Once again we have two sister releases: 1.8.7 "Tokyo" and 1.9.2 "Kyoto".

They both include additional security enhancements over the previous versions.

Although the addressed issues are not very likely to be exploited in a meaningful way, we still recommend that you upgrade for maximum security.

Version 1.9.2 "Kyoto" irons out the glitches remaining in the 1.9.x branch and we now consider 1.9.2 to be our new stable release. You may want to take this opportunity to upgrade to 1.9 if you're still using 1.8.x or an older version.

Download here!

We also have packages which only contain modified files:

• upgrade-1.8.5-to-1.8.7.zip
• upgrade-1.8.6-to-1.8.7.zip
• upgrade-1.9.1-to-1.9.2.zip

Upgrade instructions from 1.8.x to 1.9.x: http://manual.b2evolution.net/Upgrade_from_1.8.x_to_1.9.x

Happy New Year to everyone! :D

And if you're a b2evolution blogger, I foresee 2007 will be a great year for you! ;)

From where I stand, I see an upcoming 2.0 release this year, featuring many of the most requested features, plus a couple more that you may not have expected.

Before that, we'll also release a stable 1.9.x version, which should feature a new selection of default plugins.

And right now, you may have noticed, we have cleaned up the website a little bit. Most obviously, the home page now has the news in a prominent place. That's not just a design decision; that's also because we expect more news this year than ever before... Stay tuned! ;)

In the meantime, the whole evoteam wishes you the best blogging year you can possibly make! B)

-François.

I am sorry to report that our forums server (the one in New Zealand) crashed... and crashed pretty bad... most recent backups included :-/

The forums are back online but, unfortunately, the most recent backup we could restore is from Dec 18. While we've had it worse in the past, we still hope to do better in the future. Anyway, if you asked for help recently and you can't find your post, don't get mad, your post has *not* been deleted... it unfortunately got lost. :roll: Please post again.

On a related note, you may have noticed that the main b2evolution.net site (that one hosted in the US) has suffered some (a little bit too frequent) outages during the last weeks/months. In an attempt to improve this, we have just moved the site to a new server. (Hopefully it gets better... if you notice a difference, please let us know...)

If you can read this, you are reading off the new server! :D

Only December the 2nd and we already have 2 new releases this month! It may seem as we can't get enough releases out the door. But these ones are for your security, so...

It is extremely strongly advised you upgrade!

Download here!

These releases patch the security issue discovered this week in 1.x releases. (If you are running version 0.9.1 or 0.9.2 you are not affected, but it would still be a good idea to upgrade.)

Those versions are codenamed after Anne & Chris who were the first two users reporting the issue. Thanks to both of you as well as to all other users who have helped identifying and fixing this issue in such a short delay.

These versions also include additional security measures, just in case. Sort of having two locks on your door instead of one.

Bonus in version 1.8.6 "Anne": Yearly archives are back. You can display all posts for 2005 with your-blog-url?m=2005

Bonus in version 1.9.1-beta "Chris": a few little bug fixes that make this version less of a beta than 1.9.0 ;)

Well, it's been a long time since the last security alert, but every now and then someone finds a security hole and it gets exploited...

This one doesn't affect b2evolution in itself but the Movable Type Importer as shipped with b2evolution since version 1.6. So, in effect, this security issue affects all versions of b2evolution since 1.6. With the latest tests, versions 0.9.x have appeared to be safe.

The good news is that it is very easy to secure your b2evolution installation before it gets hit by an attack: just delete the Movable Type Importer (you don't need it. It is only used *during* the import if you have migrated from MT to b2evo).

In b2evo versions 1.x, delete this file from your server:
/blogs/inc/CONTROL/imports/import-mt.php

In b2evo versions 0.9.x, you don't need to do anything, you're not affected by this issue. Your version is aging though, and you should consider upgrading as soon as we release 1.8.6.

Older versions: you are not affected by this issue, however your version is so old that you may be affected by other issues. It is strongly advised to upgrade.

We'll release a fixed version of b2evo later tonight.

Version 1.9.0 is now available for download on SourceForge.

This has been in the works for quite a few months now and includes many new features. Enough good features to make you feel like it's Christmas before Christmas! But don't take our word for it. Go check it out! :D

It is a beta version but if you're not afraid of occasionally patching a quirk or two, it is probably stable enough to be run on production (we do so on several sites).

Otherwise, the rock stable version 1.8.5 is still the recommended stable release.

Translators: this new version includes new strings. Now would be a good time to update your language packs and send them in! ;) New translations or alternative translations to existing ones are welcome too!

New features you may like include:

• Enhanced stats (fplanque)
• Different item edit views: simple, advanced (blueyed, fplanque)
• Cleaned up blog management (fplanque)
• Visual skin selector (fplanque)
• Filemanager: basic image preview while browsing (blueyed)
• Post contents get pre-rendered and cached at edit time in order to speed up complex displays. The cache data gets invalidated automatically, e.g. if a plugin gets updated. However, just in case, there's a "Delete item cache" action in the "Tools".
• Ping services are now implemented as plugins with b2evolution.net and Pingomatic included. There is also a "Generic ping plugin" which can be used for common RPC ping services. (blueyed)
• Different modes of hitlog/session pruning: per page, as cron job or "off" (fplanque, blueyed)
• Bonus template for standalone contact form. (fplanque)
• Enhanced user interface
• Enhanced handling of locale dateformats (especially when editing posts with other date format chars than "d", "m" and "Y"/"y") (blueyed)
• "Time difference" can now handle values like "1.5" hours. (blueyed, balupton)
• Fixed displaying yearly archives (fplanque)

Plugin enhgancements include:

• Enhanced smilies plugin (Yabba)
• Plugins can get localized/translated (blueyed)
• Plugin name and short description of installed plugins can be edited by the admin (blueyed)
• Plugins should not use a constructor anymore, but the PluginInit() method instead. The previous AppendPluginRegister() method has been "renamed" to PluginInit(). (blueyed)
• Plugins can be grouped (see Plugin::group and Plugin::sub_group) (balupton, blueyed)
• Added b2evo_Callbacks Javascript object to help plugins interact with the textarea and each other (blueyed)
• Optimized expensive queries in calendar plugin (fplanque)
• Added events/hooks: Logout, DisplayTrackbackAddr, GetCronJobs, ExecCronJob
• Added hook RenderItemAsText, removed general RenderItem
• Added hooks DisplayItemAsHtml, DisplayItemAsXml and DisplayItemAsText;
  removed general DisplayItemAllFormats (blueyed)
• Added hook ItemApplyAsRenderer for lazy renderers, which asks the Plugin
  if it wants to get added or removed as a renderer (blueyed)
• Added hooks GetProvidedSkins and DisplaySkin, so a Plugin can register skin handlers, e.g.
  for displaying something like Google Sitemaps (blueyed)
• Added hook ItemSendPing: gets called, when pinging for new items (blueyed)

And for more details about additional fixes and improvements, please refer to /doc/changes.html within the downloaded ZIP file.