Major Highlights

• Fixed issue with assembly version type.
• Fixed issue where system mails are sent from the recipient's email address instead of admin email address.
• Fixed issue with logo in Ribbon Bar.
• Fixed issue with race condition when adding entries to shared Dictionaries.
• Fixed issue with scheduler exceptions when more than one language is defined.
• Fixed issue when creating portals in non en-us culture.
• Fixed issue with adding a new language.
• Fixed issue with AJAX Script Manager
• Fixed issue with Source Package not opening correctly in Visual Studio.
• Fixed issue when logging into a multi-language portal when the user's preferred locale is not set.
• Fixed issue with generation of user links to use new Profile page.
• Fixed issue with multiple cancel buttons on Add User screen.
• Fixed issue with version number in Symbols package manifest.
• Added missing release notes for 5.4.
• Added label explaining portal localization drop-down on site settings. Updated static localization text to more friendly form.
• Updated version of Symbols package in manifest file.
• Improved 5.4.0 and 5.4.1 upgrade scripts to better handle upgrades when multiple languages are installed.

Security Fixes

• * None

Updated Modules/Providers

The following modules and providers have been updated in the 5.4.1 packages. Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Form and List Module 05.01.03
• Blog Module 04.00.00

Providers

• * None

Major Highlights

• Fixed issue where portal settings were not saved per portal.
• Fixed issue with importing page templates.
• Fixed issue with updating Site Settings.
• Fixed issue with System.Web.Extensions dependencies when running in ASP.NET 4.0
• Fixed issue with User Profile and Custom Registration modules
• Fixed the View Profile module so it displays a message if it is placed on a page which is not defined as the Portal's profile page.
• Fixed issue with content list module not being added to search results.
• Fixed issue with yellow screen on some upgrades.
• Fixed issue with the packaging of Telerik RadEditor Provider
• Fixed issue with displaying child folders in Telerik RADEditor Provider File dialogs.
• Fixed issue where the registration email was being sent to the user being registered instead of the admin user.
• Support icon in ribbon bar is now hidden in CE.
• security bulletin can be read @ http://www.dotnetnuke.com/News/Securitybulletinno34/tabid/1531/Default.aspx
• Fixed issue with missing fields in new vw_PortalsDefaultLanguage View
• Fixd issue with Tags skinobject which didn't validate for empty strings.
• Check issue DNN-12122, second to last paragraph. This behavior is according to spec.
• Fixed issue with the name of the Content List module
• Included latest release of Telerik controls.
• Ensured compatability with ASP.NET 4.0 runtime.
• Modified code to use more efficient string comparison methods.
• Ported TelerikEditorProvider to Community Edition
• Improved performance of GetTabPermissionsByPortal stored procedure.
• Improved efficiency of core object caching.
• Improved performance by precompiling commonly used regular expressions.
• Ribbon Bar Control Panel –The new ribbon bar control panel provides content contributors with more editing options in a highly convenient format, allowing users to create pages, install new modules, edit content, and preview pages more quickly and easily than ever before.
• added support for localising portal details. If a site is running with multiple active languages, the site settings page allows an administrator the ability to provide different settings for each language (culturecode). In addition, this supports a fallback strategy where if no record exists for a language, a check is made for a record for it's fallback, and if no record exists then it fall's back to the portal default language.

Security Fixes

• User account escalation Vulnerability

Updated Modules/Providers

The following modules and providers have been updated in the 5.4.0 packages. Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• FormAndList 05.01.02

Providers

• Telerik Editor Provider 05.04.00

Major Highlights

• Issue fixed where Newsletter module only sent SMTP test email.
• Issue fixed with signature change to Synchronize Folders methods.
• Fixed the issue with the email notifications where the From and To addresses were swapped.

