Dec 5 2012

Movable Type 5.2.2

« Previous | News Blog By Takeshi Nick Osanai

This release is the most up to date version of Movable Type 5.2, originally released in September. This release features 2 previously unreleased functions.

For more information on bug fixes, please refer to the following release notes:

About the New Functions

Boilerplate Function

The boilerplate text function lets users register often repeated text, such as for event announcements, which can then be recalled and inserted in blog entries. Boilerplate can be pre-formatted using Markdown or the Rich Text Editor.

For more information on using the boilerplate function, please refer to the manual below:

New Theme: Rainier

The new blog theme, "Rainier" is now available for use with Movable Type.

"Rainier" is a multi-device compatible theme based on Media Queries (CSS). "Rainier" offers header banner and navigation customization options.

Key Features

  • Ability to evaluate the user's access method and automatically changes site design to best match the user's environment
  • Customizable thumbnail image used when sharing your website on Facebook or other social media related sites
  • Blog entry summary list pagination (divided into 10 entries per page)
  • Bread crumb navigation
  • Ability to preview blog posts before posting, as well as easily edit their appearance
  • Multi-device compatibility via Media Queries for Classic Blog designs (such as the Cityscape series and the Minimalist series)

For more information on using "Rainier", please refer to the manual below:

Sep 26 2012

Movable Type 5.2

« Previous | News Blog | Next » By Takeshi Nick Osanai

Website Publishing Platform Raises the Bar
on Your Web Experience


New York, N.Y. - September 26th, 2012 - Movable Type, a world leading online publishing platform, is scheduled to release the most advanced version of their software, Movable Type 5.2, on September 26, 2012. Movable Type 5.2 will be available for purchase on www.MovableType.com.

Movable Type has been a leader in the blogging and web content manage industry since their launch in 2001. Movable Type 5.2 is developed to build upon and continue the evolution of content management and online publishing, taking it to the next level. The software excels at meeting the website content management needs of growing organizations, provides excellent scalability and proven security. Movable Type also serves as a social media platform that enables businesses to create community-driven websites that encourages interaction with and helps brands engage their audiences.

“I am very excited to release Movable Type 5.2. The new advanced features and support for the latest industry technologies, will give our customers and community what they have been asking for” said Nobuhiro Seki, President and CEO at Six Apart.

The new features and improvements in Movable Type 5.2 make it one of the easiest and most powerful ways for individuals and businesses to build their online presence, and scale those initiatives as their business grows.

New Features Include:

  • New Rich Text Editor - making it easier for everyone to contribute and manage content.
  • New Security Features - to instill confidence in your online web presence
  • New Added Support for - PSGI and Nginx

About Six Apart:

Based in Tokyo, Japan, Six Apart, Ltd. is at the forefront of online publishing and social engagement. Six Apart was formed in 2001 as one of the first blog solution provider in the US, and has changed the way millions of individuals, organizations, and corporations connect and communicate across the world. In January 2011, Infocom, a Japanese IT company listed on the Tokyo Stock Exchange, wholly acquired Six Apart. For more information on Six Apart Ltd., visit the corporate web site at http://www.sixapart.com or for more information on Infocom visit http://www.infocom.co.jp/english/aboutus/group/index.html.

Press Contact:
Six Apart North America
Robert Minton
Phone: 215-321-3260
rminton@sixapart.com
May 16 2012

Movable Type 5.14

« Previous | News Blog | Next » By Takeshi Nick Osanai

Movable Type 5.14 was released today. This is a bugfix release without new features. It does not contain any security fix. Details about the issues that were fixed can be found in the release note.

Download

(What is the difference?)

Installation/upgrade instructions

Note: if you purchased a Movable Type license you can also purchase our installation or upgrade service and have all the work done by our excellent support team.

