Movable Type v6.6.1

On May 15th, just two days after releasing 3 major versions, including MT v6.6, Six Apart made available Movable Type v6.6.1 as a bug fixing release resolving this simple issue:

Fix a bug to open a new tab/window at Saving/Publishing a Page, Entry or Template.

upgrading-movabletype-to-v7.3.0.jpg

It's a pleasure to share with you the fact that Six Apart just released Movable Type v7.3.0, a huge step forward both in terms of new, improved, updated functions and security fixes.

Among its many improvements, this release introduces support for PHP v7.4.

Go ahead and secure your movable type installation now!

New and Improved functions

  • Add Table in RichText Editor.
  • Enable selecting tasks via run-periodic-tasks
  • Improve not to insert unnecessary line-feed or space in "Convert to Linefeed".
  • Log to STDERR when MT::Util::Log is not set.
  • Add PurePerl Digest::SHA、Digest::MD5 modules for fallback.
  • Log removing a file at rebuilding.
  • Improve the UI of editing category fields in Content Data.
  • Support PHP 7.4
  • Enable DBHost with Oracle.
  • Enable "requiresslreuse=YES" in Content Sync.
  • Add ids of HTML elements in the admin menu.
  • Support Emoji, with utf8mb4 of MySQL / MariaDB.

Updated Functions

  • The default email encoding is changed to UTF-8.
  • Remove DjDT modules used in debug mode.
  • The file list of Content Sync is not included when exporting a site.
  • The first frame of Animation GIF is used as a thumbnail.
  • Remove ezsql.
  • Update ADOdb to 5.20.16
  • Update Smarty to 3.1.31.
  • Update Image::ExifTool to 11.85.
  • Remove some ping update services that were closed.
  • Remove unnecessary method definition in Group feature.
  • Remove unnecessary CSS and Javascript files.
  • Remove unnecessary codes from a list of templates.

Resolved Issues

Security Fixes and Improvements

  • Fix XSS in __mode=rebuild. (CVE-2020-5575)
  • Fix CSRF in _mode=startrebuild. (CVE-2020-5576)
  • Fix XSS in template list. (CVE-2020-5575)
  • Fix CSRF via Sign-In page. (CVE-2020-5576)
  • Fix not to upload a double extension PHP file. (CVE-2020-5577)
  • Fix an open redirect issue in __mode=recover. (CVE-2020-5574)
  • Fix XSS in _mode=startrebuild. (CVE-2020-5575)

Miscellaneous

  • Unlist some OpenID providers that were obsolete.
  • Fix a class name of validation in form parts.
  • Fix to rebuild category archives correctly when there are two and more category content fields.
  • Fix not to show an alert at creating a site.
  • Fix to remove unnecessary data in MT::ContentType and MT::ContentData even when a site is removed.
  • Fix dialog of rebuilding to be handled in rebuild-pages.
  • Fix an error of MTCanonicalURL with multiple archive mapping.
  • Fix to register object type with long_datasource.
  • Fix to store the status of the checkbox field in Content Data.
  • Fix to update the file information correctly in Content Sync.
  • Fix an error at sorting child sites in the site list of the System.
  • Fix to show "Back" button correctly on internal errors.
  • Fix to apply filters when a Content Type refers to another Content Type which includes multiple text.
  • Fix enabling to replace in text fields created with block editor.
  • Fix style in activity log.
  • Fix to allow single quotation in labels of Content Field.
  • Fix not to show jQuery alerts.
  • Fix the number of tags in Content Type.
  • Fix to add a category when editing Content Data.
  • Fix to store entry preferences when editing Entries.
  • Fix to trigger rebuild at publishing a comment.
  • Fix to insert an image in a template.
  • Adjust the style of error message of thumbnail width in the modal dialog of inserting images.
  • Fix some MT tags in preview mode.
  • Fix sort order of the list of users in system view.
  • Fix to store iframe in embed object of Custom Field.
  • Remove unnecessary spaces in the error message of Database Setting.
  • Fix a validation rule of filter name.
  • Fix to check uniqueness of Role name.
  • Fix to allow the role of "managing web pages" to create a new folder.

Features to be deprecated in the next or future release.

