Major Highlights

• Fixed issue which mis-assigned page permissions to new modules
• Fixed issue where a fallback language is not defined
• Fixed issue  where portal administrator could not manage user roles
• Added core sqlconnection pool segmentation to protect core from any module issues
• Fixed issue where Authenticated Caching setting was not getting saved correctly
• Fixed issue where code sub-directories are not properly removed in web.config
• Fixed issue with UpgradeIndicator which could throw an error under some conditions
• Fixed issue where data could become corrupted under extremely heavy load
• Fixed issue where GetPortalRoles stored procedure was missing new audit fields
• Fixed issue where some DataReaders were not guaranteed to be closed if an error occured
• Fixed issue where GetFolders API method was changed resulting in a breaking change
• Improved performance by removing use of regular expressions in Globals.CreateValidId
• Fixed issue where all installed languages are enabled on all portals after an upgrade
• Fixed sitemap priority to use invariant format
• Fixed issue where 05.00.00 SQL Upgrade script is incompatible with SQL Server 2000
• Fixed issue where HTML/TEXT module was not correctly handling Encoded data
• Fixed issue where hierarchical lists are not properly deleted
• Fixed performance issue where delayed loading of some PortalSettings results in race condition
• Fixed issue where banners were not properly rotated
• Fixed issue where "Create Language Pack" creates an empty package
• Fixed upgrade issue when Active Directory provider is installed
• Fixed issue which changed the Edit Module permission in 5.1 and restored the 4.9.4 behavior.
• Fixed issue where the resource verifier misses files to report
• Fixed issue with control panel after installing the Turkish Language Pack
• Fixed issue where deprecated properties of the Membership provider resulted in errors in the Token Replace API
• Fixed PageLoadException errors caused by specific UserAgents being mis-identified by the browser definition files
• Fixed issue where "Premium Modules" settings don't work for upgraded sites
• Removed Classic ControlPanel from the distribution
• Improved locking mechanism of GetCachedData

Security Fixes

• none

Updated Modules/Providers

The following modules and providers have been updated in the 5.1.1 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• HTML 05.01.01

Providers

• FilebasedCachingProvider 05.01.01
• DatabaseLoggingProvider 05.01.01
• AspNetMembershipProvider 05.01.01
• DNNMembershipProvider 05.01.01
• SearchProvider 05.01.01

Major Highlights

• Added Content Versioning and simple workflow to the HTML module.
• Added Admin Console module to simplify access to administrator and host pages
• Added publicly accessbile skin engine lifecycle events
• Added audit trails to core system tables
• Added built in support for Google Analytics
• Added custom sitemap priorities
• Enhanced the permission system to use the provider model, allowing for custom permission providers
• Enhanced caching to enable access by distributed caching systems
• Enhanced installation and upgrade logic to automatically detect .Net 3.5 and to upgrade the web.config as appropriate.
• Enhanced the extensions pages to show which modules are used and to show the pages where they are currently in use
• Enhanced the Scheduler to show a checklist of available servers in the webfarm where scheduled tasks can be executed.
• Enhanced the Scheduler to support multiple instances running on the same server
• Fixed issue with removing Superuser role from a user.
• Fixed issue with deleting users which was not fully recognized by the rest of the application.
• Fixed issue with upgrades which would fail if .Net 3.5 was installed
• Fixed issue with skins installed using the batch installer.
• Fixed change to GetModulesByDefinition API method which resulted in breaking change from DotNetNuke 4.x
• Fixed CloakText API method which was broken in 5.0.1
• Fixed issue with stored procedure for Dashboard which would fail with an error if database account did not have permissions to the MSDB database.
• Fixed issue where pages added while on a host page will not be associated with a portal.
• Fixed issue where the ReturnURL for the SendPassword and Register links on the Login page were broken.

