Movable Type v7.3.0 (r.4607) - Security Fixes and Many Other Improvements


It's a pleasure to share with you the fact that Six Apart just released Movable Type v7.3.0, a huge step forward both in terms of new, improved, updated functions and security fixes.

Among its many improvements, this release introduces support for PHP v7.4.

Go ahead and secure your movable type installation now!

New and Improved functions

  • Add Table in RichText Editor.
  • Enable selecting tasks via run-periodic-tasks
  • Improve not to insert unnecessary line-feed or space in "Convert to Linefeed".
  • Log to STDERR when MT::Util::Log is not set.
  • Add PurePerl Digest::SHA、Digest::MD5 modules for fallback.
  • Log removing a file at rebuilding.
  • Improve the UI of editing category fields in Content Data.
  • Support PHP 7.4
  • Enable DBHost with Oracle.
  • Enable "requiresslreuse=YES" in Content Sync.
  • Add ids of HTML elements in the admin menu.
  • Support Emoji, with utf8mb4 of MySQL / MariaDB.

Updated Functions

  • The default email encoding is changed to UTF-8.
  • Remove DjDT modules used in debug mode.
  • The file list of Content Sync is not included when exporting a site.
  • The first frame of Animation GIF is used as a thumbnail.
  • Remove ezsql.
  • Update ADOdb to 5.20.16
  • Update Smarty to 3.1.31.
  • Update Image::ExifTool to 11.85.
  • Remove some ping update services that were closed.
  • Remove unnecessary method definition in Group feature.
  • Remove unnecessary CSS and Javascript files.
  • Remove unnecessary codes from a list of templates.

Resolved Issues

Security Fixes and Improvements

  • Fix XSS in __mode=rebuild. (CVE-2020-5575)
  • Fix CSRF in _mode=startrebuild. (CVE-2020-5576)
  • Fix XSS in template list. (CVE-2020-5575)
  • Fix CSRF via Sign-In page. (CVE-2020-5576)
  • Fix not to upload a double extension PHP file. (CVE-2020-5577)
  • Fix an open redirect issue in __mode=recover. (CVE-2020-5574)
  • Fix XSS in _mode=startrebuild. (CVE-2020-5575)


  • Unlist some OpenID providers that were obsolete.
  • Fix a class name of validation in form parts.
  • Fix to rebuild category archives correctly when there are two and more category content fields.
  • Fix not to show an alert at creating a site.
  • Fix to remove unnecessary data in MT::ContentType and MT::ContentData even when a site is removed.
  • Fix dialog of rebuilding to be handled in rebuild-pages.
  • Fix an error of MTCanonicalURL with multiple archive mapping.
  • Fix to register object type with long_datasource.
  • Fix to store the status of the checkbox field in Content Data.
  • Fix to update the file information correctly in Content Sync.
  • Fix an error at sorting child sites in the site list of the System.
  • Fix to show "Back" button correctly on internal errors.
  • Fix to apply filters when a Content Type refers to another Content Type which includes multiple text.
  • Fix enabling to replace in text fields created with block editor.
  • Fix style in activity log.
  • Fix to allow single quotation in labels of Content Field.
  • Fix not to show jQuery alerts.
  • Fix the number of tags in Content Type.
  • Fix to add a category when editing Content Data.
  • Fix to store entry preferences when editing Entries.
  • Fix to trigger rebuild at publishing a comment.
  • Fix to insert an image in a template.
  • Adjust the style of error message of thumbnail width in the modal dialog of inserting images.
  • Fix some MT tags in preview mode.
  • Fix sort order of the list of users in system view.
  • Fix to store iframe in embed object of Custom Field.
  • Remove unnecessary spaces in the error message of Database Setting.
  • Fix a validation rule of filter name.
  • Fix to check uniqueness of Role name.
  • Fix to allow the role of "managing web pages" to create a new folder.

Features to be deprecated in the next or future release.

  • Remove OpenID Plugin
  • Remove Crypt code from MT Core.
  • Deprecate MT::Util::perlsha1digest(_hex)
  • Deprecate Update Ping

Please play with it at:

- username: demo
- password: testthis


No TrackBacks

TrackBack URL:

Leave a comment


If this initiative is useful for you, please consider making a paypal donation or getting your movable type project done with PRO IT Service.

We're the right people for movable type consultancy services including: installations, upgrades, themes, templates, consulting, troubleshooting as well as hosting.

The complete range of movable type services you might be looking for!


We would love to work on any movable type jobs you might have! To find out more about the movable type services we're offering click here.

You may like to know that we're offering a broad range of web development services as well as professional website hosting service in partnership with Pair Networks, Inc. from Pittsburgh, PA, USA.

Check out everything we're proudly doing by visiting


Would you like to be updated every time there is a movable type release? If you do, then subscribe for email updates filling out the form below.


Delivered by FeedBurner


This is a personal website and doesn't have anything to do with Six Apart nevertheless Chris Alden, the former Six Apart CEO, appreciated my idea when he saw it available online.