Hi All, I hope everyone is doing well. I'm super excited today to announce the official release of our InstantForum 2016-1 update. This is a free update to all existing InstantForum 2015 and 2016 customers. You can find our InstantForum 2016-1 download on your My Licenses page. For upgrade instructions please refer to our InstantForum 2016 to InstantForum 2016-1 upgrade notes.
Our InstantForum 2016-1 update offers significant improvements to theming, security & performance. We've also added a number of commonly requested features and of course addressed several minor bugs discovered since our InstantForum 2016 release.
For a complete list of changes please refer to our release notes. To give you a taste of what you can expect with this update I've gone into further detail below for the improvements we are most excited about.
For this update we've rewritten all CSS used by InstantForum. We felt the previous CSS was getting a little messy with inconsistent naming conversations, redundant classes and duplicate or very similar CSS .
Our new CSS framework uses a unique naming convention to avoid naming conflicts with other CSS frameworks or even your own web sites styles. We also now follow a structural hierarchy or block element modifier (BEM) convention to minimize duplication of CSS and allow us / you to easily decorate elements with multiple CSS classes for different visual effects.
Whilst we appreciate changing the CSS may cause some pain we really felt it was time to clean things up and go through line by line to develop a cleaner, simpler framework. You can see the updated uncompressed CSS used by InstantForum 2016-1 at the links below. If your familiar with the existing CSS from earlier versions of InstantForum we hope you'll agree our new CSS is a hugh improvement....
We've also updated our built-in theme roller to ensure this fully supports the new CSS framework. You can use our theme roller as before to create themes within InstantForum 2016-1 or above.
By default InstantForum uses SHA512 and a large cryptographically safe random salt to generate a one way hash for user passwords before storing the hash within the InstantForum database. This is considered a very secure method of storing user passwords.
With InstantForum 2016-1 we've taken this a step further and introduced an additional layer of protection in the form of a private pepper. This pepper is intended to help further secure user passwords stored within the InstantASP_Users table.
If supplied this pepper is now combined with each per user salt before computing SHA hashes.
As this pepper is stored separately from your database within your web.config file if an attacker compromises your hashes and salts stored within the InstantASP_Users table they won't have access to the private pepper making rainbow table attacks impossible. This is true even if you opt to use an older insecure hashing algorithm such as MD5 or SHA1 assuming the attacker does not compromise your private pepper.
We are confident with the current security offered by InstantForum however the extra entropy introduced by combining the global pepper with each per user salt before generating hashes and the fact the pepper is stored separately outside of your database just offers even more security for your users passwords.
Whilst InstantForum supports several encryption & hashing options for storing user passwords we would always suggest opting to use a strong one way hashing algorithm from the start. For example SHA256, SHA384 or SHA512 as opposed to a two way encryption algorithm such as AES. Symmetric key encryption such as AES is only as secure as the private key.
Unfortunately at the moment you can only take advantage of this new pepper option with a fresh InstantForum 2016-1 installation. We are working on a migration path to allow existing customers upgrading from earlier versions of InstantForum to take advantage pf this new pepper. This will be available for our 2016-2 update.
On the server we've improved the performance of all paging stored procedures used within InstantForum 2016-1. Customers with very large communities should now see a significant performance increase when paging to the final pages within very large result sets. This optimization will only really be noticeable if you have say 10,000+ pages and are attempting to visit the last pages of this result set say pages 9,999, 9,998 etc. Previously InstantForum used temporary tables to achieve pagination. With InstantForum 2016-1 we've moved to inline table variables.
On the client side we've made several large optimizations & dozens of micro optimizations which should result in better overall performance. We've simplified the DOM by reduced nesting and improved the semantics of all HTML produced by InstantForum. We've improved several areas of our rich text editor and optimized several controls we use through out the InstantForum interface.
One Click Email Opt Out
We've heard a few times it was frustrating to have to login and visit your subscriptions page within InstantForum to unsubscribe from email notifications generated by forum or topic subscriptions. With InstantForum 2016-1 if you subscribe to forums or topics all email notifications for updates within subscribed forums or topics will now contain a unique link allowing you to instantly opt out of further email notifications. This eliminates the need to login if you wish to opt-out of further email notifications.
You can take a look around our latest InstantForum 2016-1 update using our online demo..
Try Free For 30 Days
We welcome you to try InstantForum free for 30 days either on-premise or within our Windows Azure cloud environment. To get started sign-up for our completely free trial below...
Start Free Trial
Again these are just a few of the improvements from this release. For a complete list of changes please refer to our release notes. As always I like to thank those who suggested ideas or helped us during the beta for this release. A special thank you to the Michon and Jan at InterXL and to Ian at Moneyfacts for your time & feedback..
We hope you enjoy this update and of course if we can assist with any questions or concerns please don't hesitate to pop a comment below, contact us or post within our community forums.