Headline
CVE-2022-45122: MovableType.org – News: Movable Type 7 r.5401 (v7.9.6), v6.8.8: Security update
Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
Movable Type 7 r.5401 (v7.9.6), v6.8.8 released.
This release is included security fixes. Six Apart recommends that you upgrade to the latest version.
RELEASED VERSIONS
- Movable Type r.5401 (v7.9.6)
- Movable Type Advanced r.5401 (v7.9.6)
- Movable Type AMI (via AWS Marketplace) r.5401 (v7.9.6)
- Movable Type Advanced AMI (via AWS Marketplace) r.5401 (v7.9.6)
- Movable Type v6.8.8
- Movable Type Advanced v6.8.8
- Movable Type AMI (via AWS Marketplace) v6.8.8
Release Notes
Please review the Movable Type release notes to see everything that was added and improved since the version you are currently using.
- Movable Type 7 r.5401 (v7.9.6) Release Notes
- Movable Type 6.8.8 Release Notes
How to get Movable Type 7 and 6.8
If you have an existing Movable Type 7 or 6.8 license, you can download the latest Movable Type from our download portal using your Six Apart ID.
To purchase a new license or an upgrade, please visit MovableType.com for more information, or feel free to contact us if you have any questions.
Movable Type 6.8 version is subject to LTS (long-term-support) and will have problem fixes and security fixes until 2022. However, In order to use Movable Type 6.5.x/6.6.x/6.7.x/6.8.x, “Pro Unlimited annual license” needs to be renewed every year.