Movable Type 3.34 Beta now available
The first beta of MT 3.34 has been released. This update to the Movable Type Publishing Platform contains a number of security fixes and everyone is encouraged to upgrade when it is officially released sometime next week. Accompanying this release will also be a release of Movable Type Enterprise 1.52 which will be released privately to paying customers.
Release Notes
- 46226: XSS exploit: Specific malformed tags could be used to invoke cross-site scripting attacks for certain browsers. This vulnerability has been closed.
- 46227: XSS Exploit: In previous versions of Movable Type, using MTCommentPreviewIsStatic tag could open comment entry screen, which is a potential security hole. This vulnerability has been closed.
- 45890: Bug: Default sanitize of comment and TrackBack template tags is broken; Comment and ping tags were not properly filtered using 'sanitize' rules when nofollow plugin was disabled or uninstalled.
- 46208: addrebuildoption populates label but rebuild_confirm.tmpl uses name. Fixed a bug that omitted the names of custom rebuild options from the rebuild site popup window.
- 35604: version_limit in plugin upgrade function misbehaving. Fixed an issue regarding plugin upgrade functions not firing consistently.
Download
Posted on January 8, 2007 10:44 AM in Announcements
Comments