François Nonnenmacher (EN) | FR

Six Apart just released a bug fix to Movable Type, to plug a quite serious "vulnerability in the mail sending packages for all Movable Type versions which allows malicious users to send email through the application to any number of arbitrary users" (read: that can be used by spammers to send e-mail spam from an MT installation.)

An exploit was reported yesterday on the Six Apart Professional Network and 6A got a patch out overnight! Kudos to them.

Since this vulnerability has been present in all versions since 1.0, all MT users are strongly encouraged to either upgrade to version 3.15 or install a plugin that fixes it (see the announcement and instructions.)