b2evolution version 2.4.1 "Nevada" has been released. This is the first 2.x release we consider to be rock stable!

Download b2evolution 2.4.1 »

This version basically builds upon the already stable 2.4.0 with weeks of merciless bug fixing. There is no major fix but a lot of little things that have been ironed out.

Also, upgrading from 2.4.0 is merely a 5 minute file upload operation. There are no database changes. It is not necessary to run the install/upgrade script. And needless to say, it is not necessary to update your skins.

Upgrade is highly recommended for all users. As of May 1st, the 1.10 branch will no longer be maintained.

Major changes:

• Added some basic quicktags in simple edit mode.
• "Blog Logo" renamed to "Image / Blog logo".
• Enhanced comment forms with optional customization features. Removed extra fieldsets.
• Cosmetic enhancements.
• iPhone optimizations.
• Fixed wording in various places.
• New powered_by( array() ) skin tag (can be used to replace the long html blurb that was used before).
• Plenty of small bug fixes.

Next version should be 2.5-beta which will introduce new features and hence be less stable.

b2evolution 2.0 comes with a brand new backoffice design a.k.a admin skin, named "Chicago":

Though not completely polished yet, we hope it reflects how much effort we're putting into the new b2evolution 2.0.

Of course, if you're nostalgic (or if your IE chokes on CSS), you can still use the legacy or the evo admin skins.

By the way, you can now switch admin skins easily from the "evobar" at the top of the screen. In case you wonder: yes that bar is also displayed on top of the public blog page... if you're logged in!

Other than that, you can see on the screenshot that the backoffice now comes with a "dashboard" which gives you fast and easy access to the items you need the most like the comments awaiting moderation (with one click buttons) as well as your recent draft posts (am I the only one repeatedly forgetting to publish my drafts? )

b2evolution 2.0.0-alpha will be out in a few days now.

Ok, version 1.10 has been out for 3 months now and it's been super stable for 2 months.

Now, I can't stress this enough: if you haven't done so yet, for your own good, please upgrade any prior version to version 1.10 now!

If you're running 1.8 or 1.9, it is very easy too!
1) Download the latest stable 1.10
2) Optionally save your current /conf/_basic_config.php file if you don't want to reconfig later.
3) Upload all the new files over the old ones
4) Optionally, upload your previous /conf/_basic_config.php file back
5) Go to /install and run the installer which will take care of upgrading/fixing a few details in the database.

Your 1.8 and 1.9 skins will work on 1.10.

Again, please trust me: you want to do that upgrade and you want to do it now. Not tomorrow and certainly not next week.

Note for those who are waiting for 2.0: we will indeed release a 2.0-alpha as soon as I find a desk to work on (I'm in the US until the end of the month with a super heavy schedule... and unfortunate shady hotels in between ).

But this will be an alpha. It will be months before 2.0 gets as stable as 1.10. Plus the upgrade to 1.10 is super easy while the upgrade to 2.0 will not be so easy.

Did I mention that now is better than tomorrow? Seriously.

I am in Chicago this week, attending HostingCon 2007.

I'm not really attending the sessions actually. I'm mainly here to talk with the hosting companies about how we can better run b2evo on their shared hosting plans. Because that's actually how most b2evo users run it! (Ok, I'm also here to visit Chicago, which btw is pretty impressive... in many ways... but you'll have to check out my personal blogs for that kind of stuff )

One issue, of course, is to make installation as seamless as possible. Most of our hosting partners already offer easy installation method through cPanel + Fantastico Deluxe. However, in many cases there is room for improvement and we'll work on that. More on this later...

The other big thing, of course, is PHP 5!

You may have heard about the PHP group abandoning support for PHP4 at the end of the year. (Was bound to happen...)

You may have heard about the gophp5.org initiative. (Feels like a guerilla operation to me...)

And you may have read about some popular software strongly sticking to PHP4. (Huh!? What about supporting NCSA Mosaic?)

I'm sort of in the middle...

On the one hand, I reckon that the PHP 5 features would make the development of b2evolution easier and that it would even improve performance in some situations.

On the other hand, I also reckon that PHP 5 is not enabled by default on mosts hosts and that trying to use it involves more setup work on the user's shoulders.

And finally, I'm pretty disappointed with the PHP group who created the PHP4 vs PHP5 incompatibility problem in the first place. I still strongly believe there would have been an easy solution to the upgrade path.

(At this point I have to plead guilty for introducing my own lousy upgrade issues on some previous versions of b2evolution. However, I pledge to make upgrades easier after 2.0.)

Anyway, the PHP5 situation being what it is, my belief is that we can work it out with the hosting companies!

