Movable Type 5.1 and 5.05, 4.36 Security Updates

By Jun Kaneko

After three months of the beta testing, the official release of the Movable Type 5.1 is now ready to download. Movable Type 4.36 and 5.05 are also released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.

About Movable Type 5.1

Please see the following links for details.

Movable Type 5.1 includes a lot of feedback, patches and contributions from our community. Thank you very much for all of your help !

Movable Type 4.36 and 5.05 Security Updates

The impact of the vulnerabilities

A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.36
  • Movable Type Open Source 5.05
  • Movable Type Open Source 5.1
  • Movable Type 4.36( with Professional Pack, Community Pack)
  • Movable Type 5.05( with Professional Pack, Community Pack)
  • Movable Type 5.1( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.36
  • Movable Type Advanced 5.1

Special thanks to Alfasado, Eldar Marcussen and other reporters for reporting these security issues.

Download

(What is the difference?)

Installation/upgrade instructions