Security Fixes

• None

Updated Modules/Providers

The following modules and providers have been updated in the 5.2.0 packages. Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• XML Module 04.03.05

Providers

• none

New Features

• Templated User Profiles - User profile pages are now publicly viewable
• Photo field in User Profile - Users can upload a photo to their profile
• User Messaging - Users can send direct messages to other system users
• Search Engine Sitemap Provider - The sitemap now allows module admins to plugin sitemap logic for individual modules.
• Taxonomy Manager - Administrators can create heirarchical category lists that can be shared and used across modules

Major Highlights

• Fixed issue with the Create New Module form not showing on upgrades.
• Fixed issue where the Create New Module wizard allowed the user to select an invalid 'Owner' folder.
• Fixed the issue where adding query strings such as Mid=Crash showed an error screen.
• Fixed issue where the dashboard controls failed to load if upgrading from a version prior to 5.1.0 to a later one.
• Fixed issue where create new module from manifest was not working
• Fixed issue where the red border around Administrator only content was not displayed after upgrading from 4.x
• Fixed the issue with the Market Place in the Solutions Explorer
• Fixed issue where GrantStoredProceduresPermission and GrantUserDefinedFunctionsPermission ran on every install/upgrade
• Fixed issue where logging in as Registered User throws PageLoadException in Event Viewer.
• Fixed issue with creating new language packs.
• Fixed issue with emails not having http in urls to external resources.
• Fixed issue with caching providers not being defined in web.config in some instances.
• Fixed issue where the User Image showed in the search drop down box in Manage Users.
• Updated the portaltemplate.xsd to cater for new fields.
• Update the Google Verification file content to match the new Google protocol.
• Updated the Installation Wizard's Finished button text to "Start building your new site!"
• Updated the default menu provider to use the DNNMenuNavigationProvider.
• Create Package button is now disabled until a package folder has been created.
• Reduced the number of user events that are logged.
• Optimized retrieving a module by its control key.
• Added code to store the site map priority as a number, which allows any valid localised single e.g. 0.5 or 0,6
• Added new logic to only allow cancelling a module installation if the Core Version is not sufficient for the module to be installed.
• Added extra checks to the upgrade application logic when removing core modules.
• Added a success message when exporting the Dashboard as xml.
• Added more validation around editing a module control definition
• Added the ability to disable portal folder synchronization on "hidden" folders.
• Added a new check to test if all extensions are installed that are present in a site template.

Security Fixes

• None

Updated Modules/Providers

The following modules and providers have been updated in the 5.3.0 packages. Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• None

Providers

• none

Major Highlights

• Fixed the issue where LinkClick.aspx links were incorrect for child portals
• Fixed the issue with the PayPal URL settings.
• Fixed the issue with logging into the site on 1st page load after upgrade.
• Fixed issue where hosted jQuery did not use the correct protocol when SSL enabled.
• Fixed issue with inconsistent file/folder permissions tests. Test now runs when the page is shown and user cannot progress until tests pass.
• Fixed the issue with the SynchronizeModule in all install modes causing an object reference error.
• Fixed issue where captcha control showed after succesful registration if the SMTP settings were not correct
• Fixed issue where error message failed to display if control was not created
• Fixed the issue where the Portal name was hard coded as 'PortalName' when assigning modules to portals.
• Fixed issue where security roles were not properly enforced between child portals.
• Fixed issue where large/javascript heavy pages could suffer from an MS Ajax DeserializePrimitiveObject Invocation error
• Fixed issue where the user is unable to change dbowner in the install wizard.
• Fixed issue where spaces in control names caused error in new module control wizard
• Fixed issue with allowing a blank database name in Installation Wizard.
• Fixed the issue where the www. subdomain of a domain is not part of the portal aliases of a portal
• Fixed issue where the Parent Tab was not showing in drop down if the user had no edit rights on it.
• Fixed issue where list values in profile properties only work on Portal with PortalID=0
• Fixed issue when unzipping files in the Host File Manager
• Fixed issue where module message warning was not XHTML compliant
• Fixed the issue where sometimes there were event log errors during installation from importing HTML modules.
• Fixed issue where installer feedback was not using passed parameter to output feeback messages
• Fixed issue with custom name space in Starter Kits.
• Fixed issue where errors were logged during automated installs.
• Enhanced create new module form to split file language and file name onto seperate lines, and updated help text
• Fixed missing objectqualifer in dataprovider script which could fail to update installs without a default language
• Updated data provider reference to use fully qualified typename which could cause compilation issues with third party modules in some rare instances.
• Fixed validation error handling in new module wizard
• Updated text on create new module screen to clarify that make new folder is only available on "New" option
• Fixed issue where it was possible to create a module with a name or friendlyname the same as an existing package
• Fixed issue where invalid control name could crash New Module wizard
• Fixed the validation of Module Control Name when creating a new module manually.
• Enhanced New Module wizard to make friendly name a required field.
• When using the create new module you can specify a control with spaces e.g. "my control". Whilst this is valid for a control definition, as that is used to create the file and also the inherits statement an error is caused as neither of support spaces. To resolve we added code to remove spaces from control names as they're not allowed.
• Modified Install Wizard so that all tests must pass before installtion may proceed. Tests are conducted either on entering the page or on clicking the Next button.
• Updated layout and help text of the "Create New Module" form and added some code to remove spaces from module names to ensure only valid files are created.
• Added the ability to use the PayPal sandbox for validating PayPal configuration

