Six Apart, Ltd. Release Notes - Movable Type: 3.34

46226: XSS exploit: complex script tags may run in IE6

SECURITY: Specific malformed tags could be used to invoke cross-site scripting attacks for certain browsers. This vulerability has been closed.

46227: XSS Exploit: Sanitization needed in MTCommentPreviewIsStatic

In previous versions of Movable Type, using MTCommentPreviewIsStatic tag could open comment entry screen, which is a potential security hole.  This vulnerability has been closed.

46401: MT 3.34 has incorrect schema version

The schema version number for the first beta release of the 3.34 patch was incorrectly set. The schema version has now been changed to 3.3, as it should be since there were no schema changes between 3.33 and this release.

46404: Upgrade MT::Bootstap to use Wheeljack's Bootstrap

FEATURE: MT is easier to configure to run under Apache mod_fastcgi or mod_fcgid.

45890: Default sanitize of comment and trackback template tags is broken

FIXED: Comment and ping tags were not properly filtered using 'sanitize' rules when nofollow plugin was disabled or uninstalled.

46208: add_rebuild_option populates label but rebuild_confirm.tmpl uses name

DEVELOPER: Fixed a bug that omitted the names of custom rebuild options from the rebuild site popup window.

35604: version_limit in plugin upgrade function misbehaving.

DEVELOPER: Fixed an issue regarding plugin upgrade functions not firing consistently.

46392: Nofollow configuration setting should say "trusted commenters"

FIXED: Nofollow configuration setting now says, "trusted commenters" instead of "authenticated commenters" (since that is how it is actually implemented).