Mar 1 2012

Movable Type 5.13, 5.07, and 4.38 patch to fix the plugin template load error

« Previous | News Blog | Next » By Jun Kaneko

Note : This patch was updated on the 5th of March, 2012 after the initial release on the 1st of March. If you still see the "Template load error" after applying the initial patch, please download again and re-apply the patch.

Thanks to the community feedback, we found an issue in Movable Type 5.13, 5.07, and 4.38 Security Updates and created a patch to resolve it. Due to the more strict policy in 5.13, 5.07 and 4.38, some plugins produce the "Template load error". There are two ways to resolve this error:

It is recommended to (1) fix the plugin because AllowFileInclude weakens the protection against malicious plugins and templates. Please do not forget to disable AllowFileInclude directive once you update your plugin to the fixed version.

Please refer to the following pages for details.

If you are not seeing this "Template load error" after your upgrade, you don't need to apply this patch. This patch will be included in the next release of Movable Type.

Feb 21 2012

Movable Type 5.13, 5.07, and 4.38 Security Updates

« Previous | News Blog | Next » By Jun Kaneko

Movable Type 5.13, 5.07, and 4.38 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. The vulnerabilities were found as a result of our internal security audit, except the one reported from Trustwave (TWSL2012-002). All users must upgrade to this latest release immediately.

Impact

5.13, 5.07, and 4.38 address the multiple vulnerabilities including:

  • OS Command Injection exists in the file management system, the most serious of which may lead to arbitrary OS command execution by a user who has a permission to sign-in to the admin script and also has a permission to upload files.
  • Session Hijack and CSRF exist in the commenting and the community script. A remote attacker could hijack the user session or could execute arbitrary script code on victim's browser under the certain circumstances.
  • XSS exists in templates where the variables are not escaped properly. A remote attacker could inject client-side script into web pages viewed by other users.
  • XSS exists in mt-wizard.cgi. This vulnerability was reported by Trustwave (Trustwave's SpiderLabs Security Advisory TWSL2012-002)

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.38
  • Movable Type Open Source 5.07
  • Movable Type Open Source 5.13
  • Movable Type 4.38( with Professional Pack, Community Pack)
  • Movable Type 5.07( with Professional Pack, Community Pack)
  • Movable Type 5.13( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.38
  • Movable Type Advanced 5.13

Here are the release notes for this release.

Upgrading to Movable Type 5.13, 5.07, or 4.38

Download

You can download the latest packages from these sites ( What is the difference? ).

Firstly, follow the instructions found in Movable Type's upgrade guide to upgrade your Movable Type installation.

Refresh Templates

As a result of security fixes in Movable Type 5.13, 5.06 and 4.38, some of the global templates and JavaScript template in each blog were updated. You need to refresh those templates to comment or to use Community features once you upgrade to Movable Type 5.13, 5.07, 4.38, or later version. Please refer to the following documentation.

Here are the details of template changes.

Changes in Movable Type 5.13, 5.07, and 4.38

You can see the complete list of fixed bugs at this FogBugz page.

Following significant changes have been made in Movable Type 5.13, 5.07, and 4.38.

New features in Movable Type 5.13

Supported Browsers

Movable Type 5.13 supports the following browsers and versions.

  • Internet Explorer 9
  • Firefox latest
  • Safari latest

Security Enhancements

Movable Type 5.13 introduces the following security features.

  • Account and IP Lockout
    Account lockout is a feature to protect your Movable Type account from a password-guessing attack known as a brute force attack or a dictionary attack. Movable Type locks out accounts after defined number of incorrect password attempts.
  • Changing Password Validation Rules
    A system administrator can set password validation policies to let users to use stronger passwords.
  • Stronger Password Encryption
Jun 22 2011

Movable Type 5.12, 5.06, and 4.37 Security Updates

« Previous | News Blog | Next » By Jun Kaneko

Movable Type 5.12, 5.06, and 4.37 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. All users must upgrade to this latest release immediately.