Security Fixes

• none

Updated Modules/Providers

The following modules and providers have been updated in the 5.1.0 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Forms and List 05.00.02
• Announcements 04.00.03
• Reports 05.01.00
• Events 05.00.01

Providers

• FckHtmlEditorProvider 02.00.04
• AD Provider 05.00.02

Major Highlights

• Added the ability to automatically update user roles without requiring the user to logout and log back in.
• Changed the user deletion code to use a soft-delete rather than removing the user record.  This ensures that modules like the Forums behave correctly for a previously "deleted" user.
• Added IP logging to the User's table to capture the last IP address from which a user logged in.
• Fixed breaking change with case sensitivity in the name of skin panes.  This fix restores the case-insensitivity of previous DotNetNuke releases.
• Fixed breaking change with ModuleId in DotNetNuke 5.0 which changed ModuleId to a readonly value.
• Fixed breaking change in CBO.FillDictionary to restore previous behavior.
• Fixed breaking change which prevented legacy skins from being installed when using the auto-install option.
• Fixed breaking change which prevented updated DLLs from being replaced when repairing a module installation.
• Fixed breaking change in HumanFriendlyUrls which prevented querystrings from being properly read when using HumanFriendlyUrls
• Fixed breaking change in legacy modules which would not store a zip file which was not designated as a resource file.
• Fixed breaking change in legacy modules which ignored zip directories.  DNN 5 changed this behavior.
• Fixed breaking change in default.css which resulted in changes to existing skin layouts.
• Fixed issue with roles module which prevented users from delegating role administration to a non-admin user.
• Fixed issue which prevented some users from logging out due to the inability of the system to detect their country.
• Fixed issue with Module Action Menu which prevented it from opening links in new windows.
• Fixed issue that results in an error when the Cache logs an error under the new CACHE_ERROR event type
• Fixed a packaging issue with FCKEditor which caused the LinkEditor to cause an unhandled exception.
• Fixed an issue which resulted in the system not being able to display the portalaliases screen

Security Fixes

• Fixed version nformation leakage issue in the install wizard

Updated Modules/Providers

The following modules and providers have been updated in the 5.0.1 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Forms and List 05.00.00

Providers

• FckHtmlEditorProvider 2.0.3
• AD Provider 05.00.01

Major Highlights

• Added jQuery support to the core platform.  jQuery will now be distributed as part of the DotNetNuke installation and will be available for use by module developers.
• Added support for Internet Explorer 8 Web Slices.  Administrators can configure any module to use IE8 Web Slices including the ability to set time-to-live and expiration values.
• Removed distinction between admin modules and pages and normal pages.  This allows administrators to easily delegate access to any portion of the application to any group of users.
• Updated the installation services to support manifest files for all extension types.  Now skins, containers, providers and modules are all first class citizens that can be installed and uninstalled.
• Expanded XHTML, WCAG and ADA compliance.
• Refactored core to improve support for Unit Testing.  Refactored several core classes to use interfaces and added a simple component factory to provide dependency injection support. 
• Added ability to deny permissions in the permissions grid.  This new feature extends the permission framework to give administrators greater flexibility in defining permissions.
• Added Widget framework.  The new Widget framework allows you to quickly add JavaScript/html widgets to your site with very little effort.  The framework supports the use of a simple object tag based representation which means you don’t have to know JavaScript in order to add the widgets.
• Added new Object notation for using skin objects in Skins.  Skin designers will no longer need to include separate XML files when creating and packaging skins.  No more funky “[SKINOBJECT]” tags littering your html.  This significantly simplifies the process of creating skins and further opens up skin development to a broader group of designers.  If you include a simple JavaScript reference in your HTML skin, you can even get a full WYSIWYG experience when designing your skin.

Security Fixes

• Includes a rollup of all 4.x security fixes

Updated Modules/Providers

The following modules and providers have been updated in the 5.0.0 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Providers

• AD Authentication Provider 05.00.00

In addition to these highlights there are literally hundreds of bug fixes in this release.

Major Highlights

• Fixed a major module caching issue which resulted in empty content for webcrawlers
• Improved performance of FormatRemoveSQL method

Security Fixes

• Low - Errorpage information leakage
• Low - HTML/Script Code Injection Vulnerability

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.4 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Announcements 04.00.03

Providers

• Removed the AD Provider so that it cannot be installed by the Install Wizard.  It can still be manually installed.

