Movable Type 5.12, 5.06, and 4.37 Security Updates

By Jun Kaneko

Movable Type 5.12, 5.06, and 4.37 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. All users must upgrade to this latest release immediately.

The impact of the vulnerabilities

Under certain circumstances, a user who has "Create Entries" or "Manage Blog" pemissions may be able to read known files on the local file system.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.37
  • Movable Type Open Source 5.06
  • Movable Type Open Source 5.12
  • Movable Type 4.37( with Professional Pack, Community Pack)
  • Movable Type 5.06( with Professional Pack, Community Pack)
  • Movable Type 5.12( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.37
  • Movable Type Advanced 5.12

Download

(What is the difference?)

Installation/upgrade instructions

Fixed issues

The following issues were fixed in MT5.12.

  • 106303 Published URL was changed after upgrading to 5.1x

The following issues were fixed in Movable Type 5.12, 5.06, and 4.37.

  • 106307 Permission error when saving custom fields settings without a system administration privilege