Seems there were a few unpleasant bugs in versions of MT through 2.63. I expect an announcement of what and how will be made at some point, but if you're running moveable type, I'd recommend upgrading to version 2.64.
Posted by Dan at May 30, 2003 12:37 PM | TrackBack (1)There were some script injections (XSS) that were a security problem, I am not sure about the other fixes.
The full changelog is available: http://www.movabletype.org/docs/mtchanges.html#2.64%20(2003.05.28)
Check your activity log, you might get a JS popup saying "Script injection in activity log via search". I put it on a couple MT sites so that more people would report it, because I was worried that the MT staff wasn't answering my report.
Cheers
Dumky
Yep, I know--you, or someone, pegged me, and I filed a bug report on it a few days ago. I didn't post the details, since I figured the slower the info on the actual problem got out, the more time folks would have to upgrade before malicious exploits became widespread. I see the problems have been noted on the MT main page, so there's not much sense not mentioning what the problems are any more...
Posted by: Dan at May 30, 2003 05:27 PM