BotDetect CAPTCHA Roadmap & Release Notes

.NET CAPTCHA Generator RoadmapLast updated: 2018-05-27

ETA, Status


  • Several minor 4.3.x spamfix releases


  • During the time leading to the 4.4


  • In progress


In order to give spammers a few years worth of extra homework 'spamfix' features will not be detailed in the roadmap and release notes -- too few folks other than spammers would benefit from it.

If you are among those few who must know then license the source code -- and indulge in digging as much as it please you.

In general, the changes will go in the following directions:

  • Switching to grayscale algos to avoid interfering with your designs, and then retiring 'the named algo' concept entirely.

  • Increasing the number of algos and tweaking them frequently.

  • Making different tech backends render differently. That will turn BD into three different captchas; each with a slice of the former marketshare; killing financial incentive for breaking any of them.

  • Obscuring the algos visually in order to turn the tracking of an algo existence and its future changes into an exercise in futility.


  • Those changes will make preparation of the training datasets crazy expensive; but the source code will have to be kept away from spammers. Therefore, there will be licensing, pricing, and order processing changes that will allow for proper user vetting.


  • 4.4


  • Approx: 2018/06


  • In progress


To Do:

  • SQLite, Redis, Memcached
  • Simple API
  • Packaging
  • QA
  • Documentation


  • Support for SQLite, Memcached, and Redis as the BotDetect persistence-providers.

  • Unlike today, the users will be able to use persistence-providers WITHOUT having to enable ASP.NET sessions in web.config

  • This will make BotDetect to fit better into both web-scale operations and stateless workflows of various javascript frameworks.

  • Under the hood reorganization of BotDetect configuration that will allow for introduction of captcha styles that are configurable by a non-programmer, and without access to your application source code. Those captcha styles will consist of various combinations of image and sound algorithms and other settings.

  • This will provide an additional and simpler way for an application to request a captcha with a particular set of properties.

  • The load on your development teams and TCO will be reduced by completely freeing your developers from participation in any subsequent post-implementation customizations.

  • Implementing the new experimental BotDetect Simple API that provides friendlier client-side captcha display and validation workflows.

  • The goal is to provide easier integration in scenarios where user needs to display and validate captcha in partial page/view updates.

  • BotDetect Captcha Simple API based AngularJS & Angular 2/4/5/6 captcha modules & integration examples.

  • BotDetect Captcha Simple API based jQuery Captcha Plugin & integration examples.


  • Everything in this release except the SQLite persistence provider is already done and is being ported from BotDetect Java Captcha.

  • SQLite persistence provider is already done and is being ported from BotDetect PHP Captcha.

  • We are still wondering if we should continue making an 'installation' for examples, or distribute them as a .zip file only. If you have an opinion on this topic drop us a message through the contact form please.

  • SimpleAPI-based AngularJS & Angular 2/4/5/6+ Captcha modules, jQuery Captcha Plugin, and integration examples using them are all shared in between BD ports in all three technologies (.Net, Java, PHP); and are all already finished as a part of the BotDetect Java & PHP Captcha development.


  • 4.5


  • 2 months after 4.4
  • Approx: 2018/08


  • Integration examples for various workflows in React, Knockout.js, Meteor, Bootstrap js extensions, Backbone, Ember, Vue.js and other popular javascript frameworks.

  • Support for AppFabric, Azure Redis Cache, Azure Table, MSSQL Server/'Azure SQL Database', Oracle Database, Oracle Coherence, Oracle NoSQL Database, MySQL/MariaDB, NCache, Amazon Elasticache, Amazon DynamoDB, etc. as the BotDetect persistence-providers.

  • COM interface exposing Simple API functionalities to applications written in technologies that require use of external COM component instead of external .NET component.

  • Thin Classic ASP code layer exposing Simple API functionalities to Classic ASP applications.

  • Native support for responsive UI usage scenarios; now it is adaptive only.

  • Ensuring that the .NET Core version of BotDetect 4.5 works properly on Linux and Mac OSX.


