Six Apart announced today Movable Type v6.6, a huge step forward both in terms of new and improved functions, updated functions and security fixes.
This release introduces support for PHP v7.4.
New and Improved functions
- Add Table in RichText Editor.
- Enable selecting tasks via run-periodic-tasks
- Improve not to insert unnecessary line-feed or space in "Convert to Linefeed".
- Log to STDERR when MT::Util::Log is not set.
- Add PurePerl Digest::SHA、Digest::MD5 modules for fallback.
- Log removing a file at rebuilding.
- Support PHP 7.4
- Enable DBHost with Oracle.
- Enable "requiresslreuse=YES" in Content Sync.
- Support Emoji, with utf8mb4 of MySQL / MariaDB.
- Remove composer.json and composer.lock from the MT package.
- The default email encoding is changed to UTF-8.
- Remove DjDT modules used in debug mode.
- Update several Perl modules in extlib
- The file list of Content Sync is not included when exporting a site.
- The first frame of Animation GIF is used as a thumbnail.
- Remove ezsql.
- Update ADOdb to 5.20.16
- Update Smarty to 3.1.31.
- Update Image::ExifTool to 11.85.
- Remove some ping update services that were closed.
- Remove unnecessary method definition in Group feature.
- Remove unnecessary codes from a list of templates.
Security Fixes and Improvements
- Fix XSS in __mode=rebuild. (CVE-2020-5575)
- Fix CSRF in _mode=startrebuild. (CVE-2020-5576)
- Fix XSS in template list. (CVE-2020-5575)
- Fix CSRF via Sign-In page. (CVE-2020-5576)
- Fix not to upload a double extension PHP file. (CVE-2020-5577)
- Fix an open redirect issue in __mode=recover. (CVE-2020-5574)
- Fix XSS in _mode=startrebuild. (CVE-2020-5575)
- Unlist some OpenID providers that were obsolete.
- Fix not to show an alert at creating a site.
- Fix to update the file information correctly in Content Sync.
- Fix an error at sorting child sites in the site list of the System.
- Fix links of DBMS module in mt-wizard.cgi.
- Fix not to show jQuery alerts.
- Fix some MT tags in preview mode.
- Fix sort order of the list of users in system view.
- Fix to store iframe in embed object of Custom Field.
- Remove unnecessary spaces in the error message of Database Setting.
- Fix an item name of pull down menu of cell attribution of Table Feature For TinyMCE.
- Fix to check uniqueness of Role name.
- Fix to allow the role of "managing web pages" to create a new folder.
Features to be deprecated in the next or future release
- Remove TypeKey related modules and functions.
- Remove Motion Plugin
- Remove OpenID Plugin
- Remove Crypt code from MT Core.
- Deprecate MT::Util::perlsha1digest(_hex)
- Deprecate Update Ping
Please check it at:
- username: demo
- password: testthis