If you're using BlogEngine (like me), then you'll be pleased to know that version 1.4 has been released.

Al Nyveldt has come up with an upgrade guide to ease the transition.

Last, if you need a few reasons to upgrade, here's a taste of what's new:

• Universal database provider (MySQL, SQL Server, VistaDB, Oracle etc.)
• Drag ‘n drop widget framework (prototype video)
• Author profiles using ASP.NET profile provider
• Subcategories
• Password encryption
• Better performance
• Tag selector in control panel
• Semantic formats (FOAF, SIOC and APML)

I'm planning my migration strategy, the first step of which entails finding time to do it. Remember to backup EVERYTHING before you get started. Better safe than sorry.

Thanks to Al Nyveldt for providing a most useful extension/widget to track my most popular posts.

You can see what it looks like to the right. I had started with just the "Top 5". That quickly changed to the "Top 7" just because I figured why not show a couple more than just 5? Of course, 7 is kind of an odd number. You don't see Letterman doing a "Top 7", after all. So, I bumped it up to the current number that it is now, 10.

The widget is great. It allows me to showcase posts beyond those that show up on my home page while also giving me and my readers a quick look at how many views each post has gotten.

The interesting thing about displaying my popular posts is seeing how they almost jockey for position. Just days after I bumped the display count to 10, one of the posts fell off as newer entries (here and here) overtook it. It seems to be staying fairly consistent now, with several of my various posts about Tor's Free E-book Giveaway scoring the most views. I expect it to continue to change, though, as fresh posts overtake the "stale" ones.

If you have such a feature available via your blogging software, I highly recommend making use of it

Thought I would spread the word: there's a particularly nasty vulnerability that was discovered in BlogEngine.NET (the blog engine I use on this site). A patch is available via either a patch file or a complete code download (BlogEngine.NET is an open source project), though the patch link wasn't working when I tried it. I got the whole download instead and re-compiled the necessary changes. So, my site is patched and no longer vulnerable to that particular attack anyway.

You have to give the development team of BlogEngine some credit--they jumped on the problem fairly quickly and made a fix available. As a software engineer myself I know all too well how easy it is to let such things slip by. We recently had the issue of SQL injection attacks brought up in my development team; fortunately we had our bases covered on this one. But, as a precaution, we're going through a full security audit of our entire code base. One can never be too careful these days.

Critical Security Patch Available