  • Remove OpenID Plugin
  • Remove Crypt code from MT Core.
  • Deprecate MT::Util::perlsha1digest(_hex)
  • Deprecate Update Ping


Please play with it at:
https://www.movabletypedemo.org/v7x/cgi-bin/mt/mt.cgi

Using:
- username: demo
- password: testthis


Enjoy!

Six Apart announced today Movable Type v6.6, a huge step forward both in terms of new and improved functions, updated functions and security fixes.

This release introduces support for PHP v7.4.

New and Improved functions

  • Add Table in RichText Editor.
  • Enable selecting tasks via run-periodic-tasks
  • Improve not to insert unnecessary line-feed or space in "Convert to Linefeed".
  • Log to STDERR when MT::Util::Log is not set.
  • Add PurePerl Digest::SHA、Digest::MD5 modules for fallback.
  • Log removing a file at rebuilding.
  • Support PHP 7.4
  • Enable DBHost with Oracle.
  • Enable "requiresslreuse=YES" in Content Sync.
  • Support Emoji, with utf8mb4 of MySQL / MariaDB.

Updated Functions

  • Remove composer.json and composer.lock from the MT package.
  • The default email encoding is changed to UTF-8.
  • Remove DjDT modules used in debug mode.
  • Update several Perl modules in extlib
  • The file list of Content Sync is not included when exporting a site.
  • The first frame of Animation GIF is used as a thumbnail.
  • Remove ezsql.
  • Update ADOdb to 5.20.16
  • Update Smarty to 3.1.31.
  • Update Image::ExifTool to 11.85.
  • Remove some ping update services that were closed.
  • Remove unnecessary method definition in Group feature.
  • Remove unnecessary codes from a list of templates.

Resolved Issues

Security Fixes and Improvements

  • Fix XSS in __mode=rebuild. (CVE-2020-5575)
  • Fix CSRF in _mode=startrebuild. (CVE-2020-5576)
  • Fix XSS in template list. (CVE-2020-5575)
  • Fix CSRF via Sign-In page. (CVE-2020-5576)
  • Fix not to upload a double extension PHP file. (CVE-2020-5577)
  • Fix an open redirect issue in __mode=recover. (CVE-2020-5574)
  • Fix XSS in _mode=startrebuild. (CVE-2020-5575)

Miscellaneous

  • Unlist some OpenID providers that were obsolete.
  • Fix not to show an alert at creating a site.
  • Fix to update the file information correctly in Content Sync.
  • Fix an error at sorting child sites in the site list of the System.
  • Fix links of DBMS module in mt-wizard.cgi.
  • Fix not to show jQuery alerts.
  • Fix some MT tags in preview mode.
  • Fix sort order of the list of users in system view.
  • Fix to store iframe in embed object of Custom Field.
  • Remove unnecessary spaces in the error message of Database Setting.
  • Fix an item name of pull down menu of cell attribution of Table Feature For TinyMCE.
  • Fix to check uniqueness of Role name.
  • Fix to allow the role of "managing web pages" to create a new folder.

Features to be deprecated in the next or future release

  • Remove TypeKey related modules and functions.
  • Remove Motion Plugin
  • Remove OpenID Plugin
  • Remove Crypt code from MT Core.
  • Deprecate MT::Util::perlsha1digest(_hex)
  • Deprecate Update Ping


Please check it at:
https://www.movabletypedemo.org/v6.5x/cgi-bin/mt/mt.cgi

Using:
- username: demo
- password: testthis


Enjoy!

Six Apart announced today Movable Type v6.3.12, a mandatory security release.

Security Fixes and Improvements

  • Fix XSS in __mode=rebuild. (CVE-2020-5575)
  • Fix CSRF in _mode=startrebuild. (CVE-2020-5576)
  • Fix XSS in template list. (CVE-2020-5575)
  • Fix CSRF via Sign-In page. (CVE-2020-5576)
  • Fix not to upload a double extension PHP file. (CVE-2020-5577)
  • Fix an open redirect issue in __mode=recover. (CVE-2020-5574)
  • Fix XSS in _mode=startrebuild. (CVE-2020-5575)


Go ahead and evaluate it from:

https://www.movabletypedemo.org/v6x/cgi-bin/mt/mt.cgi


Using:

- username: demo

- password: testthis


Enjoy!