Security Fixes

• User account escalation Vulnerability

Updated Modules/Providers

The following modules and providers have been updated in the 5.2.0 packages. Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Events Module 05.00.03

Providers

• none

Major Highlights

• Fixed issue where tabname lookup's were case-sensitive and caused problems when loading controls.
• Fixed issue where Captcha control did not include a value for the Alt attribute.
• Fixed issue where the Create New Module wizard allowed the user to select an invalid 'Owner' folder.
• Fixed issue where uninstalling a module with 'delete files' unchecked deletes the files anyway.
• Fixed issue where GetMappedDirectory would log an exception during install.
• Fixed issue where the Starter kit was missing the HTML module.
• Fixed issue where the source package did not include the HTML module.
• Fixed issue with missing databaseowner and objectqualifier tags in the 5.2.1 SqlDataProvider script.
• Fixed issue where portal templates ceased working in 5.2.1.
• Fixed issue with page quotas where GetTabCount stored procedure had not been updated for localization changes introduced in 5.2.0.
• Fixed issue where Host email test fails but no email addresses are listed in the error message.
• Fixed issue where temp files were left if extension installation was cancelled.
• Fixed issue where Captcha was not regenerated if login failed.
• Reverted syntax that grants stored procedure permissions to previous version, as GRANT EXECUTE TO was problematic on shared hosts.
• Fixed issue where vendor registration email did not contain the vendor name.
• Added the ability to specify a custom animation function for the Visibility Widget.
• Updated title and help text to make optional for forcing a captcha for associating logins clearer.
• Added documentation to the Dynamic Module template that is displayed when a new module is created using the template.

Security Fixes

• None

Updated Modules/Providers

No modules or providers have been updated in the 5.2.2 packages.

Major Highlights

• Fixed issue where banners were not properly rotated according to the specified views/clicks
•  Fixed issue where upgrades could fail if the the user account did not have permission to update objects in some db schemas
• Fixed issue where list values were visible outside of the Portal where they were created.
• Fixed issue where caching providers were not rendering unicode characters properly.
• Fixed issue with missing Telerik assembly in the source package.
• Fixed issue where Ajax HostSetting was not properly set on upgrade from 4.x installations.
• Fixed issues where upgrades would fail with a unique index violation
• Fixed issue with the Starter Kit which was missing HTML module files
• Fixed issue where page templates were not working correctly
• Fixed default settings for the module and output caching providers
• Fixed issue which prevented Blog module from working after some upgrades to 5.x
• Fixed issue when creating a new module in the Module Definition Wizard if the .ascx extension was not specified.
• Fixed issue where localization was not working if the application virtual directory name was also part of the module name.
• Fixed issue where the FriendlyName for Schedule Items was not being saved.
• Fixed issue where GetUserCountByPortal was making excessive database calls instead of using cached values
• Added binding redirect setting in web.config to prevent versioning issues with Telerik assembly

Security Fixes

• none

Updated Modules/Providers

The following modules and providers have been updated in the 5.2.0 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Form and List 05.01.01

Providers

• FileModuleCachingProvider 05.02.01
• MemoryModuleCachingProvider 05.02.01
• SchedulingProvider 05.02.01