  • The version 4.5 and subsequent releases will contain the numerous features that we had to cut out of version 4.4 in order to finally release it, as well as some additional functionalities that we are not ready to announce yet.

  • The priority will be given to those features and integrations that our paying customers will be requesting the most.


Release History

This is the version history of the BotDetect ASP.NET Captcha control:


Current Release

v4.3.2 Released 2018-05-27 v4.3.2 migration guide

iOS 11.3+ audio and bugfix release. Upgrade when it fits you!

  • Added support for audio on iOS 11.3+
  • Fixed a bug in testModeEnabled option that caused it to fail to turn-off some of the recently introduced spamfix features


Old Releases

v4.3.1 Released 2018-05-14 v4.3.1 migration guide

Spamfix & Security release. Upgrade at the first opportunity!

ASP.NET Core on .NET Core:

  • Separated our single .NET Core 1.x / 2.x build (that was .NET Standard 1.6 based) into:
    • .NET Core 1.x build that is .NET Standard 1.6 based, and
    • .NET Core 2.x build that is now .NET Standard 2.0 based
  • As the result of the previous item:
    • .NET Core 2.x build references System.Drawing package, while
    • .NET Core 1.x build still references CoreCompat.System.Drawing package since a functional implementation of System.Drawing in .NET Core 1.x does not exist yet
  • Fixed an obfuscation induced bug causing application to crash in the debug mode
  • Fixed a bug with HttpContext accessing that caused the "Instance doesn't exist in session" error in scenarios where load-balanced applications use centralized session storage
  • Fixed a bug occasionally causing BotDetect's data to fail deserialization during Captcha validation; and throwing an "Attempted to access an element as a type incompatible with the array" error
  • Fixed a bug causing "InvalidCastException: Unable to cast object of type 'System.Int64' to type 'System.Nullable`1[System.Int32]'" and "JsonSerializationException: Unable to find a constructor to use for type" errors that were thrown in some usage scenarios after setting some captcha options to non-default values

ASP.NET Core on legacy .NET:

  • Fixed a bug occasionally producing two Captcha image requests, instead of one, what later produced validation failure

ASP.NET on legacy .NET:

  • Fixed a bug causing the captcha code textbox to be disabled after a partial postback in some of scenarios where the WebFormsCaptcha control is used inside of an ASP.NET UpdatePanel instance

The following applies to:
ASP.NET Core on .NET Core | ASP.NET Core on legacy .NET | ASP.NET on legacy .NET

  • Several security improvements
  • Several spamfix improvements
  • Fixed "System.Security.Cryptography.CryptographicException: Specified padding mode is not valid for this algorithm" error that was thrown when validating Captcha in distributed applications due to use of GetHashCode() implementation that does not guarantee that different machines will generate the same hash code
  • Fixed a bug causing all captcha code inputs, but the first one in a page markup, to be disabled in scenarios with multiple captchas on the same page.
  • Improved grayscale Captcha image feature by use of CSS Filter in compatible browsers
  • Dropped support for the following browsers:
    • Internet Explorer versions before IE 8
    • Firefox versions before v52
    • Chrome versions before v49
    • Safari (MacOSX) versions before v5
    • Safari (Windows) all versions
    • Opera versions before v36
    In other words, those last remaining few still using the Windows XP should update their browsers to the latest version that still works on XP. If they cannot be bothered to update their browsers -- we cannot be bothered neither -- nor you should be!

v4.3.0 Released 2018-02-15 v4.3.0 migration guide

Spamfix release, upgrade at the first opportunity.