Major Highlights

• Add Office 2007 File Extensions to default allowable file extensions in Host Settings
• Add reference to SQL Server 2008 to Install Wizard to make it clear that SQL Server 2008 is supported
• Moved Whats New Module/Page to Host menu as it contains content which is not applicable to the Administrator
• Corrected a problem with "Auto" installation option which would occur when using a non-dbo database user
• Inline updates to Text/HTML were not HTML encoded when stored in the database
• App_Browser renamed to App_Browsers in order for ASP.NET to recognize it incorrectly
• Pages in the navigation menu linked directly to a file no longer served the file correctly
• Can not delete Portal if search items exist in the database which are associated to the portal
• Removed None Specified option for Folders in Page Export feature as it could cause an error if a user clicked Export without selecting a folder.
• Fixed major performance issue when adding new portals which would cause the system to unload and reload all cached objects

Security Fixes

• Low - HTML/Script Code Injection Vulnerability

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.3 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Announcements 04.00.02

Providers

• None

Major Highlights

• Added the ability to perform permanent redirect from an existing page using the page settings screen.
• Fixed issue with the permanent forms authentication cookie which cause problems in SSO environments.
• Fixed issue which required a workaround to import page templates into a portal
• Fixed a caching issue which prevented modules from being properly cached if they used a specific caching method overload
• Fixed issue which resulted in an error installing the Broadcast Polling Provider
• Fixed tab redirect issue which allowed a user to directly navigate to a tab which was supposed to redirect to another URL
• Fixed a continuous redirect issue which occurred when trying to upgrade from early 4.x releases to 4.9.1

Security Fixes

• None

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.2 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• None

Providers

• FckEditor Provider 2.0.3

Major Highlights

• Fixed issue with the cache which was preventing proper operation of the scheduler.
• Fixed issue with web crawlers which could cause thrashing in the cache
• Fixed issue with the EventQueue to remove events that result in an error.  This prevents an event from filling the event log with errors.
• Fixed issue with the RoleController.GetUserRoles method which introduced a breaking change in 4.9.0.
• Added a new column to the version table to distinguish between Community Edition and Professional Edition installs
• Added a new feature for logging server restarts in a web farm environment.
• Added a new admin Dashboard page.  The dashboard provides a single page where hosts can view an overall snapshot of their site.

Security Fixes

• Critical - User can access additional roles for which they do not have permissions

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.1 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Survey 04.60.00

Providers

• AD Authentication Provider 01.00.05

Major Highlights

• Fixed issues with the URL Rewriter.  There were several issues which could result in unreachable pages using friendly URLs.  We have added in validation logic to prevent pages from being created which would violate folder naming standards or which would result in two pages receiving the same Human Friendly URL.
• Fixed longstanding issue in the file based caching provider.  There was invalid logic in the caching provider which prevented it from working correctly.  The provider has been re-written to resolve the problem and provide a stable platform for web-farm scenarios.
• Fixed several dictionary errors.  These errors mostly occurred under heavy load or were otherwise intermittent.  Dictionary usage was evaluated throughout DNN and updated to utilize thread-safe approaches for updating and caching the dictionary.
• Fixed an issue that prevented users in certain locales from adding modules to div based panes.
• Added a new default skin that is more contemporary
• Added a new default template that removes much of the clutter and unnecessary information.
• Added a new Text skin object that allows you to add localized text to your skin.
• Added a new Styles skin object that allows you to insert additional stylesheets into the page header.  Stylesheets can be optionally included using IE Conditional Comments.
• Enhanced the Search skin object to include the option to display a dropdown list of web/site search options.
• Enhanced the Update Notification Service to display information on new language packs that are available for locales which are currently installed.

Security Fixes

• Critical - Authentication blindspot in User functions
• Critical - Validation failure in Repository Module
• Critical - Validation failure when loading skins
• Low - Information leakage in Install Wizard

Updated Modules/Providers

The following modules and providers have been updated in the 4.9.0 packages.  Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

• Documents 04.01.00
• Events 04.00.02
• Help 03.00.02
• HTML 04.08.01
• Links 04.00.01
• NewsFeeds 04.00.00
• Repository 03.01.15
• Survey 04.50.00
• UserDefinedTable 03.05.01
• Wiki 04.01.00

Providers

• FCK Html Editor Provider 02.00.02
• AD Authentication Provider 01.00.04