Major Highlights

• Added Module Information to the Help page
• Added ability to view and edit the source files for a module
• Enhanced the module creation wizard to simplify creating new module definitions
• Added the ability to automatically create a test page as a step in the module creation wizard
• Added a core API to support content localization
• Added the ability to import/export page and module settings
• Added the ability to immediately run a scheduled task
• Added module caching provider API
• Converted existing module caching feature to use new provider
• Added page output caching provider API
• Fixed issue where upgraded sites do not properly set the default Language
• Fixed issue where scheduler could execute a a long-running task multiple times
• Fixed issue where improperly formatted email addresses could result in error when sending system emails
• Fixed issue which resulted in incorrect URL for SiteMap in a child portal
• Fixed issue which caused error when deleting files from the Host file manager.

Security Fixes

• Fixed issue where Install Wizard could leak version information to anonymous users
• Fixed issue where search page might be vulnerable to script injection

Updated Modules/Providers

The following modules and providers have been updated in the 5.2.0 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• HTML 05.02.00
• Gallery 04.03.00
• Wiki 04.02.00

Providers

• FileModuleCachingProvider 05.02.00
• MemoryModuleCachingProvider 05.02.00

Major Highlights

• Added the ability to specify a subject line when emailing event viewer logs
• Modified the event viewer to include event logs as email attachments when emailing the event logs
• Added the ability to use dictionary objects for token replacement in system messages
• Fixed an issue which caused an error whenever edititng the Site Settings.
• Fixed issue which caused an error trying to retrieve a role group by name
• Fixed an issue which prevented a skin from being able to be re-installed or uninstalled.
• Fixed issue where Html module was displaying unpublished content
• Fixed issue where URLs for pages within the site were always being created as relative which is a change from previous versions.
• Removed solution explorer page from the Admin menu and removed the Marketplace feed from the OPML file.
• Fixed issue with upgrading DotNetNuke 4.x skins when upgrading site to DotNetNuke 5.x
• Fixed issue which resulted in incorrect URL for SiteMap in a child portal
• Fixed issue which caused error when deleting files from the Host file manager.

Security Fixes

• None

Updated Modules/Providers

The following modules and providers have been updated in the 5.1.3 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• HTML 05.01.04
• Form and Lists 05.00.03
• Forum 04.05.03

Providers

• AspNetMembershipProvider 05.01.03
• DNNMembershipProvider 05.01.03
• FileBasedCachingProvider 05.01.03

Major Highlights

• Fixed issue which caused modules not be properly upgraded to 5.x if they were missing a manifest file
• Fixed issue where register link on the login module did not work when portal was configured for private membership
• Fixed issue where en-US language was always enabled after an upgrade
• Fixed issue where the language pack writer was not creating full language packs.
• Re-added the PageStatePersistence setting to the Host Settings page with additional warning messages.
• Fixed breaking change in ActionBase where properties were inadvertently removed instead of being marked obsolete.
• Fixed issue where User settings were relying on default values, but the email API was not aware of the defaults.
• Fixed issue where the HasObjectDependencies property of ScheduleItem was not properly calculated.

Security Fixes

• HTML/Script Code Injection Vulnerability in ClientAPI
• HTML/Script Code Injection Vulnerability when operating with multiple languages

Updated Modules/Providers

The following modules and providers have been updated in the 5.1.2 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• HTML 05.01.03
• Events 05.00.02

