Although it’s not more than three weeks since BlogEngine.NET 1.4 was released, we have no choice but to release a new version. There was a security issue which was fixed at made available for download and some huge edge case bugs as well. Also, the memory leak fix needed to be part of an official new release.


Below are listed some major fixes and a description of what the problem was and who it effects.

The profile provider

If you we running in medium trust, the profile provider threw a security exception because medium trust doesn’t allow reflection. The ASP.NET build-in profile provider base class uses reflection, so we couldn’t just rewrite the feature without reflection. We had to totally recreate it without the ASP.NET profile provider model.

The widget framework

The medium trust issues continued in the widget framework, but only if you used the database provider. Again, this was due to the fact that medium trust environments doesn’t allow for reflection. Basically, we didn’t test the medium trust environment properly – if not at all – prior to release. The JavaScript that pops up the editor has also been tweaked so it now shows correctly in all browsers.

It wasn’t possible to write widgets that performs postbacks or client callbacks. It is now.

Create new user

When a new author was added they couldn't log in. This bug only figured in the XML membership provider when passwords where configured to be hashed in the web.config.

Broken links

In versions earlier than 1.4, the post links generated from a title could contain three hyphens in a row. In 1.4 it no longer did this because it made the URLs prettier and easier to read. However, it broke the old links from external sites. The upcoming release will also not generate URLs with three consecutive hyphens, but it will parse them correctly so no old links will break.

There are many other minor bugs that have been fixed.

New features

It’s not only bug fixes that made it into the upcoming release. Some new features have been added as well.

Filter by APML

As a semantic web freak, this is a feature I’m very proud to introduce to BlogEngine.NET. You can now filter the posts of a blog by your own APML file. An APML file is a prioritized list of your own interests represented in XML. All BlogEngine.NET 1.4+ users have such a file auto generated and it’s called /apml.axd. You only have to enter your blog URL and BlogEngine.NET will then find your APML using auto-discovery like the browser does for RSS feeds. Try it by clicking the APML filter link on the top right of this page.

File upload directories

Files and images uploaded will now be placed in new folders that are named by the year and month. This could be /files/2008/07/example.doc. This will make backup easier.

Use raw HTML editor by default

Some people don’t like the TinyMCE editor or any other editor and prefer to enter their own HTML. Now there is a switch that remembers your preferences and allows you to write your own HTML.

Force SSL in the MetaWeblog API

When you use Windows Live Writer or another editor through BlogEngine.NET’s MetaWeblog API you have always sent your username and password in clear text. This is the normal way that almost every blog platforms use. If you have a server certificate that allows you to run SSL, it is now possible to flip a switch that forces Windows Live Writer to send the data securely to your blog.

Other tweaks

  • Uncategorized posts are now shown in the archive
  • Calendar widget now works the first time it is added
  • Posting from Windows Live Writer now posts in the correct time zone
  • Users can now be edited again from the admin section
  • JavaScript removed from page and placed in blog.js for smaller page sizes
  • hCard microformat added to comments
  • HTTP compression of WebResource.axd (can be switched off)
  • Switch added to prefix post titles with blog name or not (SEO stuff)
  • Performance boost to CSS, image, file and JavaScript handlers by using 304 headers

I’m very sorry that this new release is necessary, because it is due to lack of a longer test phase. I do hope these new features will soften the fall a bit. Remember, if you are running the XML provider in full trust, then you might never have noticed any of the issues and might not need the upgrade. I do hope everybody will upgrade anyway, since it is a more stabile system with some new cool features. It's planned for download in a week.


Comments are closed