Having talked this through with a couple of them it turns out that:

1. They all support PHP5, but in different ways. BlueHost has it enabled by default (nice!). Most of the others support it optionally. Sometimes you have to request it from tech support, but most of the time you can enable it through .htaccess or your own php.ini ... that is, if you're geeky enough for that kind of stuff! Anyway, the bottom line is: there is no standard way to enable PHP5 from one host to another.
2. Mosts hosts actually did not realize that it is an issue to the development of software apps... since we somehow managed to still make it run on PHP4 so far.
3. Many hosts actually did not realize that the lack of a standard mechanism to switch to PHP5 is a problem for seamless install.
4. Many hosts actually did not realize that all PHP applications today, including b2evolution of course, do already work on PHP5 as well as PHP4.

After discussing this thoroughly with several hosts, I do believe there will be an acceptable consensus: most hosting companies seem to be willing to start to roll out PHP5 by default for all new accounts, a couple of months from now. (The current customers would still need to ask their tech support to be upgraded).

So I do have hopes that PHP5 will actually make it mainstream this year at all major hosts (and that the smaller ones will automatically follow). If it doesn't... We could still join the gophp5 "guerrilla" thing. However, I'd really like not to force PHP5 on the users as long as it requires an extra step in the install process.

Regarding b2evolution 2.0: we're still compatible with PHP4 of course. I personally run half of my servers on PHP4 and the other half on PHP5, just to make sure it works on both

Now, being in the US with the tiny laptop makes it much harder for me to actually wrap up that 2.0 release... but I haven't given up yet! Stay tuned

-Francois.

b2evo 2.0 is coming with enhanced configuration options, among which:

• Several options can now be set on a per Blog basis in the backoffice:
  
  • Default ordering of posts: by date, by title, by priority...
  • Number of posts (or days) per page to display
  • Number of posts for RSS/Atom feeds
  • Content of feeds (excerpts, full posts...)
  • Archive mode (monthly, weekly, daily...)
  • Permalink and other link formats
  • Allowing users to subscribe to email notifications
• Special behavior of blog #1 has been removed. Any blog can now aggregate any other combination of blogs. Look into Advanced Settings for the aggregating blog.
• Default chmod settings for dirs/files are now editable in the backoffice.
• Workflow properties are now hidden by default and an be enabled on a per blog basis.
• User feature settings can be reset to defaults, including PluginUserSettings.
• "Multiple sessions per user" setting. This will ensure logout from public computers if unchecked.

We hope to have something out this month.

b2evolution first introduced blog skins in 2003. Of course, since then, every other blog platform has implemented its own flavor of skins or themes and the concept has become pretty mainstream.

With version 2.0 we hope to take the concept one step further with the introduction of a new reworked modular skin architecture.

One of our design goals with this new skin architecture was to address the main requests we got about skins:

• Skins should be easier to customize
• Skins should no longer need manual upgrade when the core app is upgraded

Easier upgrades

Regarding the upgrading, we had already slowed down on incompatibilities with versions 1.8 to 1.10: skins designed for b2evo 1.8 work without modification in 1.9 and 1.10.

However, with version 2.0, we are refining *all* the skin tags in a way that will maximize their upward compatibility with future versions. Our goal here is that once you upgrade your customized skin to 2.x-stable, you will never have to upgrade it again if you don't want to...

Combing through all these tags to make them future proof is what currently takes the most time and holds back the release of 2.0...

Widgets

Regarding easier customization, we have introduced containers and widgets.

Instead of calling a lot of plugins with various parameters, skins 2.0 now simply define containers such has "Header" or "Sidebar" (to name the obvious ones).

Then, in the back-office, a blogger can easily add widgets to the containers of his choice. He would for example add a "Logo widget" and a "Blog list widget" to the Header. Then he would maybe add a "Calendar widget", a "Category list widget" and an "XML feeds" widget to the sidebar. He can also change the order of these widgets at any time.

Widgets automatically get their display parameters from the skin containers. This allows them to automatically adopt the look & feel of the container they're used in. For example: lists may display vertically in the sidebar but horizontally in the header.

However, widgets can also define their own parameters and users can easily set these through a form. Would you like to be able to browse years in that calendar? What file do you want to display as the blog logo? etc...

b2evolution 2.0 will ship with more than a dozen core widgets, as well as plugin widgets ("Who's online?"...) Plugin authors already know how to write their own widgets: they are simply "SkinTag" plugins just as before. Except that now users have an interface to place them at the desired place.

Optionally, you can define parameters for the Widget/skinTag plugin. For example, a weather plugin would define the "city" parameter. It would use it to display the weather for the city of the blog it is included in. And it could even be included twice in the same blog, with different parameters. (Didn't you always dream to track the weather for your work town and your home town on your blog's sidebar? )

Views & Pages

Another improvement is that skins can now display something completely different when you are viewing a post list, a single post, a user contact form... or a page.

Yes, b2evolution 2.0 supports out-of-the-flow pages that you can use for general purpose information (what the blog is about, your résumé, rules for commenting...). And you can easily link to your pages from anywhere on your sidebar: just throw in the "Page list widget". Want to link to the pages from the header: just the same!

