December 2014 Archives
On December the 9th, Six Apart launched a mandatory security update in the form of movable type v6.0.6, v5.2.11 and v5.18.
You should know that a vulnerability has been discovered in the Movable Type XML-RPC interface.
This vulnerability could be resolved by upgrading to one of the versions above, or it could be solved by disabling the 'mt-xmlrpc.cgi' script. An easy way to disable it is to remove its execute permissions.
On the other hand, be aware that if you disable the above mentioned .cgi script, your movable type installation won't be able to send out pings, such as say to ping the web services that you might have configured for your blog/website.
Worth mentioning is that this version, apart from fixing a security issue, includes also a bug fix related to the backup and restore feature. From now on, when restoring from a compressed backup file, items included with the backup file will also be restored.
Take a look at the latest product from:
- username: demo
- password: testthis