  • Several security improvements, upgrade at the first opportunity
  • Added support for ASP.NET Core 1.x / 2.x applications on top of the .NET Core 1.x / 2.x frameworks.
  • Integrated Xamarin Mono based CoreCompat.System.Drawing to BotDetect build on .NET Core since complete System.Drawing implementation in .NET Core 1.x / 2.x does not exist yet. When (if ever) Microsoft release the functional implementation of System.Drawing in some of the future versions of the .NET Core you will be able to use it instead of the CodeCompat.System.Drawing by simply changing nuget reference to System.Drawing in your .NET Core application's Project.json file.
  • Added AspNetMvc6NetCore10BasicCaptchaExample.csproj - Visual Studio 2017 MVC6 Example on .NET Core 1.x
  • Added AspNetMvc6NetCore20BasicCaptchaExample.csproj - Visual Studio 2017 MVC6 Example on .NET Core 2.x
  • Added AspNetMvc6NetCore10BasicCaptchaExample.xproj - Visual Studio 2015 MVC6 Example on .NET Core 1.x
  • Fixed a bug causing the Captcha audio to fail to play for the clients running iOS 11+ due to HTTP_X_PLAYBACK_SESSION_ID header being omitted in their HTML5 audio requests
  • Fixed a bug in BotDetect Features Demo example causing random image and sound style not working when 'Random' value is selected for image or sound style
  • Fixed a bug causing the Captcha audio to fail to play over SSL/TLS for the clients running Safari on iOS & OSX. This is not related to the wider issue of iOS clients refusing to play Html5 audio requested via SSL/TLS if the server runs on a self-signed certificate.
  • Added encryption of the querystring in calls in order to avoid leaking BotDetect version info to spammers
  • Captcha Image and Captcha Sound styles settings are ignored in the Free Version
  • Added grayscale Captcha image feature to the Paid Version. To make your designer happy grayscale is made default. 'On hoover event' reverts it temporary back to color.
  • Improved the Simplified and Traditional Han Captcha character set definitions to reduce chances of character confusion and increase Captcha readability; '水 (water)' and '木 (wood)' signs are removed from Captcha codes
  • Moved all BotDetect's inlined script snippets to existing external script include in order to comply with Content Security Policy (CSP)

v4.2.0 Released 2017-04-29 v4.2.0 migration guide

  • Added support of ASP.NET Core 1.0 on top of the .NET 4.5.1 or higher .NET framework
  • Added support for MVC6 (ASP.NET Core MVC)
  • Added new nuget package to to be used with ASP.NET Core applications running on top of .NET 4.5.1 or higher version of the legacy .NET (non-Core) frameworks
  • Added MVC6 (ASP.NET Core MVC) basic example
  • Added eight new SoundStyles to Enterprise version -- for a total of 20 SoundStyles
  • Fixed a bug with Captcha validation failure in WebForm Page_Load event handler
  • Several minor security improvements
    Nothing really nasty -- but when your time allows upgrade anyway

v4.1.0 Released 2016-07-25 v4.1.0 migration guide

  • Added Visual Studio 2015 solution with BotDetect integration examples on .NET 4.6 framework
  • Added two new integration examples for the Visual Studio 2015 specific project templates: ASP.NET MVC Single Page Application Example, and ASP.NET MVC WebSite Razor3 Captcha Example
  • Added BotDetect 4 SharePoint 2010 and SharePoint 2013 Captcha Features
  • Added BotDetect 4 SharePoint 2007, SharePoint 2010, and SharePoint 2013 Captcha Webpart project examples
  • Fixed "Object Reference not set to an instance of an object" error that was thrown when using Captcha on a Content Page or nested Master Page
  • Fixed "Cannot validate Captcha with Validate() or AjaxValidate() methods (without parameter)" error that was thrown when using Captcha on a Content Page or nested Master Page
  • Fixed "Cannot clear user input text" error during Captcha validation when BotDetect was used on Child pages
  • Fixed missing min and max value validation for ImageSize option when user configures it through Web.Captcha object
  • Removed Sound Captcha Button from TabIndex when sound functionality (and sound icon respectivly) are disabled
  • Added an option to turn-on IIS Management Scripts and Tools feature during BotDetect installation in order to ensure that BotDetect examples are installed properly if the feature was turned off initially
  • Fixed a bug resulting with the id attributes of BDC_DisabledLink and BDC_SoundIcon elements being set wrongly following the Captcha rendering in a browser
  • Added rel="nofollow" to audio Captcha button link
  • Test Mode Enabled setting is not available in free versions of BotDetect / restricted to paid versions of BotDetect only