Assemblies

• WebControls 02.02.00
• ClientAPI 04.01.02

Providers

• none

Major Highlights

• Fixed issue which mis-assigned page permissions to new modules
• Fixed issue where a fallback language is not defined
• Fixed issue  where portal administrator could not manage user roles
• Added core sqlconnection pool segmentation to protect core from any module issues
• Fixed issue where Authenticated Caching setting was not getting saved correctly
• Fixed issue where code sub-directories are not properly removed in web.config
• Fixed issue with UpgradeIndicator which could throw an error under some conditions
• Fixed issue where data could become corrupted under extremely heavy load
• Fixed issue where GetPortalRoles stored procedure was missing new audit fields
• Fixed issue where some DataReaders were not guaranteed to be closed if an error occured
• Fixed issue where GetFolders API method was changed resulting in a breaking change
• Improved performance by removing use of regular expressions in Globals.CreateValidId
• Fixed issue where all installed languages are enabled on all portals after an upgrade
• Fixed sitemap priority to use invariant format
• Fixed issue where 05.00.00 SQL Upgrade script is incompatible with SQL Server 2000
• Fixed issue where HTML/TEXT module was not correctly handling Encoded data
• Fixed issue where hierarchical lists are not properly deleted
• Fixed performance issue where delayed loading of some PortalSettings results in race condition
• Fixed issue where banners were not properly rotated
• Fixed issue where "Create Language Pack" creates an empty package
• Fixed upgrade issue when Active Directory provider is installed
• Fixed issue which changed the Edit Module permission in 5.1 and restored the 4.9.4 behavior.
• Fixed issue where the resource verifier misses files to report
• Fixed issue with control panel after installing the Turkish Language Pack
• Fixed issue where deprecated properties of the Membership provider resulted in errors in the Token Replace API
• Fixed PageLoadException errors caused by specific UserAgents being mis-identified by the browser definition files
• Fixed issue where "Premium Modules" settings don't work for upgraded sites
• Removed Classic ControlPanel from the distribution
• Improved locking mechanism of GetCachedData

Security Fixes

• none

Updated Modules/Providers

The following modules and providers have been updated in the 5.1.1 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• HTML 05.01.01

Providers

• FilebasedCachingProvider 05.01.01
• DatabaseLoggingProvider 05.01.01
• AspNetMembershipProvider 05.01.01
• DNNMembershipProvider 05.01.01
• SearchProvider 05.01.01

Major Highlights

• Added Content Versioning and simple workflow to the HTML module.
• Added Admin Console module to simplify access to administrator and host pages
• Added publicly accessbile skin engine lifecycle events
• Added audit trails to core system tables
• Added built in support for Google Analytics
• Added custom sitemap priorities
• Enhanced the permission system to use the provider model, allowing for custom permission providers
• Enhanced caching to enable access by distributed caching systems
• Enhanced installation and upgrade logic to automatically detect .Net 3.5 and to upgrade the web.config as appropriate.
• Enhanced the extensions pages to show which modules are used and to show the pages where they are currently in use
• Enhanced the Scheduler to show a checklist of available servers in the webfarm where scheduled tasks can be executed.
• Enhanced the Scheduler to support multiple instances running on the same server
• Fixed issue with removing Superuser role from a user.
• Fixed issue with deleting users which was not fully recognized by the rest of the application.
• Fixed issue with upgrades which would fail if .Net 3.5 was installed
• Fixed issue with skins installed using the batch installer.
• Fixed change to GetModulesByDefinition API method which resulted in breaking change from DotNetNuke 4.x
• Fixed CloakText API method which was broken in 5.0.1
• Fixed issue with stored procedure for Dashboard which would fail with an error if database account did not have permissions to the MSDB database.
• Fixed issue where pages added while on a host page will not be associated with a portal.
• Fixed issue where the ReturnURL for the SendPassword and Register links on the Login page were broken.

Security Fixes

• none

Updated Modules/Providers

The following modules and providers have been updated in the 5.1.0 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Forms and List 05.00.02
• Announcements 04.00.03
• Reports 05.01.00
• Events 05.00.01