Advanced customization

Of course, the grassroots evolution bloggers among us will still want to fine tune every little aspect of their skin. We can still do that just as before by editing the skin templates... and it may actually just have gotten easier...

You can now browse through your skin templates online with the embedded file manager and, should you need to, you can edit any template, and especially any CSS file right in place on the server.

Finally, we are adding quite a lot of comments into the skin templates in order to make sure you will feel comfortable with the new skinning system just by opening the files in Dreamweaver or whatever editor you like.

... actually, skins 2.0 simply follow the evolutionary path we've been on since spinning off b2: more features, cleaner code, better comments!

Advanced user permissions have long been both one of b2evolution’s strengths and one of its weaknesses.

On one hand they allowed unmatched control over who could do what on which blog. That was good in those complex multiblog-multiuser setups. On the other hand, they could be pretty confusing for newcomers who were blogging just by themselves and didn’t need any complex permissions.

Yet, the admins of enterprise blog platforms wanted even more flexibility with their permissions…

With b2evolution 2.0 we have addressed this the following way:

Blog owner default permissions

First, advanced permissions are now turned off by default. That means that when you create a new blog, you assign it to an owner and that’s it. The simplest case being: you are the admin, you create a blog for yourself, you are the owner of the blog.

The blog owner can do almost anything on his blog without requiring any additional permission.

There are a few advanced things that the owner cannot do though. Among these: change the base URL of his blog, aggregate other blogs on his blog, set up a static file… These things require an advanced admin privilege. Again, on single user setups, the owner is also the system admin, so he can do whatever he wants, without trouble.

Advanced perms

Now if a blog owner wants to invite additional users to blog on one of his blogs, he can turn on advanced permissions in his blog’s features panel. By doing so, the “User perms” and “Group perms” tabs appear in the blog settings.

Those advanced permissions tabs work mostly like before: any user can be declared as a member, a contributor, a publisher, a moderator or an admin of any specific blog.

The advanced permissions can also be given on a more granular level (e-g who exactly can upload a file, who can publish drafts, etc…). Those permissions can also be granted to user groups just like before.

Post editing permission

There are a few new advanced permissions though, among which the post editing permission!

So far, when a contributor had permission to post, he could also edit existing posts. Any existing posts…

Well, no more! Now you can decide for each user and/or group what posts he can edit. He may be allowed to post but not to edit anything at all. Or he may be allowed to edit only his own posts. Or he could be allowed to edit only posts written by someone with a user level lower than his own. Or equal user level. Or all posts.

Needless to say, the admin group has a super-permission that superseedes all this and lets them edit anything, anywhere, anytime without any hassle.

We hope this will satisfy most of the advanced as well as the simplification requests we have received since the introduction of advanced perms two years ago. If not, let us know…

All this and more coming to a blog near you this summer — b2evolution 2.0.

Language packs for version 1.9 will also work on version 1.10.

However, version 1.10 introduces some new strings that would need specific translation.

Thus, complete 1.10 language packs will improve user experience.

Now would be a good time for all translators to update translations for version 1.10 and send them to me.

If you've never done a translation before but would like to contribute, you can find startup instructions here. There is a cool tool to help you translate efficiently.

Only December the 2nd and we already have 2 new releases this month! It may seem as we can't get enough releases out the door. But these ones are for your security, so...

It is extremely strongly advised you upgrade!

Download here!

These releases patch the security issue discovered this week in 1.x releases. (If you are running version 0.9.1 or 0.9.2 you are not affected, but it would still be a good idea to upgrade.)

Those versions are codenamed after Anne & Chris who were the first two users reporting the issue. Thanks to both of you as well as to all other users who have helped identifying and fixing this issue in such a short delay.

These versions also include additional security measures, just in case. Sort of having two locks on your door instead of one.

Bonus in version 1.8.6 "Anne": Yearly archives are back. You can display all posts for 2005 with your-blog-url?m=2005

Bonus in version 1.9.1-beta "Chris": a few little bug fixes that make this version less of a beta than 1.9.0

Well, it's been a long time since the last security alert, but every now and then someone finds a security hole and it gets exploited...

This one doesn't affect b2evolution in itself but the Movable Type Importer as shipped with b2evolution since version 1.6. So, in effect, this security issue affects all versions of b2evolution since 1.6. With the latest tests, versions 0.9.x have appeared to be safe.

The good news is that it is very easy to secure your b2evolution installation before it gets hit by an attack: just delete the Movable Type Importer (you don't need it. It is only used *during* the import if you have migrated from MT to b2evo).

In b2evo versions 1.x, delete this file from your server:
/blogs/inc/CONTROL/imports/import-mt.php

In b2evo versions 0.9.x, you don't need to do anything, you're not affected by this issue. Your version is aging though, and you should consider upgrading as soon as we release 1.8.6.

Older versions: you are not affected by this issue, however your version is so old that you may be affected by other issues. It is strongly advised to upgrade.

We'll release a fixed version of b2evo later tonight.