MOVABLE TYPE 2.65

A security issue has been found in Movable Type's XML-RPC server. We suggest that all users of Movable Type upgrade their installations to fix this issue.

We have released a new version of Movable Type, version 2.65, to fix this problem. Version 2.65 also includes the mt-send-entry.cgi fix released about one month ago [1].

In addition, version 2.65 includes an Atom syndication template in the default templates, along with an auto-discovery tag in the main index template. It also includes a couple of new tags used for the Atom feeds. If you're upgrading, you can get the syndication template from the default template list [2].

You can download the 2.65 upgrade from the download page [3] and follow the standard upgrade instructions [4].

If you'd rather just fix the XML-RPC security issue, you can replace lib/MT/XMLRPCServer.pm on your server with the new version of XMLRPCServer.pm at

http://www.movabletype.org/downloads/XMLRPCServer.zip

This is a ZIP file. Extract it and upload the version of XMLRPCServer.pm within to your server in ASCII mode.

We realize that official news has been scarce over the last 6-9 months. During this time, our company has grown from two people to seven, and we have launched TypePad. Now that we have hired more engineering resources (and we are still looking for more, we are able to focus again on our Movable Type product line. As mentioned on the Six Log, we're focusing on releasing more personal features in the basic Movable Type package, and concentrating features for businesses, organizations, and large content-driven sites into Movable Type Pro.

The next version of Movable Type will be version 3.0, a significant and free upgrade. Many oft-requested features will be integrated into this release, including:

* Comment registration. As a response to both comment spam and to the increased usage of Movable Type on large community sites, we'll be adding the option to restrict comments to registered users.

* Improved comment and TrackBack management features.

* New API hooks for plugin developers. Plugins will now be able to hook into many more pieces of Movable Type, including adding callbacks for saving and removing objects, building application methods with integration into the UI, and hooking into the publishing process. This opens up possibilities for plugins to add even more advanced functionality than they're able to do now.

* User interface rebuilt using CSS. We've seen with TypePad that a CSS-based interface gives users very fast application response times, and gives us a flexible interface for making application-wide changes, and we want to give this same speed and flexibility to Movable Type users.

* Support for the Atom API. We've already added Atom syndication feed support in version 2.65 of Movable Type, and we'll be adding publishing support for the API in 3.0.

In addition to the above, we'll be integrating some features into 3.0 that we're not yet ready to announce, but which we know will be very exciting to MT users. Additionally, for those interested in posting from mobile devices, we expect this to be a welcome release.

Movable Type 3.0 will be a free download and upgrade. We have full-time engineering resources devoted to this new version, and we plan to have a beta release in Q1 of 2004.