Movable Type 3.33/MT Enterprise 1.03 released
Today we are releasing required updates for both Movable Type and Movable Type Enterprise to fix a number of vulnerabilities affecting all previous versions of the platform. The current status of our security update process:
- This is a mandatory update due to the severity of the combined vulnerabilities.
- These vulnerabilities were discovered by our own team during a routine security evaluation.
- There are currently no known malicious exploits targeting Movable Type for these issues.
- We will be disclosing full details of the vulnerabilities on our Professional Network blog in a couple of days allowing you to update in the meantime without incurring unnecessary risk.
Getting The Updated Code
The product security updates are available for free to all users immediately in the following forms:
- A full downloadable version of Movable Type 3.33 and Movable Type Enterprise 1.03, accessible from your Movable Type account.
- For advanced/experienced users: Patch distributions for v3.2 and v3.32 including only the changed files are provided in the post on our Professional Network blog.
If you are running a version of Movable Type older than 3.2, it is especially imperative that you to migrate immediately to version 3.33 due to the importance of fixes for the current issues as well as several significant security enhancements which have been made since your version was released.
Just as a reminder -- Movable Type is now free for personal use, and if you have questions about a paid support license or a commercial use license, please feel free to get in touch. (In short: Don't let a license question keep you from securing your server.)
While we strive to make sure the Movable Type platform is as secure and reliable as possible, software development always means having to make updates and improvements. We sincerely apologize for the inconvenience of having to update your blogging platform, and as a result have tried to make this process as straightforward as possible.