Providers

• FckHtmlEditorProvider 02.00.04
• AD Provider 05.00.02

Major Highlights

• Added the ability to automatically update user roles without requiring the user to logout and log back in.
• Changed the user deletion code to use a soft-delete rather than removing the user record.  This ensures that modules like the Forums behave correctly for a previously "deleted" user.
• Added IP logging to the User's table to capture the last IP address from which a user logged in.
• Fixed breaking change with case sensitivity in the name of skin panes.  This fix restores the case-insensitivity of previous DotNetNuke releases.
• Fixed breaking change with ModuleId in DotNetNuke 5.0 which changed ModuleId to a readonly value.
• Fixed breaking change in CBO.FillDictionary to restore previous behavior.
• Fixed breaking change which prevented legacy skins from being installed when using the auto-install option.
• Fixed breaking change which prevented updated DLLs from being replaced when repairing a module installation.
• Fixed breaking change in HumanFriendlyUrls which prevented querystrings from being properly read when using HumanFriendlyUrls
• Fixed breaking change in legacy modules which would not store a zip file which was not designated as a resource file.
• Fixed breaking change in legacy modules which ignored zip directories.  DNN 5 changed this behavior.
• Fixed breaking change in default.css which resulted in changes to existing skin layouts.
• Fixed issue with roles module which prevented users from delegating role administration to a non-admin user.
• Fixed issue which prevented some users from logging out due to the inability of the system to detect their country.
• Fixed issue with Module Action Menu which prevented it from opening links in new windows.
• Fixed issue that results in an error when the Cache logs an error under the new CACHE_ERROR event type
• Fixed a packaging issue with FCKEditor which caused the LinkEditor to cause an unhandled exception.
• Fixed an issue which resulted in the system not being able to display the portalaliases screen

Security Fixes

• Fixed version nformation leakage issue in the install wizard

Updated Modules/Providers

The following modules and providers have been updated in the 5.0.1 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Forms and List 05.00.00

Providers

• FckHtmlEditorProvider 2.0.3
• AD Provider 05.00.01

Major Highlights

• Added jQuery support to the core platform.  jQuery will now be distributed as part of the DotNetNuke installation and will be available for use by module developers.
• Added support for Internet Explorer 8 Web Slices.  Administrators can configure any module to use IE8 Web Slices including the ability to set time-to-live and expiration values.
• Removed distinction between admin modules and pages and normal pages.  This allows administrators to easily delegate access to any portion of the application to any group of users.
• Updated the installation services to support manifest files for all extension types.  Now skins, containers, providers and modules are all first class citizens that can be installed and uninstalled.
• Expanded XHTML, WCAG and ADA compliance.
• Refactored core to improve support for Unit Testing.  Refactored several core classes to use interfaces and added a simple component factory to provide dependency injection support. 
• Added ability to deny permissions in the permissions grid.  This new feature extends the permission framework to give administrators greater flexibility in defining permissions.
• Added Widget framework.  The new Widget framework allows you to quickly add JavaScript/html widgets to your site with very little effort.  The framework supports the use of a simple object tag based representation which means you don’t have to know JavaScript in order to add the widgets.
• Added new Object notation for using skin objects in Skins.  Skin designers will no longer need to include separate XML files when creating and packaging skins.  No more funky “[SKINOBJECT]” tags littering your html.  This significantly simplifies the process of creating skins and further opens up skin development to a broader group of designers.  If you include a simple JavaScript reference in your HTML skin, you can even get a full WYSIWYG experience when designing your skin.

Security Fixes

• Includes a rollup of all 4.x security fixes

Updated Modules/Providers

The following modules and providers have been updated in the 5.0.0 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Providers

• AD Authentication Provider 05.00.00

In addition to these highlights there are literally hundreds of bug fixes in this release.

Major Highlights

• Fixed issue which caused the starter kit not to install properly
• Fixed issue where cache was not working properly for web crawlers

Security Fixes

• HTML/Script Code Injection Vulnerability in ClientAPI
• HTML/Script Code Injection Vulnerability when operating with multiple languages

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.5 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• HTML 04.09.05
• Events 05.00.02

Assemblies

• WebControls 02.02.00
• ClientAPI 04.01.02

Providers

• none

Major Highlights

• Fixed a major module caching issue which resulted in empty content for webcrawlers
• Improved performance of FormatRemoveSQL method

Security Fixes

• Low - Errorpage information leakage
• Low - HTML/Script Code Injection Vulnerability

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.4 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Announcements 04.00.03

Providers

• Removed the AD Provider so that it cannot be installed by the Install Wizard.  It can still be manually installed.