v4.0.0 Released 2016-03-07 v4.0.0 migration guide

  • Improved BotDetect integration options: ASP.NET WebForms control implementation is no longer the default, but an override of an universal .NET Web.Captcha functionality that can also be used directly (e.g. in ASP.NET WebPages, various JavaScript frameworks etc.)
  • Improved Captcha control namespace organization and class names: renamed BD3 Web.CaptchaControl to BD4 Web.Captcha, BD3 Web.UI.Captcha to BD4 Web.UI.WebFormsCaptcha, and BD3 Web.UI.Mvc.MvcCaptcha to BD4 Web.Mvc.MvcCaptcha
  • Added support for multi-voice pronunciation sound packages, improving audio Captcha security against automated analysis
  • Added 2 new audio Captcha sound styles (Collapse, Seeker), not available in free versions of BotDetect / restricted to paid versions of BotDetect only
  • Certain Captcha image styles (Bubbles, Neon, Neon 2, Radar, Ripple, Ripple 2, Electric, Strippy, Wave, Ghostly) are not available in free versions of BotDetect / are restricted to paid versions of BotDetect only
  • Added support for ASP.NET WebPages Captcha integration
  • Removed Web-unfriendly BMP image format support
  • BotDetect configuration API rewritten to be consistent (same settings named the same, using same defaults and valid value boundaries, and work the same across PHP/.NET/ASP technologies) and universal (allow controlling all aspects of Captcha behavior and appearance either through application config files or Captcha object instance properties)
  • Flattened configuration section — all BD4 application configuration settings are attributes of the <botDetect> configuration element (similar how PHP/ASP settings are all properties of a single configuration root object)
  • BotDetect v3 Captcha configuration code examples are reorganized, improved and replaced with the new BotDetect v4 Captcha options code examples: Captcha application config settings code example, Captcha form object settings code example, Captcha request dynamic settings code example, Captcha client-side workflow settings code example
  • Replaced client-side UserInputClientID setting and server-side UserInputControlID (envisioned for WebForms use only) with a universal UserInputID setting which also allows simpler Captcha validation calls
  • Merged the BD3 "custom character set" and "banned character sequences" settings into the BD4 "disallowed code substrings" setting
  • Fixed a bug with the SoundStartDelay setting being ignored on repeated Captcha sound icon clicks (replaying the exact same sound in browsers that support Html5 audio)
  • BotDetect client-side instance function Validate() has been renamed to StartAjaxValidation(), and no longer sets the ValidationResult instance property (Ajax validation result is available through AjaxValidationPassed or AjaxValidationFailed callbacks)
  • BotDetect client-side function BotDetect.RegisterCustomHandler() now executes user-defined code before the default library code (the opposite from old version implementation, allowing greater flexibility of client-side behavior)
  • Changed all examples to include user stylesheets after the BotDetect layout stylesheet, so user styles can override library defaults
  • Changed page layout of all examples to better adapt to browser window width
  • Helplink page moved from to site; added rel="follow"
  • Switched to semantic versioning

v3.0.18 Released 2015-12-03 v3.0.18 migration guide

  • Added 'X-Robots-Tag: noindex, nofollow, noarchive, nosnippet' to image and audio Captchas
  • Fixed "Object reference not set to an instance of an object" error when user with expired session requests audio Captcha
  • Added missing files to AspNetWebForms451CaptchaExample project that caused errors when building solution with BotDetect ASP.NET Captcha examples
  • Added rel=”nofollow” to configuration links on documentation in warning messages

v3.0.17 Released 2015-10-14 v3.0.17 migration guide

  • Added rel="nofollow" to helplink

v3.0.16 Released 2014-06-05 v3.0.16 migration guide

  • Fixed a bug in the BotDetect client-side script for Captcha sound playback in IE and other browsers incompatible with Html5 Wav audio, for Captcha sound icon clicks after the first one, when SoundRegenerationMode is set to Limited
  • Achieved FIPS compliance by replacing all instances of RjindaelManaged with AesCryptoServiceProvider where it is available (.NET versions newer than 2.0) or TripleDESCryptoServiceProvider (.NET 2.0, where AesCryptoServiceProvider is not available)
  • Improved Captcha HttpHandler reliability in various routing scenarios and security against XSS Url manipulation, by using server-relative application paths in all Captcha Urls by default

