Version 3.15 fixes a vulnerability in the mail sending packages for all Movable Type versions in which the user has enabled comment notifications. This vulnerability allows a malicious user to send email through the application to any number of arbitrary users.
All Movable Type users should install this update.
If you already purchased Movable Type, or downloaded the free version, you'll be able to download the new release for free from your Movable Type account.
For those users who don't want to do a full upgrade just yet, we are also making this fix available in the form of a plugin: zip (1K) or tar/gz (1K) archive. This plugin is compatible with all 3.x versions as well as v2.661 (and perhaps even older versions although they haven't been tested) and affords your installation the same exact protections as v3.15 provides.
Full details of the release changes can be found in the changelog.
We apologize for this oversight and thank you for being patient. You can bet we like spammers less than you do.