A new release of Textpattern (news) is available. This version has a focus primarily on security and introduces a number of new changes to the way passwords are handled as well as general security fixes.
Some excerpts from the release announcement:
.htaccess-dist file in the
/files directory to
.htaccess to prohibit direct URL access to your files.
password function for a long time now. MySQL themselves do not recommend this and, moving forward to TXP 5, our goal is to open up the avenue for using other databases, so to rely on MySQL is counter to this philosophy. We have therefore taken the step of implementing phpass from this point forward.This has the implication that passwords are now case-sensitive.
This release also mops up some bits and pieces that snuck into 4.3.0. Namely:
<txp:variable /> when dealing with empty values
get_pref() bugs squashed
jQuery has also been upgraded to 1.5.1.
For the full announcement, or to download, visit: http://textpattern.com