. These updates resolved security-related issue discovered in all previous versions of Movable Type 6 and Movable Type 5. We strongly recommend upgrading to the newest version. Details of the security updates In previous versions, including the Movable Type 6.0.6 and 5.2.11 are susceptible to Remote Code Execution vulnerability. It allows an attacker is able to run any perl script on the web server. (CVE-2015-0845) Affected versions of Movable Type Movable Type Pro 6.0.x Movable Type Pro 5.2.x Movable Type Open Source (MTOS) 5.2.x Movable Type Advanced 6.0.x, 5.2.x Steps required to close the security vulneravilities Please upgrade to the latest versions of Movable Type: Movable Type Pro 6.0.8 Movable Type Pro 5.2.13 Movable Type Open Source 5.2.13 Movable Type Advanced 6.0.8 Movable Type Advanced 5.2.13 Versions that are not affected Movable Type Pro 6.1.1 Movable Type Advanced 6.1.1 Movable Type 6.1.1 is already solved this issue. Warnings Movable Type 5.0x and 5.1x has reached End of Life and is no longer supported. For users that are running any version of 5.0x and 5.1x, please upgrade to Movable Type 5.2.13, which is available at no additional charge to paid…
Read More
February 11, 2015
Movable Type 6.0.7 and 5.2.12 released to close security vulnerability
By Yuji Takayama and posted in News.
We are releasing Movable Type 6.0.7 and 5.2.12 as mandatory security updates. These updates resolved security-related issue discovered in all previous versions of Movable Type 6 and Movable Type 5. We strongly recommend upgrading to a modified version.
Read More
May 15, 2014
Securing Movable Type
By Charlie Gorichanaz and posted in Security.
Data security is an increasingly important topic, and while Movable Type has a strong track record, there are steps you can take to harden your system.
To make this as straightforward as possible, we created the document “Securing Movable Type” to gather some important strategies in one place. Please review it and consider how you or your organization can improve security.
Read More
November 15, 2013
Movable Type 6.0.1, 5.2.9, and 5.161 Released to Close Security Vulnerabilities
By Dave Aiello and posted in News.
We are releasing Movable Type 6.0.1, 5.2.9, and 5.161 as mandatory security updates. These updates resolve multiple security-related issues discovered in all previous versions of Movable Type 6 and Movable Type 5.
Read More
June 8, 2011
Movable Type 5.11 and 5.051, 4.361 Security Updates
By Jun Kaneko and posted in News.
Movable Type 5.11, 5.051, 4.361 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. All users must upgrade to this latest release immediately. The impact of the vulnerabilities A remote attacker could create, read or modify the contents in the system under certain circumstances. Versions Affected Movable Type Open Source 4.x Movable Type Open Source 5.x Movable Type 4.x ( with Professional Pack, Community Pack ) Movable Type 5.x ( with Professional Pack, Community Pack ) Movable Type Enterprise 4.x Solution Please upgrade to the latest versions of Movable Type 4 or Movable Type 5. Movable Type Open Source 4.361 Movable Type Open Source 5.051 Movable Type Open Source 5.11 Movable Type 4.361( with Professional Pack, Community Pack) Movable Type 5.051( with Professional Pack, Community Pack) Movable Type 5.11( with Professional Pack, Community Pack) Movable Type Enterprise 4.361 Movable Type Advanced 5.11 Download Download Movable Type Open Source Download Movable Type Pro Download other packages (including MT5.051) (What is the difference?) Installation/upgrade instructions Installation guide Upgrade guide New features and fixed issues Please see the release notes for new features and fixed issues in Movable Type 5.11, 5.051,…
Read More
May 11, 2010
Movable Type 5.02
By Maarten Schenk and posted in MT5.
Movable Type 5.02 was released by Six Apart today. This is strictly a bugfix release without new features. It contains fixes for a number of issues including one security vulnerability. It is highly recommended that all users of Movable Type 5.x upgrade their installations, especially the ones with multiple users. Details about the issues that were fixed can be found in the release notes. You may note that the release notes are unusually long this time: the focus of this release was on fixing as many bugs and issues as possible before working on new features for the coming releases (we will tell you more about these soon). We would like to thank everybody in the Movable Type community who submitted bug reports, feature requests and other feedback. Your efforts have made this release possible! Downloads Download Movable Type (Open Source) Download Movable Type Pro (What is the difference?) Installation/upgrade instructions Installation guide Upgrade guide Note: if you purchased a Movable Type license you can also purchase our installation or upgrade service and have all the work done by our excellent support team. Found a bug? Need a feature? To avoid duplication of efforts, search existing bugs or feature requests…
Read More
December 3, 2008
MT 4.23 is now out
By Chris Ernest Hall and posted in News.
In case you missed the announcement post on mt.com, yesterday evening we released Movable Type 4.23. Much thanks to the community members who submitted bug reports and code patches that contributed to this release. More details can be found on the change log, or you can just use the following direct download links to get MTOS 4.23:MTOS-4.23-en.tar.gzMTOS-4.23-en.zipPlease note that this is a mandatory security upgrade due to the fixes for XSS vulnerabilities that it includes….
Read More
August 8, 2008
Movable Type 4.2 RC5 and Security Updates
By Byrne Reese and posted in Security.
We’ve mentioned it on the Movable Type product site, but we’re proud that MT has a history of being one of the most secure publishing platforms around. So a big part of our effort in creating Movable Type 4.2 has been around ensuring that it’s our most secure release ever. And along the way, we’ve made some changes that will even improve security for older versions of MT. Today we release Movable Type 4.2 Release Candidate 5, the last planned release candidate for this version of Movable Type before its final release, and the culmination of the largest security evaluation effort ever for our platform, and possibly for any installable blogging platform. The diligent work of our team, joined by community contributors around the world, has found a few areas where we’ve been able to make Movable Type even more secure. In the case of Movable Type 4.2, that means its forthcoming final release will be the most secure version of MT ever. In the case of earlier releases, it means we’ll be providing updates to remedy these potential security vulnerabilities. It’s important to note that there are no known exploits of these issues, but we’ve chosen to preemptively address…
Read More
June 20, 2008
Movable Type Security Update for 4.0 and 4.1
By Byrne Reese and posted in Security.
Cross posted from the announcement found at the Official Movable Type News blog: Today we are releasing Movable Type 4.01b and Movable Type 4.12. These are free mandatory security updates for all Movable Type 4.x users. These updates resolve a vulnerability which has not been exploited, but was reported to us by a third party on June 16. We have addressed the issue with these updates, and are providing new, fully-tested versions for all affected versions of Movable Type in all supported configurations. A detailed description of the vulnerability can be found below, but in short a cross-site scripting (XSS) vulnerability has been found in Movable Type’s built-in search feature, which could be exploited by malicious parties to execute javascript without permission. We have no record of a user having been affected by this vulnerability, and there are no known public exploits. The release candidates of Movable Type 4.2, currently in testing, Movable Type 3.36 and Movable Type Enterprise 1.5 are all unaffected by this issue. Here’s the Update Advisor, which summarizes the issues found and provides a guide for updating your installation of Movable Type. Movable Type Update Advisor: Version 4.01b and 4.12: Release Type: Security Release. The potential…
Read More
