Blog

Six Apart has released a mandatory upgrade for all users of Movable Type:

Movable Type 5.13, 5.07, and 4.38 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. All users must upgrade to this latest release immediately.

The impact of the vulnerabilities

The previous versions of Movable Type have multiple vulnerabilities including cross-site scripting (XSS), cross-site request forgery (CSRF/XSRF), and OS Command Injection. A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system, and could execute a shell command under certain circumstances.

Versions Affected

Movable Type Open Source 4.x
Movable Type Open Source 5.x
Movable Type 4.x ( with Professional Pack, Community Pack )
Movable Type 5.x ( with Professional Pack, Community Pack )
Movable Type Enterprise 4.x
Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

Movable Type Open Source 4.38
Movable Type Open Source 5.07
Movable Type Open Source 5.13
Movable Type 4.38( with Professional Pack, Community Pack)
Movable Type 5.07( with Professional Pack, Community Pack)
Movable Type 5.13( with Professional Pack, Community Pack)
Movable Type Enterprise 4.38
Movable Type Advanced 5.13

Movable Type 5.13 introduces new security features.

Account and IP lockout
Configurable password validation rule
Stronger password encryption

To Upgrade

Current customers can submit a ticket. Your upgrade will be scheduled according to your SLA. New customers should contact 601am for more information.

601am has two immediate Drupal developer job openings. Both positions are contract-to-hire and available for immediate start. Want to know more? Head over to 601am's job board for more information on the Junior Drupal Developer and Senior Drupal Developer position.

Not only do we have a busy client workload in the first quarter of 2012, we're also traveling to a few industry events. If you'll be in the same vicinity and available to chat in person, please get in touch so we can coordinate schedules.

SXSW Interactive, Austin, Texas, March 9-13, 2012
Our fourth South By and always the highlight of the year. Go for the people, ignore 90% of the conference sessions, and gorge yourself on BBQ. We would rather meet with friends and clients than sit through a boring session, so let us know if you'd like to grab coffee or a drink.

Drupalcon Denver, Denver, Colorado, March 19-23, 2012
Not only are we attending, but the entire 601am team is hosting a mixer for our friends and clients who will be in town. To get on the guest list, please email Mike Emily.

CMS Expo, Evanston, Illinois, May 8-12, 2012
Our first year attending and we're a sponsor. Find our expo booth and let's talk about your business and content management needs. Register to attend and use discount code MT2012 for $100 off your registration.

A new year, a new developer! We've known Ken for a number of years, and collaborated on a few projects with him in the past. When it came time to find another developer, we eagerly asked, and Ken eagerly agreed to join the team.

Ken has been designing and developing scalable web sites for education and business sectors for 15 years. He specializes in CMS development, building large and small applications in Movable Type and others. He has been an active member of the Movable Type community over the past decade and also served as primary developer on the successful launch of The Morton Report.

Ken works remotely from Bowling Green, Ohio. When Ken is not coding, he's always playing video games.

Say hello to 601am's newest developer!

Charlie Gorichanaz has been a contractor with 601am over the past few months, and delivered such great work that we decided to make room for him on the team.

He joins us after spending five years studying biochemistry at the University of Wisconsin-Madison and working for The Badger Herald. As the web director, he managed one of the largest Movable Type installations and handled server administration. Charlie also worked as an associate copy chief and a video producer.

Charlie joins Andrew Dederich as the second cheesehead on the team. When Charlie isn't making Movable Type magic, he can be seen on jumping stilts in Milwaukee, Wisconsin.

(Photo credit: Megan McCormick)

Last evening, Six Apart released mandatory security updates, which resolve multiple vulnerabilities discovered in MT 4 and 5.

If you would like 601am's help in upgrading your installations, please get in touch.

Check out The Morton Report, one of our latest projects. Called in at the last minute to help with the project's launch, 601am provided consulting, Movable Type/Melody development, banner ad serving and launch support.

The Morton Report will be your source for your daily pop culture fix -- trust us!

601am is growing! So much so that we have outgrown our current space and are moving to a bigger (and some say better) office. Our new location is 2400 Broadway, Suite 2, Denver, CO 80205. We're excited to be located across the street from Billy's Gourmet Hot Dogs and just a few blocks from Coors Field.

On Friday, April 1, during the move, our staff will be working remotely while Aaron coordinates the move. Fortunately, there will be no delay in client work.

Feel free to come say hi and check out our new digs!

Once again, we'll be in Austin for SXSW Interactive. We'd love to meet our clients and friends who will be in town. Shoot me an email (aaron@601am.com) and let's meet up.

Our Denver office is looking for another CMS developer. Know Movable Type? We want you! Are you a WP or Drupal pro? Check out the listing and send over your resume, portfolio and salary requirements. Full details are on our careers page.