このページは大阪弁化フィルタによって翻訳生成されたんですわ。

翻訳前ページへ
Movable Type: MT News Blog
The Wayback Machine - http://web.archive.org/web/20120713065249/http://www.movabletype.com:80/blog/
Jul 5 2012

Movable Type 5.2 Beta Test Started

By Nobuhiro Seki

We are very excited to introduce the beginning of the beta test of Movable Type 5.2, our latest and greatest release of our award-winning web publishing platform.

Movable Type has been working on improving security and incorporating new technologies in the last 12 months since the release of Movable Type 5.1, and new features such as wholly renewed Rich Text Editor.

The code and the release note of this beta is available here: Movable Type 5.2 Beta 1

As CEO of Six Apart, I am very pleased to see the new beta release of Movable Type, and committed to the Movable Type community with more investment and resources available in English!

The new beta test is just the beginning, more will be coming in the following months.

Stay tuned!
Nob

May 16 2012

Movable Type 5.14

By Takeshi Nick Osanai

Movable Type 5.14 was released today. This is a bugfix release without new features. It does not contain any security fix. Details about the issues that were fixed can be found in the release note.

Download

(What is the difference?)

Installation/upgrade instructions

Note: if you purchased a Movable Type license you can also purchase our installation or upgrade service and have all the work done by our excellent support team.

Mar 1 2012

Movable Type 5.13, 5.07, and 4.38 patch to fix the plugin template load error

By Jun Kaneko

Note : This patch was updated on the 5th of March, 2012 after the initial release on the 1st of March. If you still see the "Template load error" after applying the initial patch, please download again and re-apply the patch.

Thanks to the community feedback, we found an issue in Movable Type 5.13, 5.07, and 4.38 Security Updates and created a patch to resolve it. Due to the more strict policy in 5.13, 5.07 and 4.38, some plugins produce the "Template load error". There are two ways to resolve this error:

It is recommended to (1) fix the plugin because AllowFileInclude weakens the protection against malicious plugins and templates. Please do not forget to disable AllowFileInclude directive once you update your plugin to the fixed version.

Please refer to the following pages for details.

If you are not seeing this "Template load error" after your upgrade, you don't need to apply this patch. This patch will be included in the next release of Movable Type.

Feb 21 2012

Movable Type 5.13, 5.07, and 4.38 Security Updates

By Jun Kaneko

Movable Type 5.13, 5.07, and 4.38 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. The vulnerabilities were found as a result of our internal security audit, except the one reported from Trustwave (TWSL2012-002). All users must upgrade to this latest release immediately.

Impact

5.13, 5.07, and 4.38 address the multiple vulnerabilities including:

  • OS Command Injection exists in the file management system, the most serious of which may lead to arbitrary OS command execution by a user who has a permission to sign-in to the admin script and also has a permission to upload files.
  • Session Hijack and CSRF exist in the commenting and the community script. A remote attacker could hijack the user session or could execute arbitrary script code on victim's browser under the certain circumstances.
  • XSS exists in templates where the variables are not escaped properly. A remote attacker could inject client-side script into web pages viewed by other users.
  • XSS exists in mt-wizard.cgi. This vulnerability was reported by Trustwave (Trustwave's SpiderLabs Security Advisory TWSL2012-002)

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.38
  • Movable Type Open Source 5.07
  • Movable Type Open Source 5.13
  • Movable Type 4.38( with Professional Pack, Community Pack)
  • Movable Type 5.07( with Professional Pack, Community Pack)
  • Movable Type 5.13( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.38
  • Movable Type Advanced 5.13

Here are the release notes for this release.

Upgrading to Movable Type 5.13, 5.07, or 4.38

Download

You can download the latest packages from these sites ( What is the difference? ).

Firstly, follow the instructions found in Movable Type's upgrade guide to upgrade your Movable Type installation.

Refresh Templates

As a result of security fixes in Movable Type 5.13, 5.06 and 4.38, some of the global templates and JavaScript template in each blog were updated. You need to refresh those templates to comment or to use Community features once you upgrade to Movable Type 5.13, 5.07, 4.38, or later version. Please refer to the following documentation.

Here are the details of template changes.

Changes in Movable Type 5.13, 5.07, and 4.38

You can see the complete list of fixed bugs at this FogBugz page.

Following significant changes have been made in Movable Type 5.13, 5.07, and 4.38.

New features in Movable Type 5.13

Supported Browsers

Movable Type 5.13 supports the following browsers and versions.

  • Internet Explorer 9
  • Firefox latest
  • Safari latest

Security Enhancements

Movable Type 5.13 introduces the following security features.

  • Account and IP Lockout
    Account lockout is a feature to protect your Movable Type account from a password-guessing attack known as a brute force attack or a dictionary attack. Movable Type locks out accounts after defined number of incorrect password attempts.
  • Changing Password Validation Rules
    A system administrator can set password validation policies to let users to use stronger passwords.
  • Stronger Password Encryption
Jun 22 2011

Movable Type 5.12, 5.06, and 4.37 Security Updates

By Jun Kaneko

Movable Type 5.12, 5.06, and 4.37 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. All users must upgrade to this latest release immediately.

The impact of the vulnerabilities

Under certain circumstances, a user who has "Create Entries" or "Manage Blog" pemissions may be able to read known files on the local file system.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.37
  • Movable Type Open Source 5.06
  • Movable Type Open Source 5.12
  • Movable Type 4.37( with Professional Pack, Community Pack)
  • Movable Type 5.06( with Professional Pack, Community Pack)
  • Movable Type 5.12( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.37
  • Movable Type Advanced 5.12

Download

(What is the difference?)

Installation/upgrade instructions

Fixed issues

The following issues were fixed in MT5.12.

  • 106303 Published URL was changed after upgrading to 5.1x

The following issues were fixed in Movable Type 5.12, 5.06, and 4.37.

  • 106307 Permission error when saving custom fields settings without a system administration privilege
Subscribe to this blog's feed
[What is this?]

Recent Posts

Categories

Monthly Archives