Major Highlights

Add Office 2007 File Extensions to default allowable file extensions in Host Settings

Add reference to SQL Server 2008 to Install Wizard to make it clear that SQL Server 2008 is supported

Moved Whats New Module/Page to Host menu as it contains content which is not applicable to the Administrator

Corrected a problem with "Auto" installation option which would occur when using a non-dbo database user

Inline updates to Text/HTML were not HTML encoded when stored in the database

App_Browser renamed to App_Browsers in order for ASP.NET to recognize it incorrectly

Pages in the navigation menu linked directly to a file no longer served the file correctly

Can not delete Portal if search items exist in the database which are associated to the portal

Removed None Specified option for Folders in Page Export feature as it could cause an error if a user clicked Export without selecting a folder.

Fixed major performance issue when adding new portals which would cause the system to unload and reload all cached objects

Security Fixes

Low - HTML/Script Code Injection Vulnerability

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.3 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

Announcements 04.00.02

Providers

None

Major Highlights

Added the ability to perform permanent redirect from an existing page using the page settings screen.

Fixed issue with the permanent forms authentication cookie which cause problems in SSO environments.

Fixed issue which required a workaround to import page templates into a portal

Fixed a caching issue which prevented modules from being properly cached if they used a specific caching method overload

Fixed issue which resulted in an error installing the Broadcast Polling Provider

Fixed tab redirect issue which allowed a user to directly navigate to a tab which was supposed to redirect to another URL

Fixed a continuous redirect issue which occurred when trying to upgrade from early 4.x releases to 4.9.1

Security Fixes

None

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.2 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

None

Providers

FckEditor Provider 2.0.3

Major Highlights

Fixed issue with the cache which was preventing proper operation of the scheduler.

Fixed issue with web crawlers which could cause thrashing in the cache

Fixed issue with the EventQueue to remove events that result in an error.  This prevents an event from filling the event log with errors.

Fixed issue with the RoleController.GetUserRoles method which introduced a breaking change in 4.9.0.

Added a new column to the version table to distinguish between Community Edition and Professional Edition installs

Added a new feature for logging server restarts in a web farm environment.

Added a new admin Dashboard page.  The dashboard provides a single page where hosts can view an overall snapshot of their site.

Security Fixes

Critical - User can access additional roles for which they do not have permissions

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.1 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

Survey 04.60.00

Providers

AD Authentication Provider 01.00.05

Major Highlights

Fixed issues with the URL Rewriter.  There were several issues which could result in unreachable pages using friendly URLs.  We have added in validation logic to prevent pages from being created which would violate folder naming standards or which would result in two pages receiving the same Human Friendly URL.

Fixed longstanding issue in the file based caching provider.  There was invalid logic in the caching provider which prevented it from working correctly.  The provider has been re-written to resolve the problem and provide a stable platform for web-farm scenarios.

Fixed several dictionary errors.  These errors mostly occurred under heavy load or were otherwise intermittent.  Dictionary usage was evaluated throughout DNN and updated to utilize thread-safe approaches for updating and caching the dictionary.

Fixed an issue that prevented users in certain locales from adding modules to div based panes.

Added a new default skin that is more contemporary

Added a new default template that removes much of the clutter and unnecessary information.

Added a new Text skin object that allows you to add localized text to your skin.

Added a new Styles skin object that allows you to insert additional stylesheets into the page header.  Stylesheets can be optionally included using IE Conditional Comments.

Enhanced the Search skin object to include the option to display a dropdown list of web/site search options.

Enhanced the Update Notification Service to display information on new language packs that are available for locales which are currently installed.

Security Fixes

Critical - Authentication blindspot in User functions

Critical - Validation failure in Repository Module

Critical - Validation failure when loading skins

Low - Information leakage in Install Wizard

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.0 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

Documents 04.01.00

Events 04.00.02

Help 03.00.02

HTML 04.08.01

Links 04.00.01

NewsFeeds 04.00.00

Repository 03.01.15

Survey 04.50.00

UserDefinedTable 03.05.01

Wiki 04.01.00

Providers

FCK Html Editor Provider 02.00.02

AD Authentication Provider 01.00.04