It's been a long time in between updates for subtext, but, has it actually been worth it? Well, kinda. Compared to the 1.9.5 release this one seems a little rough around the edges.
If you're on a shared host WITHOUT full trust, beware! Things will break in multiple places, including:
DTP.aspx (The homepage) (tag "st" undefined, needed to add back 'Register TagPrefix="st" Namespace="Subtext.Web.UI.WebControls"') (My web.config merge error)- /admin/Posts/ (EnclosureMimetypes config section missing requirePermission="false" attribute)
- /admin/Feedback/ ("FeedbackStatusFlag" undeclared, needed to prefix with the namespace)
- Subtext.Framework.UrlManager.UrlReWriteHandlerFactory.GetHandlerForUrl(string url) also breaks from a security permission when calling UrlAuthorizationModule.CheckUrlAccessForPrincipal(), had to recompile Subtext.Framework to get around this.
EDIT: I don't mean to blast subtext, but I might as well lay a few more issues out there:
- The call to "/Admin/Services/Ajax/AjaxServices.ashx?proxy" throws an "Operation could destabilize the runtime" exception, haha I must say this is the first time I've seen that, fixed by generating the AjaxServicesProxy.js file locally.
- In the Feedback admin area, when hovering the URL icon the "title" tag shows the email address.
- Forgot to add this last night: Had to remove the OpenID stuff from the login page, errors with "Cannot be called from Untrusted assembly".
The problems in this upgrade mostly appear to be stemming from carelessness regarding restrictions in medium trust. I guess the question is - "Is subtext venturing away from medium trust on purpose?"
Looking to the future. From what I recall I don’t think it’s actually possible to run .net 3.5 applications without full trust, features such as anonymous types simply don’t work.