Movable Type has released a security upgrade that fixes XSS vulnerabilities, and recommends updating to 4.23 as a mandatory. The vulnerability hasn't been exploited yet, but this update will ensure that your installation is secure.
I read one problem in particular on the MT forum that I took into account when updating. If you've installed the recent update for StyleCatcher, then do no update this plugin. The version included in the release is an older version than the one recommended for use with the Sandbox Plugin version 1.1.
Remember to keep a backup of your old directory before updating. That way you have a copy of your previous version and can reinstate if anything goes wrong. My upgrade was smooth and hassle-free. I hope your is too.
Do you have a link to that issue? I couldn't find it in the forums. I'm planning to do the MT 4.23 upgrade soon and I have installed Sandbox (though it doesn't work for me). I wasn't going to go the fresh install route this time (I do for major releases, not minor ones like this), but perhaps I should.
Do I need to upgrade MT and then re-install Sandbox? Uninstall Sandbox, upgrade MT, re-install Sandbox?
Thanks
Hi Salguod,
Hmm, I searched the MT forums and couldn't find it either, perhaps it was somewhere else that I read about it. I get so many feeds referring to Movable Type that it could have been Twitter or a comment on the MT site. No matter. What it said was that after upgrading, the Sandbox plugin wouldn't work, and 4.23 had shipped with the older version of StyleCatcher. It you're using version 1.1 of Sandbox, just add it and upgrade StyleCatcher after you've upgraded MT. I don't think it requires a fresh install.
Having said that, I always unzip the package to a new folder, rename the old one mt-old, then add all my plugins and config.cgi, etc by drag-and-drop to the new folder. I don't overwrite the older version. It only takes me 5 minutes to drag the themes and support files from mt-static over, and the extras in the extlib folder for actions streams. Perhaps it's why I have few problems. Good luck with the upgrade.
regarding your advise in the last paragraph to keep a copy of your old directory I feel the pains from the past each time an update of my MT installation needs to be done.
What is your favorite way of updating?
I am just asking because though being a MT user for several years now, the common advise to “copy it over” never worked for me. Always my individual folders and files vanished, leaving an unusable installation.
Hi Yves,
I rename my mt folder mt-old and extract the archive to a new file mt. I drag all my plugins over to the new folder, and what extras I have in lib and extlib. Drag over mt-config and move my mt-static to the root folder after renaming the original mt-static-old. I do the same for plugins in the mt-static folder - everything from the support folder and themes I've added.
It takes about 5 minutes. I use the command line to chmod all cgi files 755. I've never had a problem updating. I wrote another post called "Using the Command Line for Fast Upgrades" which may be of interest to you.
many thanks for your answer and the link to your blog post you provided. Very helpful.
Don't you think it is time for a more comfortable way of updating MT? Especially compared to WP with its integrated update feature?
Hi Yves, Yes, I've read enough complaints from users who feel MT's upgrade process would benefit from a new approach. An integrated updated feature would certainly be welcome. Movable Type has a reputation for being a very hard system to maintain, and new users have the biggest problems with installation and upgrades.