Six Apart Releases Movable Type 5.13, 5.07, and 4.38 Security Updates

| No Comments | No TrackBacks |
The official announcement is here.  The upgrade is mandatory if you want to keep up with security fixes.  Note: it looks like this update is not just a simple drop-in-and-run-the-upgrader affair, but there are changes to several javascript and other templates as well.  If you are (mostly) using the default templates this should be quite easy to deal with by refreshing the templates in question.  If you are using customized versions of these templates it looks like you need to do some manual editing to avoid comments etc. breaking on the new version.
Some notable fixes and additions:
  • Stronger password encryption options (in older versions, Movable Type only looked at the first eight characters of the password when logging in)
  • More options for setting password guidelines (minimum lenght, must contain letters, numbers...)
  • Better protection against brute force attempts with automatic lockout of accounts if too many wrong login attempts are made
  • More protection against uploading of malicious files by users

No TrackBacks

TrackBack URL:

Leave a comment