Major Highlights

• Add Office 2007 File Extensions to default allowable file extensions in Host Settings
• Add reference to SQL Server 2008 to Install Wizard to make it clear that SQL Server 2008 is supported
• Moved Whats New Module/Page to Host menu as it contains content which is not applicable to the Administrator
• Corrected a problem with "Auto" installation option which would occur when using a non-dbo database user
• Inline updates to Text/HTML were not HTML encoded when stored in the database
• App_Browser renamed to App_Browsers in order for ASP.NET to recognize it incorrectly
• Pages in the navigation menu linked directly to a file no longer served the file correctly
• Can not delete Portal if search items exist in the database which are associated to the portal
• Removed None Specified option for Folders in Page Export feature as it could cause an error if a user clicked Export without selecting a folder.
• Fixed major performance issue when adding new portals which would cause the system to unload and reload all cached objects

Security Fixes

• Low - HTML/Script Code Injection Vulnerability

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.3 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Announcements 04.00.02

Providers

• None

Major Highlights

• Added the ability to perform permanent redirect from an existing page using the page settings screen.
• Fixed issue with the permanent forms authentication cookie which cause problems in SSO environments.
• Fixed issue which required a workaround to import page templates into a portal
• Fixed a caching issue which prevented modules from being properly cached if they used a specific caching method overload
• Fixed issue which resulted in an error installing the Broadcast Polling Provider
• Fixed tab redirect issue which allowed a user to directly navigate to a tab which was supposed to redirect to another URL
• Fixed a continuous redirect issue which occurred when trying to upgrade from early 4.x releases to 4.9.1

Security Fixes

• None

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.2 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• None

Providers

• FckEditor Provider 2.0.3

Major Highlights

• Fixed issue with the cache which was preventing proper operation of the scheduler.
• Fixed issue with web crawlers which could cause thrashing in the cache
• Fixed issue with the EventQueue to remove events that result in an error.  This prevents an event from filling the event log with errors.
• Fixed issue with the RoleController.GetUserRoles method which introduced a breaking change in 4.9.0.
• Added a new column to the version table to distinguish between Community Edition and Professional Edition installs
• Added a new feature for logging server restarts in a web farm environment.
• Added a new admin Dashboard page.  The dashboard provides a single page where hosts can view an overall snapshot of their site.

Security Fixes

• Critical - User can access additional roles for which they do not have permissions

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.1 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Survey 04.60.00

Providers

• AD Authentication Provider 01.00.05

Major Highlights

• Fixed issues with the URL Rewriter.  There were several issues which could result in unreachable pages using friendly URLs.  We have added in validation logic to prevent pages from being created which would violate folder naming standards or which would result in two pages receiving the same Human Friendly URL.
• Fixed longstanding issue in the file based caching provider.  There was invalid logic in the caching provider which prevented it from working correctly.  The provider has been re-written to resolve the problem and provide a stable platform for web-farm scenarios.
• Fixed several dictionary errors.  These errors mostly occurred under heavy load or were otherwise intermittent.  Dictionary usage was evaluated throughout DNN and updated to utilize thread-safe approaches for updating and caching the dictionary.
• Fixed an issue that prevented users in certain locales from adding modules to div based panes.
• Added a new default skin that is more contemporary
• Added a new default template that removes much of the clutter and unnecessary information.
• Added a new Text skin object that allows you to add localized text to your skin.
• Added a new Styles skin object that allows you to insert additional stylesheets into the page header.  Stylesheets can be optionally included using IE Conditional Comments.
• Enhanced the Search skin object to include the option to display a dropdown list of web/site search options.
• Enhanced the Update Notification Service to display information on new language packs that are available for locales which are currently installed.

Security Fixes

• Critical - Authentication blindspot in User functions
• Critical - Validation failure in Repository Module
• Critical - Validation failure when loading skins
• Low - Information leakage in Install Wizard

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.0 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Documents 04.01.00
• Events 04.00.02
• Help 03.00.02
• HTML 04.08.01
• Links 04.00.01
• NewsFeeds 04.00.00
• Repository 03.01.15
• Survey 04.50.00
• UserDefinedTable 03.05.01
• Wiki 04.01.00

Providers

• FCK Html Editor Provider 02.00.02
• AD Authentication Provider 01.00.04