MT4.x安全更新

从MT的官方博客上可以看到,MT4.x的博客都需要安全更新,最新版是MT4.12,大家可以在这里下载到最新版。

下面是官方博客上的更新理由:

      A detailed description of the vulnerability can be found below, but in short a cross-site scripting (XSS) vulnerability has been found in Movable Type's built-in search feature, which could be exploited by malicious parties to execute javascript without permission.

是MT内置的搜索功能有点缺陷。

受到影响的MT版本有:

Movable Type 4.0, 4.01, 4.01a (Personal and Commercial)
Movable Type 4.1 (Open Source, Personal and Commercial)
Movable Type Community Solution 1.0, 1.0a
Movable Type Community Solution 1.5
Movable Type Enterprise Solution 1.0

MT3.36没有在此次的更新范围之内。

更新其实很简单,把MT4.12的文件覆盖在原来的文件上就可以了,后台会提示你已经成功更新到了MT4.12版。为了防止更新出问题,要先导出文章,做个备份。