Jun 22 2011

Movable Type 5.12, 5.06, and 4.37 Security Updates

« Previous | News Blog By Jun Kaneko

Movable Type 5.12, 5.06, and 4.37 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. All users must upgrade to this latest release immediately.

The impact of the vulnerabilities

Under certain circumstances, a user who has "Create Entries" or "Manage Blog" pemissions may be able to read known files on the local file system.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.37
  • Movable Type Open Source 5.06
  • Movable Type Open Source 5.12
  • Movable Type 4.37( with Professional Pack, Community Pack)
  • Movable Type 5.06( with Professional Pack, Community Pack)
  • Movable Type 5.12( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.37
  • Movable Type Advanced 5.12

Download

(What is the difference?)

Installation/upgrade instructions

Fixed issues

The following issues were fixed in MT5.12.

  • 106303 Published URL was changed after upgrading to 5.1x

The following issues were fixed in Movable Type 5.12, 5.06, and 4.37.

  • 106307 Permission error when saving custom fields settings without a system administration privilege
Jun 8 2011

Movable Type 5.11 and 5.051, 4.361 Security Updates

« Previous | News Blog | Next » By Jun Kaneko

Movable Type 5.11, 5.051, 4.361 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. All users must upgrade to this latest release immediately.

The impact of the vulnerabilities

A remote attacker could create, read or modify the contents in the system under certain circumstances.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.361
  • Movable Type Open Source 5.051
  • Movable Type Open Source 5.11
  • Movable Type 4.361( with Professional Pack, Community Pack)
  • Movable Type 5.051( with Professional Pack, Community Pack)
  • Movable Type 5.11( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.361
  • Movable Type Advanced 5.11

Download

(What is the difference?)

Installation/upgrade instructions

New features and fixed issues

Please see the release notes for new features and fixed issues in Movable Type 5.11, 5.051, and 4.361.

May 24 2011

Movable Type 5.1 and 5.05, 4.36 Security Updates

« Previous | News Blog | Next » By Jun Kaneko

After three months of the beta testing, the official release of the Movable Type 5.1 is now ready to download. Movable Type 4.36 and 5.05 are also released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.

About Movable Type 5.1

Introducing Movable Type 5.1
View more presentations from Six Apart KK

Please see the following links for details.

Movable Type 5.1 includes a lot of feedback, patches and contributions from our community. Thank you very much for all of your help !

Movable Type 4.36 and 5.05 Security Updates

The impact of the vulnerabilities

A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.36
  • Movable Type Open Source 5.05
  • Movable Type Open Source 5.1
  • Movable Type 4.36( with Professional Pack, Community Pack)
  • Movable Type 5.05( with Professional Pack, Community Pack)
  • Movable Type 5.1( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.36
  • Movable Type Advanced 5.1

Special thanks to Alfasado, Eldar Marcussen and other reporters for reporting these security issues.

Download

(What is the difference?)

Installation/upgrade instructions

Apr 20 2011

Movable Type 5.1 RC1

« Previous | News Blog | Next » By Jun Kaneko

The Movable Type 5.1 RC1 is now available to download. In Release Candidate 1, the development team has implemented all new features and fixed major bugs. If we don't find any new issues at the following regression test (and your feedback is also crucial at this final momement), Movable Type 5.1 will be ready to ship around the end of May. Please check the 5.1 schedule wiki for updates toward the production release !

Here is the release notes for Movable Type 5.1 RC1. Please note that minor cases are not listed here, please see FogBugz for all cases.

For more details:

Reporting Bugs

Your feedback is important to get Movable Type 5.1 ready for the final release. Without your feedback, it is almost impossible for developers to test the software in all of the various conditions that might occur. So please don't hesitate to create a new case.

We look forward to hearing from you !

Dec 7 2010

Movable Type 5.04 and 4.35 Security Update

« Previous | News Blog | Next » By Jun Kaneko

Movable Type 5.04 and Movable Type 4.35 were released today. These are mandatory security updates for all users. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x.

Impact

A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.35
  • Movable Type Open Source 5.04
  • Movable Type 4.35( with Professional Pack, Community Pack)
  • Movable Type 5.04( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.35
Oct 5 2010

Movable Type 5.031

« Previous | News Blog | Next » By Jun Kaneko | Comments (2)

Movable Type 5.031 was released today. This is a bugfix release without new features. It does not contain a security fix. Movable Type 5.031 fixed an issue in 5.03.

  • 104608 : "Script Error" occurs when opening the "rebuild_confirm" screen in some hosting environments.

Download

(What is the difference?)

Installation/upgrade instructions

Note: if you purchased a Movable Type license you can also purchase our installation or upgrade service and have all the work done by our excellent support team.

Found a bug? Need a feature?

