BlogCFC 5.9.8.001 has been released. This is a very large update in terms of security. When I first built BlogCFC, I wasn't really too concerned about security best practices within the database. I stored all my passwords as plain text. That's wrong, but is not something I ever had time to fix. Rob Brooks-Bilson took on this task and has completely revamped how users are stored/authenticated. Going forward, passwords are both salted and hashed.

For existing users, it is crucial that you read the readme.txt file. Rob created a web based wizard that can update your existing user records. If you do not do this, you will not be able to log on.

Along with Rob's changes, the following has also changed:

  • Fix some minor UI issues, like jQuery being loaded twice.
  • Added the ability to quickly check all in the admin/list screens.
  • Case issue in SQL for isBlogAuthorized().

Stephen M. has updated the docs to reflect these changes. I'll be updating the web site copy of the docs soon.