Movable Type 4.24: Get Updated With Better Password Recovery

By Anil Dash

We have just made available Movable Type 4.24. This mandatory security release is recommended for all users (see update advisor below), and fixes a significant security issue affecting users of Movable Type Pro or the Movable Type Community Solution, versions 4.0 or greater. In addition to fixing the potential security issue, Movable Type 4.24 introduces a vastly improved password recovery system for all users of Movable Type.

Movable Type Update Advisor: Version 4.24

  • Release Type: Security Release. This update fixes a serious potential vulnerability which has not yet been exploited in the wild.
  • Mandatory? Yes, this is a mandatory security upgrade.
  • Performance Implications: None.
  • Plugins Affected: None. Your current plugins should continue to work as expected.
  • Templates Affected: None.
  • System Requirements: This release has no new or additional system requirements.
  • Licensing considerations: None. MT 4.24 is a free update for users of any version of MT 4.x.
  • Upgrade Fatigue: No further mandatory updates are planned for Movable Type 4.2.

Downloads are available in your account for current customers or through the download page.

Enterprise customers and clients of Six Apart Services should already have received full details on this update from your account representative.

While MT 4.24 is primarily a security fix release, because we had to update some related code, we have also included one of the most-requested features for Movable Type 4.2's community features: Better password recovery.

The old password recovery system for MT required users to remember a password recovery hint which, put simply, was often confusing and ineffective. Instead. with MT 4.24, Movable Type communities now automatically get a standard password recovery system that emails a password reset link to the email address that a user has on file.

We have updated the Movable Type documentation with full instructions on how to reset your password if needed, and upgrading to this new version should automatically enable the new feature with no effort required on your part.