We have been pushing, and blogging about, these new features and bug fixes out to our 565920 strong and growing community in the form of nightly builds over the past months.
This way our new development is continuously tested by thousands of users and we can all be confident that CB 2.1 is a rock solid system ready for prime time.
With so many new features, this article could not possibly begin to give this release the coverage it deserves. You can read the full changelog in the discussion thread and we will blogging more about CB 2.1, but in the meantime we have compiled a Magnificent Seven list of some really great features in CB 2.1:
New Canvas layout gives user profiles and lists a cleaner more stylish look that is easier to adjust with CSS overrides. Kyle has already given us a great preview on this new look and how to make it work for you.
Image browser side resizing and cropping make all your image fields look the best they can and fit nicely in your site layouts. Another awesome preview on this feature also in Kyle's blog.
Improved and friendlier URLs for better SEO rankings - no more ugly and cryptic link names. More about this new feature that needs Joomla 3.6 in Kyle's SEO Everything blog.
Joomla 3.6.5 has been released to address three security vulnerabilities, some security hardenings and three bug fixes.
It is highly recommended that all Joomla sites upgrade to Joomla 3.6.5 especially if you have not previously upgraded to Joomla 3.6.4.
Once again, sites with Community Builder 2.0+ are protected from the high level vulnerabilities fixed in Joomla 3.6.4 and 3.6.5.
For sites below Joomla 3.6.4 and that don't have CB 2.0+ and can't be upgraded immediately, you should immediately turn Joomla user registration off, if it is on (CB user registration is not affected).
Basically the Joomla Security Strike Team has confirmed the original implications where malicious hackers could exploit the vulnerabilities to create their own administrator account but the team also confirmed that "under certain circumstances" the attackers could alter existing user accounts ( -- yes, even admin accounts).
The CB Team has also taken a closer look at Community Builder 2.0 installations on Joomla 3 environments and discovered that such sites are actually protected against these nasty Joomla vulnerabilities. By default, all CB 2.0+ installations automatically enable the CB system plugin that redirects Joomla registration and login requests to the equivalent CB requests that are not affected by these Joomla vulnerabilities.
So, simply put: all CB 2.0 / Joomla 3.x sites are protected from these Joomla vulnerabilities.
Please note that our recommendation is still to upgrade all Joomla sites to Joomla 3.6.4 as soon as possible, and additionally rename the Joomla htaccess.txt file (and configure it to your base folder if needed) for added protection.
All sites with Joomla 3.4.4 through Joomla 3.6.3 must update to Joomla 3.6.4 now - this is extremely important as the found vulnerabilities let hackers create accounts on your website and then to promote them to administrator (but not super-administrator ones)
All sites with Joomla 3.x less than 3.4.4 should upgrade as soon as possible to Joomla 3.6.4. These sites are not affected by the two critical vulnerabilities, but there are many other know issues that have already been fixed
All Joomla 2.5.x sites (1.0-2.5 are not affected by these 2 vulnerabilities, but they are by other known ones) should plan to upgrade to Joomla 3.6.4. If not possible soon, they should at least by now have updated to the unofficially security-maintainedJoomla "2.5.999"version which includes fixes only for high-level security issues (download zip button at top right) and follow that project on github, while planing to plan an upgrade to latest Joomla.
And, as always, make a full backup of your website before you attempt any upgrade.
Community Builder 2.0.15 and all our latest CB add-ons versions are running fine on Joomla 3.6.4 according to our tests.
Beat, member of both CB Team and of the Joomla Security Strike Team (JSST), insists on the urgency and the importance of this Joomla 3.6.4 upgrade: Stop doing what you are doing and Upgrade Now. If you can't, then take an off-site archive-backup of your site Now. Only the latest versions of Joomla and of all your extensions and add-ons, which are the only ones maintained are considered safe at all times.