v3.0.15 Released 2014-04-22 v3.0.15 migration guide

  • Added Visual Studio 2013 code examples (ASP.NET MVC 5.0 basic Captcha example, ASP.NET MVC 5.0 application template Captcha example, ASP.NET MVC 5.0 jQuery Ajax Captcha example, ASP.NET 4.5.1 WebForms application template Captcha example) to the BotDetect setup package
  • Improved Captcha security by using a random Captcha code length by default (4-6 characters instead of 5)
  • Fixed a bug with ASP.NET MVC Captcha validation not executing when the Captcha "LBD_VCID_…" hidden field is removed by malicious clients
  • Fixed a bug with Captcha sound not playing on iOS devices when the Captcha form is loaded over SSL
  • Fixed a bug with Captcha sound occasionally not playing on Android 4.1+ devices
  • Implemented the sound regeneration mode Captcha configuration setting controlling how will multiple consecutive requests for Captcha audio be handled (defaulting to limited sound regeneration)
  • Improved server resource conservation by replaying the generated Captcha sound on the client without requesting a new sound from the server, in Html5 Wav audio compatible browsers that support it
  • Improved Captcha controls usability by disabling and enabling Captcha controls (sound and reload icons) simultaneously instead of individually
  • Added support for "nb" and "nob" Norwegian language codes in Captcha locales
  • Added support for Indonesian Captcha localization ("id-Latn-ID")
  • Improved Captcha readability by removing the "VV" sequence from Latin Captcha codes (easily confused with "W" in Captcha images)
  • Minor improvements in readability, security and scalability of some ImageStyles (BlackOverlap, Bullets, Bullets2, CaughtInTheNet, CaughtInTheNet2, Collage, Corrosion, Graffiti2, Halo, Lego, Radar, Snow, Stitch, Strippy, Sunrays, Sunrays2, ThickThinLines, ThickThinLines2)
  • Added a JavaScript workaround for Back button issues with browsers re-displaying an expired Captcha image despite its "no-cache, no-store" Http response headers
  • All BotDetect configuration values for paths now allow both "~/" and "~\" for application root (previously, only "~/" was allowed)
  • Fixed a minor syntax error in the BotDetect layout stylesheet (changed "filter: alpha(opacity:90)" to "filter: alpha(opacity=90)")
  • Changed the ASP.NET MVC jQuery Ajax Captcha example to use CaptchaControl.AjaxValidate() instead of MvcCaptcha.Validate(), to allow multiple Ajax validations of correct user inputs
  • Changed the jQuery Validation Captcha code example: fixed a bug with jQuery validation script sequence in IE 6, updated the link to the jQuery validate plugin homepage
  • Fixed the description of the Captcha sound start delay configuration property in the Captcha customization code example (the Captcha code textbox label is pronounced, not the Captcha sound icon label)
  • Changed the Captcha customization example to log custom BotDetect client-side events on the form instead of displaying message boxes
  • Improved the BotDetect setup package: after installing Captcha examples and deploying them to localhost the setup will automatically launch the examples page for the latest version of .NET available, if a non-server OS is detected

v3.0.14 Released 2013-05-20 v3.0.14 migration guide

  • Fixed a bug in RTL alphanumeric Captcha code drawing: runs of latin digits are now properly drawn LTR as per the Unicode bidirectional algorithm
  • Improved the default Captcha character set definitions to reduce chances of character confusion and increase Captcha readability: removed '1' from alphanumeric Hebrew Captcha codes, 'و' and 'ه' from Arabic Captcha codes, '3' from alphanumeric Devanagari Captcha codes, 'ᅦ' from Hangul Captcha codes, and 'う', 'く', 'ら' and 'り' from Hiragana Captcha codes
  • Minor improvements in readability, security and scalability of some ImageStyles (Chalkboard, Chess, Circles, Collage, Lego, Neon, Ripple2)
  • Improved Captcha audio usability in browsers supporting Html5 Wav audio by keeping the sound icon disabled until Captcha playback ends
  • Improved the BotDetect layout stylesheet to avoid slight Captcha image and icon movement when they are selected using the keyboard
  • Optimized ASP.NET Cache use by only keeping BotDetect values cached for the same duration as the configured ASP.NET Session timeout
  • Simplified Start Menu folder names for installed ASP.NET Captcha code examples
  • Added remote script functionality intended for statistics collection and proof-of-work confirmation (work in progress)
  • Allowed Captcha help link text configuration for free version users

