Although it’s not more than three weeks since BlogEngine.NET 1.4 was released, we have no choice but to release a new version. There was a security issue which was fixed at made available for download and some huge edge case bugs as well. Also, the memory leak fix needed to be part of an official new release.
Below are listed some major fixes and a description of what the problem was and who it effects.
The profile provider
If you we running in medium trust, the profile provider threw a security exception because medium trust doesn’t allow reflection. The ASP.NET build-in profile provider base class uses reflection, so we couldn’t just rewrite the feature without reflection. We had to totally recreate it without the ASP.NET profile provider model.
The widget framework
It wasn’t possible to write widgets that performs postbacks or client callbacks. It is now.
Create new user
When a new author was added they couldn't log in. This bug only figured in the XML membership provider when passwords where configured to be hashed in the web.config.
In versions earlier than 1.4, the post links generated from a title could contain three hyphens in a row. In 1.4 it no longer did this because it made the URLs prettier and easier to read. However, it broke the old links from external sites. The upcoming release will also not generate URLs with three consecutive hyphens, but it will parse them correctly so no old links will break.
There are many other minor bugs that have been fixed.
It’s not only bug fixes that made it into the upcoming release. Some new features have been added as well.
Filter by APML
As a semantic web freak, this is a feature I’m very proud to introduce to BlogEngine.NET. You can now filter the posts of a blog by your own APML file. An APML file is a prioritized list of your own interests represented in XML. All BlogEngine.NET 1.4+ users have such a file auto generated and it’s called /apml.axd. You only have to enter your blog URL and BlogEngine.NET will then find your APML using auto-discovery like the browser does for RSS feeds. Try it by clicking the APML filter link on the top right of this page.
File upload directories
Files and images uploaded will now be placed in new folders that are named by the year and month. This could be /files/2008/07/example.doc. This will make backup easier.
Use raw HTML editor by default
Some people don’t like the TinyMCE editor or any other editor and prefer to enter their own HTML. Now there is a switch that remembers your preferences and allows you to write your own HTML.
Force SSL in the MetaWeblog API
When you use Windows Live Writer or another editor through BlogEngine.NET’s MetaWeblog API you have always sent your username and password in clear text. This is the normal way that almost every blog platforms use. If you have a server certificate that allows you to run SSL, it is now possible to flip a switch that forces Windows Live Writer to send the data securely to your blog.
Uncategorized posts are now shown in the archive
Calendar widget now works the first time it is added
Posting from Windows Live Writer now posts in the correct time zone
Users can now be edited again from the admin section
hCard microformat added to comments
HTTP compression of WebResource.axd (can be switched off)
Switch added to prefix post titles with blog name or not (SEO stuff)
I’m very sorry that this new release is necessary, because it is due to lack of a longer test phase. I do hope these new features will soften the fall a bit. Remember, if you are running the XML provider in full trust, then you might never have noticed any of the issues and might not need the upgrade. I do hope everybody will upgrade anyway, since it is a more stabile system with some new cool features. It's planned for download in a week.