The impact of the vulnerabilities

Under certain circumstances, a user who has "Create Entries" or "Manage Blog" pemissions may be able to read known files on the local file system.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.37
  • Movable Type Open Source 5.06
  • Movable Type Open Source 5.12
  • Movable Type 4.37( with Professional Pack, Community Pack)
  • Movable Type 5.06( with Professional Pack, Community Pack)
  • Movable Type 5.12( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.37
  • Movable Type Advanced 5.12

Download

(What is the difference?)

Installation/upgrade instructions

Fixed issues

The following issues were fixed in MT5.12.

  • 106303 Published URL was changed after upgrading to 5.1x

The following issues were fixed in Movable Type 5.12, 5.06, and 4.37.

  • 106307 Permission error when saving custom fields settings without a system administration privilege
Jun 8 2011

Movable Type 5.11 and 5.051, 4.361 Security Updates

« Previous | News Blog | Next » By Jun Kaneko

Movable Type 5.11, 5.051, 4.361 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. All users must upgrade to this latest release immediately.

The impact of the vulnerabilities

A remote attacker could create, read or modify the contents in the system under certain circumstances.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.361
  • Movable Type Open Source 5.051
  • Movable Type Open Source 5.11
  • Movable Type 4.361( with Professional Pack, Community Pack)
  • Movable Type 5.051( with Professional Pack, Community Pack)
  • Movable Type 5.11( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.361
  • Movable Type Advanced 5.11

Download

(What is the difference?)

Installation/upgrade instructions

New features and fixed issues

Please see the release notes for new features and fixed issues in Movable Type 5.11, 5.051, and 4.361.

May 24 2011

Movable Type 5.1 and 5.05, 4.36 Security Updates

« Previous | News Blog | Next » By Jun Kaneko

After three months of the beta testing, the official release of the Movable Type 5.1 is now ready to download. Movable Type 4.36 and 5.05 are also released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.

About Movable Type 5.1

Introducing Movable Type 5.1
View more presentations from Six Apart KK

Please see the following links for details.

Movable Type 5.1 includes a lot of feedback, patches and contributions from our community. Thank you very much for all of your help !

Movable Type 4.36 and 5.05 Security Updates

The impact of the vulnerabilities

A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.36
  • Movable Type Open Source 5.05
  • Movable Type Open Source 5.1
  • Movable Type 4.36( with Professional Pack, Community Pack)
  • Movable Type 5.05( with Professional Pack, Community Pack)
  • Movable Type 5.1( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.36
  • Movable Type Advanced 5.1

Special thanks to Alfasado, Eldar Marcussen and other reporters for reporting these security issues.

Download

(What is the difference?)

Installation/upgrade instructions

Apr 20 2011

Movable Type 5.1 RC1

« Previous | News Blog | Next » By Jun Kaneko

The Movable Type 5.1 RC1 is now available to download. In Release Candidate 1, the development team has implemented all new features and fixed major bugs. If we don't find any new issues at the following regression test (and your feedback is also crucial at this final momement), Movable Type 5.1 will be ready to ship around the end of May. Please check the 5.1 schedule wiki for updates toward the production release !

Here is the release notes for Movable Type 5.1 RC1. Please note that minor cases are not listed here, please see FogBugz for all cases.

For more details:

Reporting Bugs

Your feedback is important to get Movable Type 5.1 ready for the final release. Without your feedback, it is almost impossible for developers to test the software in all of the various conditions that might occur. So please don't hesitate to create a new case.

We look forward to hearing from you !

Dec 7 2010

Movable Type 5.04 and 4.35 Security Update

« Previous | News Blog | Next » By Jun Kaneko

Movable Type 5.04 and Movable Type 4.35 were released today. These are mandatory security updates for all users. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x.

Impact

A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.35
  • Movable Type Open Source 5.04
  • Movable Type 4.35( with Professional Pack, Community Pack)
  • Movable Type 5.04( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.35
« Fixes | Main Index | Archives | News »