In an impressive display of coordinated execution, blog software maker Six Apart yesterday coordinated an emergency point release of the popular Movable Type blogging tool.
Version 3.15 fixes a vulnerability in the mail sending packages for Movable Type versions 1.0 to 3.14. The weakness allowed malicious users to send email through the application to any number of arbitrary users. Hello spammers!Certain configuration settings were required for the exploit to manifest, but these were not uncommon. It is therefore strongly recommended that all users of Movable Type upgrade immediately
For those users who don't want to do a full upgrade just yet, 6A have also made the fix available in the form of a plugin. You can download it as a zip
(1K) or tar/gz
The plugin is compatible with all 3.x versions as well as v2.661 (and perhaps even older versions although they haven't been tested) and provides the same exact protections as the v3.15 release.