Even if you’re still running 2.6x, you need to get this patch installed. It fixes an ugly vulnerability that allows your MT installation to be used by spammers to send out mail (similar to a formmail script hole).
I actually noticed this about nine months ago but nobody seemed to notice or care. Glad to hear SixApart is finally listening to folks and has the right kinds of folks there to make sure this kind of crap doesn’t ever happen again.
Comments
Yea, it usually takes someone high up to complain before something ever gets done.
My wife’s site is MT, so “a patching I will go, a patching I will go, hi go the dario, a patching I will go.” 🙂
“Yea, it usually takes someone high up to complain before something ever gets done.”
For the record, that’s totally untrue. A security flaw is a securrity flaw and as long as I’m Product Manager, I don’t need God to point it out to me. 🙂
“I actually noticed this about nine months ago but nobody seemed to notice or care.”
I can’t speak for what happened (because I was an outsider then too), but I can tell you that, most likely, they were so busy between the — what? — ten of them working there that your email probably got lost amongst all the others that never got read.
Sad, really, but now those days are mostly behind us. We’re growing — and in a good way. 🙂
So please, if you ever find any other vulnerabilities, don’t hesitate to write to contact at sixapart dot com or to me directly.
And thanks both for the compliment and for sticking with us.
Jay: This is why I’m sticking with MT, because of the smart and talented folks 6A is hiring (including you) that will make sure this kind of crap doesn’t EVER happen again. Thanks again!
Thanks for the vote of confidence. With every release going forward, you’ll see that it’s well placed. It’s my job to make sure of that and, like you said, with the talent that we’re adding all the time, it’s hard NOT to make a great piece of software. 🙂