Last week we released Movable Type 4.01 Release Candidate 1. This release contains a number of fixes, but a couple in particular that we feel we should highlight for our users:
- A fix for an XSS vulnerability that affects blogs in which the primary Movable Type application is hosted on a different domain then their blog. The vulnerability results from a commenter name of an authenticated user that contains apostrophes. For users who host their blog and application on different domains, we ask that you please upgrade to 4.01 when it is released.
- A fix for a low-level bug that affects Movable Type's data abstract layer called Data::ObjectDriver. In this bug, any page within the application or on the published blog that needs to compose links to the next and previous entries in a sequence of entries, will result in Movable Type querying and pulling from the database more entries then is technically necessary. This has an adverse affect on performance and memory utilization during publishing operations and page load operations. This bug has the largest impact on large blogs with thousands of entries. For users with blogs of this size we strongly recommend you upgrade.
The rest of the bug fixes are relative minor, but significant to the many, many people who reported them and worked with us to resolve them. A special shout out to Tim Appnel, Michele Neylon, Bud Gibson and a number of our ProNet comrades in Japan who for their detailed bug reports and help in fixing a number of different issues for users and developers.
Finally, we expect to release one more release candidate for Movable Type 4.01 in order to incorporate some final translations that did not make the last release candidate. On the bright side, I suppose we have a good excuse for the missed translations: Maarten Schenk, who is responsible for translating Movable Type into Spanish, German, Dutch and French has been a little busy lately; as Maarten just welcomed his third child into the world. Congratulations to Maarten, his wife, Klaartj, Fien and of course Anna!
ambs.myopenid.com
September 12, 2007 11:26 AM | Reply
Is there any known bug on mt-submit.cgi? Mine is putting my machine down, using all physical memory (3GB) and swap :-S
http://openid.aol.com/sediment99
September 12, 2007 12:39 PM | Reply
Is there a problem with the preview entry functionality in 4.01rc1? After upgrading, the preview frame for an unsaved entry is accessing 2007/09/.html (for example), and for a previously saved entry it accesses the html page of the saved entry, even if it hadn't been published yet.
How to repeat:
1) Write new entry, but do not save it. 2) Click on Preview. 3) Preview frame is trying to access 2007/09/.html
1) Start new entry with title "Test", but do not save it. 2) Set status to Unpublished. 3) Save. 4) Click on Preview. 5) Preview frame will try to access the page as 2007/09/test.html, the name it would be saved under for static publishing.
Byrne Reese
September 12, 2007 12:43 PM | Reply
mt-submit.cgi is not a file that comes standard with Movable Type. Do you know what plugin provides it?
Byrne Reese
September 12, 2007 12:45 PM | Reply
I had encountered this bug as well and am assured by engineering that it is fixed in RC2 due out later today.
ambs.myopenid.com
September 13, 2007 10:51 AM | Reply
Hi, Byrne.
Sorry but I confused the script name. It is mt-comments.cgi that is taking my full memory.
I have two blogs in the same machine. One of them is working quite well (at least I didn't notice anything) but is very small. The other one which is giving me troubles has about 600 posts and 500 comments.
Thanks for any hint, as I needed to disable the blog for now :(
Cheers
Alberto
Tmaxim
October 9, 2007 5:14 AM | Reply
If I knew what CMS you use, probably could help you.
Proflogistics
January 23, 2008 5:42 AM | Reply
Release Candidate 2 - Released January 22, 2008