On February the 6th, Six Apart launched Movable Type v7.2.0 known also as r.4605.

This release includes two security fixes, as well as many other new, improved and updated functions and resolved issues.

Upgrading to Movable Type v7.2 (r.4605)

NEW AND IMPROVED FUNCTIONS

  • Log the enabling / disabling of a plugin.
  • Add some L10N phases for European languages.
  • Add heights to multiple-line text custom fields.
  • Log failure of sign-in.
  • Add SVG to ThemeStaticFileExtensions as a default value.
  • Improve performance of mt-feed.cgi
  • Enable inserting div elements into an A element in WYSIWYG.

UPDATED FUNCTIONS

  • Data API is disabled at new installation and creating a new website and blog. No change for the current settings.

MISCELLANEOUS

  • No size set for the Assets which is not supported by MT when importing from WordPress.
  • Remove the template of Technorati Search.
  • The initial value is set to 85 for JPEG image quality.
  • doctype of some themes is changed from XHTML4 to HTML5.
  • Change the titles of image blocks.
  • Change the label of the "text decoration" button in Japanese.

RESOLVED ISSUES

SECURITY FIX AND IMPROVEMENT

  • [XSS] Fix not to execute scripts in block editor.
  • [XSS] Fix not to execute scripts in WYSIWYG editor.

MISCELLANEOUS

  • Fix not to set the format of multiple-line text in ContentType to "None".
  • Fix integration with Category/Folder in CustomFields.
  • Fix to suppress warn 'redefined' in WXRImporter with XML::SAX modules other than XML::SAX::PurePerl.
  • Fix ParserDetails.ini.
  • Fix not to slow Data API with a huge version value.
  • Fix to show options at import WXR.
  • Fix not to remove some category archive files when there are some ContentTypes including a category field.
  • Fix CSS for category name of ContentField.
  • Fix not to show an error at sign-out in Rainier theme.
  • Fix title of SVG of category in a entry.
  • Fix L10N Error in the Mont-Blanc theme.
  • Fix our company name in some themes
  • Fix error in mt-check.cgi occurring without HTML::Entities.
  • Fix to parse Markdown correctly.
  • Fix the HTML of the Primary Menu in Mobile.
  • Fix not to react to pressing "Enter" in IE11.
  • Fix not to show warning in rebuild-pages
  • Fix to update entrymodifiedon at editing statuses in list view.
  • Fix to show the status correctly at Import Sites.
  • Fix the log text of updatecontentdata_status.
  • Fix to use SSL configuration parameters when "SSLVerifyNone 1".
  • Fix to use SSL configuration parameters in SMTP when "SSLVerifyNone 1" or "SMTPSSLVerifyNone 1".
  • Fix not to send an empty email when EmailAddressMain is not set
  • Fix "\U" and "\L" to work in regex_replace attribute.
  • Fix to control whether Page is published or not via page endpoint of Data API.
  • Fix to suppress warn 'used only once: possible typo.'
  • Fix the format of blockquote in editor.
  • Fix the message when XML::Parser is not installed.


Please play with it at:
https://www.movabletypedemo.org/v7x/cgi-bin/mt/mt.cgi

Using:
- username: demo
- password: testthis

Enjoy!

Support

If this initiative is useful for you, please consider making a paypal donation or getting your movable type project done with PRO IT Service.

We're the right people for movable type consultancy services including: installations, upgrades, themes, templates, consulting, troubleshooting as well as hosting.

The complete range of movable type services you might be looking for!

Services

We would love to work on any movable type jobs you might have! To find out more about the movable type services we're offering click here.

You may like to know that we're offering a broad range of web development services as well as professional website hosting service in partnership with Pair Networks, Inc. from Pittsburgh, PA, USA.

Check out everything we're proudly doing by visiting https://www.pro-it-service.com/

Newsletter

Would you like to be updated every time there is a movable type release? If you do, then subscribe for email updates filling out the form below.

Subscribe

Delivered by FeedBurner

Disclaimer

This is a personal website and doesn't have anything to do with Six Apart nevertheless Chris Alden, the former Six Apart CEO, appreciated my idea when he saw it available online.