Six Apart released today movable type v6.2.4.
This version includes a security patch which affects movable type v6.2 and movable type v6.2.2.
The issue is involving XSS on the new upload dialog. It is strongly recommended to upgrade your v6.x installation ASAP.
Apart from the security patch, this new version includes lots of other new and improved functions, as well as so many big fixes.
To summarize just a few items:
- an improved new upload screen with the ability to easy cancel uploads;
- an updated Data API (v3, actually v3.1);
- a few new configuration directives;
- the activity log will record blog cloning and category updates;
- assets improvements;
- entries and pages improvements;
- movable type advanced improvements;
- dynamic publishing improvements;
- dashboard improvements;
- themes improvements;
- templates improvements;
- template tags improvements;
- and more.
Here we go with the complete list of the latest development:
Medium: An issue involving XSS on the new upload dialog has been fixed. This issue occurs on 6.2.x versions only.
New & Improved Functions
Improved New Upload Screen
We've revised new upload screen UI to make it easier to use.
The droppable area will be wide
The area that accepts a dropped file was changed to the entire screen or the entire area of ??the modal dialog. The droppable area that displayed on the upload screen has been removed by this change. The droppable area will appear if you drag files.
The waiting files are always displayed on top of the list
The order of upload file list was changed. This change make it possible to cancel uploading easily.
Data API v3
Internal version of the API will be 3.1. The endpoint version is still "/v3/".
New endpoint to get the API version
Added a new endpoint to get the API version that returns endpoint version and internal API version. Your application can judge API version after launching.
The major version of API that used in the endpoint URI.
The internal API version. We bump up the version number if minor change or bug fix occurs.
New resource fields for Sites are available
It is possible to get the value for default upload destination and default upload options that were added in Movable Type 6.2. Please see below for a list of new fields.
Also, please see below for full reference of Data API.
Revised the data format for Date and Time field of CustomFields
In previous versions, the value of Date and Time fields always returned raw data (e.g. 20151218120000) even if the option is specified. Also you should specify the data with the same format for update.
From this version, it will be able to perform the get and set in a format depending on the option.
DATE AND TIME
iso 8601 datetime
New Configuration Directives
BasenameCheckCompat (0 | 1)
If set to 1, MT will perform the duplicate check for basename by combination of folders and basename. The default value is 0 (disabled).
The script name for full text search script. The default value is mt-ftsearch.cgi
- The activity log will be recorded when making a clone of a blog.
- The activity log will be recorded when updating a category.
- Entry graph always appears even if cannot connect to the Google Analytics.
- The "date and time" field type with a value of empty now sets value as "null" instead of "0000-00-00T00:00:00 + TZ".
- If the result of MTBlogRelativeURL does not end with slash, a slash is added automatically.
- The result of MTArchiveCount is changed to always return 1 if it is in the Individual Archive.
- mixiCommenter plugin is no longer bundled because they discontinued their OpenID Authentication service.
- MT::App::Search::Legacy application is no longer mounted automatically if running on PSGI environment.
- Asset attaching now works when saving a page. (#113213)
- The validation for required field now works (#112854)
- createEntry, updateEntry, createPage and updatePage now accepts empty array of categories, folders and assets. (#113613)
- The default value will be returned when the value of customfields is empty. (#113697, #113699)
Movable Type Advanced
- Upgrade function now works when using LDAP with SSL. (#113687)
- The thumbnail in the uploaded-list now displays correct image when uploading a different image with the same filename. (#113669)
- On the image editor, the selected area and operation area now points to same area. (#113434)
- Creating a thumbnail of a tiff image is now works when the image driver is set to Imager. (#113464)
- File uploading now works when the filename is more than 21 bytes and it has no file extension. (#113483)
- The filter of asset type on the asset listing dialog now works when the mt_asset table schema is extended by a plugin. (#113651)
- The search on the asset listing dialog now works. (#113728)
- On the Windows environment, image resizing now works when the image driver is set to ImageMagick. (#112908)
Entries & Pages
- The date-based archive files are now removed when the entry status is changed to unpublish. (#112656)
- Unnecessary tag is never inserted in the content when the entry format is set to 'Textile2'. (#112878)
- The duplicate check method for the page is now changed to use the permalink-based. (#113703)
- The 'Boilerplate' menu is now displayed when the user has system administrator only. (#113626)
Content Sync (Movable Type Advanced)
- Content syncing now works when the directory name of the source contains Japanese characters. (#113688)
- The validation error message now disappears when the entered sync datetime is correct. (#113764)
- Prevents 503 error when memcached is enabled. (#113603)
- The modifier that named 'class_type' now works with MTEntries. (#113641)
- MTAssets tag now works in the multiblog context. (#113324)
- An entry or page created with Markdown now renders when running with PHP5.5x. (#113633)
- The entries graph in the Site Stats widget now works when Google Analytics is already configured but service is unreachable. (#110417)
- The search term is no longer double encoded when it contains HTML. (#113719)
- The revision history is now logged when the file link is modified. (#112277)
- The preview of a category template is now made with real data. (#113570)
- Unnecessary warning no longer appears when saving a template. (#113622)
- The user archive page no longer contains other user's entries when a user does not have published entries. (#113704)
- MTCommentIfModerated returns correct results as written in the documentation. (#113363)
- The build error now detects when the error occurs in the module that is loaded by MTIncludeBlock. (#113220)
- The value of customfields for template of the current context is now gettable when that is in the MTIndexList block. (#113648)
- MTArchiveCount returns correct value when used in the date-based archive page. (#113577)
- Revised the description for IO::Socket::SSL in the mt-check.cgi and mt-wizard.cgi. (#112904)
- The mail header no longer contains bcc address when EmailNotificationBcc is enabled. (#112989)
- Site Stats cache is now cleared even if too many users exists in the system. (#113652)
- The mt-ftsearch.cgi now does not return same result of mt-search.cgi. (#112784)
- The search term is no longer double encoded when it contains HTML. (#113726)
Go ahead and try this version from:
- username: demo
- password: testthis