A security flaw was identified for BlogEngine.NET version 1.3.0.0 and the team was quick enough to announce and release a patch.

Check the following link for details: Critical Security Patch Available [more]

It is unfortunate that the issue could not have been handled more discretely.  If you are blogger writing about the issue, we’d hope that you could refrain for spelling out exactly how to attack sites that haven’t been updated yet.  (Yes, we do want people to know there is a problem that needs patched, but we’d prefer if were weren’t tempting casual hackers to try out the hack on a unpatched site by giving them a step by step guide.)

Again, we are sorry for the inconvenience and any trouble this may have caused you.  If you know of other BlogEngine.NET users, please pass this information along.

For BE.NET users who have modified the BlogEngine.Core and would like to identify the changes without overwriting their customizations (and can’t find details), I would suggest you look for an assembly diff tool to differentiate the patched and unpatched assemblies.