  1. To avoid duplication of efforts, search existing bugs or feature requests (from the feedback page) before submitting a new bug.
  2. Head over to the bug report/feature request form and let us know!
Sep 26 2010

Movable Type will Continue Evolving !

« Previous | News Blog | Next » By Jun Kaneko | Comments (6)

After the recent announcement about Six Apart, some of you might have been wondering about the future of Movable Type. We can be very clear about that: of course we will continue development and support of this platform that now has a decade of history behind it.

  • Movable Type 4 remains rock-solid blogging software for all uses.
  • Movable Type 5 is a new step up for managing multiple sites.
  • Melody is driven by the most enthusiastic community of bleeding-edge developers.

All this software shares the same root: Movable Type, the publishing platform.

Movable Type 5.1 is in the final development phase, we are anticipating a Beta release early this winter. We are also planning another 4.x release to keep this mature branch up to date.

All these developments are open to the public. You can check our daily activities on FogBugz and in our code repositories. And just like every open source project, we appreciate your help to make Movable Type (even) Better !

Sep 8 2010

Movable Type 5.03

« Previous | News Blog | Next » By Jun Kaneko | Comments (2)

Movable Type 5.03 was released today. This is a bugfix release without new features. It does not contain any security fix. Details about the issues that were fixed can be found in the release note.

Download

(What is the difference?)

Installation/upgrade instructions

Note: if you purchased a Movable Type license you can also purchase our installation or upgrade service and have all the work done by our excellent support team.

Found a bug? Need a feature?

  1. To avoid duplication of efforts, search existing bugs or feature requests (from the feedback page) before submitting a new bug.
  2. Head over to the bug report/feature request form and let us know!
May 11 2010

Movable Type 5.02

« Previous | News Blog | Next » By Jun Kaneko | Comments (4)

Movable Type 5.02 was released by Six Apart today. This is strictly a bugfix release without new features. It contains fixes for a number of issues including one security vulnerability. It is highly recommended that all users of Movable Type 5.x upgrade their installations, especially the ones with multiple users.

Details about the issues that were fixed can be found in the release notes.

You may note that the release notes are unusually long this time: the focus of this release was on fixing as many bugs and issues as possible before working on new features for the coming releases (we will tell you more about these soon). We would like to thank everybody in the Movable Type community who submitted bug reports, feature requests and other feedback. Your efforts have made this release possible!

Downloads

(What is the difference?)

Installation/upgrade instructions

Note: if you purchased a Movable Type license you can also purchase our installation or upgrade service and have all the work done by our excellent support team.

Found a bug? Need a feature?

  1. To avoid duplication of efforts, search existing bugs or feature requests (from the feedback page) before submitting a new bug.
  2. Head over to the bug report/feature request form and let us know!
Jan 5 2010

Introducing Movable Type 5

« Previous | News Blog | Next » By Ginger Tulley | Comments (38)

We’re pleased to announce the availability of Movable Type 5 in the US and Europe today.

Thumbnail image for MT5 logo.jpgMovable Type 5 takes a new approach to social publishing by starting with a website and adding blogs. This is in response to an increasing number of customers who've added their Movable Type blogs to existing websites, or who've used the Page feature to assemble a full website with blogs to quickly and easily update their content.

Movable Type 5 is designed to make it easier than ever to build an integrated social presence on the web, complete with an all-in-one social website.

The goal of Movable Type 5 is to give businesses, organizations and individuals a single, unified software package with integrated website and blog capabilities.  It's been enhanced for the easy creation, administration and management of websites and blogs - all from a single user dashboard.

Intro MT5.jpgHere are some of the new and improved features in MT5:

  • A new user dashboard for both the website and blogs. This makes it easy for authors, editors, designers and other publishers to easily navigate between the two.
  • A new theme mechanism that makes it easy to apply a new theme across a website and blogs with a single click that proliferates changes throughout the published site.
  • Enhanced content management features that include revision history and new custom fields. There are five new object types for custom fields: website, blog, comment, template and asset.
If you haven't had a look at Movable Type 5 yet, please give it a try and let us know what you think. If you have questions, you might want to check the Pricing and Licensing FAQ or the newly refreshed and enhanced user documentation.

A note to our Movable Type customers who use plugins: Because of UI changes in Movable Type 5, some existing Movable Type plugins may not yet be compatible with Movable Type 5. Documentation on how you can update your plugins for MT5 is coming soon to movabletype.org. In the meantime, we hope you’ll have a look at MT5 and let us know what you think.

A note to our Enterprise customers: We will put Movable Type 5 under extensive scalability and performance testing before we release it in the Enterprise version. This will take several months, so we anticipate its availability later in 2010. Please contact your Six Apart Services representative if you’d like more information.




« MT Newsbox | Main Index | Archives | Press »