Although it’s not more than three weeks since BlogEngine.NET 1.4 was released, we have no choice but to release a new version. There was a security issue which was fixed at made available for download and some huge edge case bugs as well. Also, the memory leak fix needed to be part of an official new release.

Fixes

Below are listed some major fixes and a description of what the problem was and who it effects.

The profile provider

If you we running in medium trust, the profile provider threw a security exception because medium trust doesn’t allow reflection. The ASP.NET build-in profile provider base class uses reflection, so we couldn’t just rewrite the feature without reflection. We had to totally recreate it without the ASP.NET profile provider model.

The widget framework

The medium trust issues continued in the widget framework, but only if you used the database provider. Again, this was due to the fact that medium trust environments doesn’t allow for reflection. Basically, we didn’t test the medium trust environment properly – if not at all – prior to release. The JavaScript that pops up the editor has also been tweaked so it now shows correctly in all browsers.

It wasn’t possible to write widgets that performs postbacks or client callbacks. It is now.

Create new user

When a new author was added they couldn't log in. This bug only figured in the XML membership provider when passwords where configured to be hashed in the web.config.

Broken links

In versions earlier than 1.4, the post links generated from a title could contain three hyphens in a row. In 1.4 it no longer did this because it made the URLs prettier and easier to read. However, it broke the old links from external sites. The upcoming release will also not generate URLs with three consecutive hyphens, but it will parse them correctly so no old links will break.

There are many other minor bugs that have been fixed.

New features

It’s not only bug fixes that made it into the upcoming release. Some new features have been added as well.

Filter by APML

As a semantic web freak, this is a feature I’m very proud to introduce to BlogEngine.NET. You can now filter the posts of a blog by your own APML file. An APML file is a prioritized list of your own interests represented in XML. All BlogEngine.NET 1.4+ users have such a file auto generated and it’s called /apml.axd. You only have to enter your blog URL and BlogEngine.NET will then find your APML using auto-discovery like the browser does for RSS feeds. Try it by clicking the APML filter link on the top right of this page.

File upload directories

Files and images uploaded will now be placed in new folders that are named by the year and month. This could be /files/2008/07/example.doc. This will make backup easier.

Use raw HTML editor by default

Some people don’t like the TinyMCE editor or any other editor and prefer to enter their own HTML. Now there is a switch that remembers your preferences and allows you to write your own HTML.

Force SSL in the MetaWeblog API

When you use Windows Live Writer or another editor through BlogEngine.NET’s MetaWeblog API you have always sent your username and password in clear text. This is the normal way that almost every blog platforms use. If you have a server certificate that allows you to run SSL, it is now possible to flip a switch that forces Windows Live Writer to send the data securely to your blog.

Other tweaks

  • Uncategorized posts are now shown in the archive
  • Calendar widget now works the first time it is added
  • Posting from Windows Live Writer now posts in the correct time zone
  • Users can now be edited again from the admin section
  • JavaScript removed from page and placed in blog.js for smaller page sizes
  • hCard microformat added to comments
  • HTTP compression of WebResource.axd (can be switched off)
  • Switch added to prefix post titles with blog name or not (SEO stuff)
  • Performance boost to CSS, image, file and JavaScript handlers by using 304 headers

I’m very sorry that this new release is necessary, because it is due to lack of a longer test phase. I do hope these new features will soften the fall a bit. Remember, if you are running the XML provider in full trust, then you might never have noticed any of the issues and might not need the upgrade. I do hope everybody will upgrade anyway, since it is a more stabile system with some new cool features. It's planned for download in a week.

My pride takes a hit every time I read the title of this post. At least it contains the word “fix”.

People have reported a memory leak on a few occasions, but I’ve never been able to find it and neither have anyone else. I just left it because it has never bothered me. It might be because of a very forgiving hosting partner that just adds more RAM if necessary and never tell me.

Yesterday evening I found myself in the right mood for tracking down this leak and it only took me 6 hours to find it. The fix took about 8 seconds, but what jolly 8 seconds that was.

The problem

After six hours I found that the leak was in the Related Posts server control. The constructor registered an event handler for the Post.Saved event, but the constructor wasn’t static like all the other controls. It was public which means that at every page view the event handler would be registered. That resulted in that the control never got disposed because of the reference to the event. So for each page view, an equal number of controls got stuck in memory and couldn't be garbage collected.

The fix

Make the constructor and event handler static so they only run once in the application life cycle. Let this be a lesson to all, remember to unhook your event handlers. The fix works for BlogEngine.NET 1.3, 1.3.1 and 1.4 and you just have to replace one file in the App_Code folder.

Download the memory leak fix at CodePlex and follow the instructions in the readme.txt.

I’m sorry it took so long to find this fix. I hope it hasn’t caused you too much trouble.

BlogEngine.NEXT

In the light of this and other bugs, we have decided to do a service release in a couple of weeks. Beside the memory leak fix, it will include many other tweaks, fixes and a few new minor features. It will be 100% backwards compatible with the current 1.4 release. If you have found some issues with 1.4 that you want fixed in the next release, please add them to the issue tracker.