v3.0.13 Released 2013-02-18 v3.0.13 migration guide

  • Fixed a bug with Captcha sound not playing on Android 4.0+ devices
  • Fixed a bug with Captcha sound not playing on iOS 6.0+ devices
  • Fixed a bug with the CaptchaValidator always failing Captcha validation when placed in a FormView or similar contexts where the validation event bubbles up to a container and is handled multiple times
  • Fixed a bug with the Captcha client-side initialization not triggering in the jQuery ready() handler when jQuery.noConflict() is used
  • Improved usability of automatic expired Captcha reloading: the reload icon will now be disabled after the automatic reload time-outs, to prevent Captcha generation with an expired Session
  • Improved configurability of the Captcha tabindex setting: -1 is now a special value that will disable tabbing over Captcha elements in most browsers
  • Improved convenience of installed BotDetect code examples: added Visual Studio solutions containing all Captcha code examples for each ASP.NET version to the BotDetect installation folder and Start Menu shortcuts
  • Improved installation reliability of BotDetect demos & examples in cases when IIS version detection fails

v3.0.12 Released 2012-11-05 v3.0.12 migration guide

  • Added a configurable starting delay to JavaScript Captcha sound playback to increase accessibility in JAWS and similar screen readers (which might pronounce the sound icon label when it's selected and start playing Captcha audio simultaneously, making it hard to understand)
  • Simplified ASP.NET MVC Captcha integration by automatically saving Captcha settings before markup generation (user code doesn't have to include the SaveSettings() call anymore)
  • Added a new code example to the BotDetect setup package (ASP.NET MVC 4.0 Basic Captcha Example)
  • Implemented the option to easily disable certain Captcha image or sound styles purely through Captcha configuration
  • Added the LBD_ProgressIndicator CSS class to the Captcha reload progress indicator for easier styling
  • Optimized audio tone noise generation by only calculating one full sine period and reusing the result

v3.0.11 Released 2012-09-17 v3.0.11 migration guide

  • Added support for Captcha protection using ASP.NET 4.5, Visual Studio 2012 and ASP.NET MVC 4.0, and implemented new related code examples (ASP.NET 4.5 WebForms Application Template Captcha Example, ASP.NET MVC 4.0 Internet Application Captcha Example, ASP.NET MVC 4.0 jQuery Ajax Captcha Example)
  • Fixed a bug with Captcha sound being unable to access sound package files (both the default file embedded in the assembly and the separately deployed .bdsp files used for non-default locales) when loading the BotDetect assembly from an UNC path
  • Fixed a bug in the BotDetect layout CSS causing the Reload icon to not be hidden for clients with JavaScript disabled
  • Changed JavaScript user input case adjustment to auto-uppercase input instead of auto-lowercasing it, since all current Captcha image styles use uppercase characters; updated all related configuration settings
  • Fixed a bug with automatic user input case adjustment resulting in incorrect caret positioning for iPad users
  • Fixed a bug with automatic expired Captcha image reloading executing multiple times after multiple manual Reload icon clicks (only a single JavaScript timeout is set at a time now)
  • Fixed a bug with Captcha request filtering erroneously kicking in when making repeated jQuery validation requests
  • Fixed a bug with installed BotDetect ASP.NET MVC example projects referencing wrong assembly paths when opened in Visual Studio
  • Improved compatibility with ASP.NET MVC applications using cookieless Session state, removing the need to use the BotDetect CustomSessionIDManager to support that use case
  • Removed the CustomSessionIDManager related Url params (used to work around Captcha sound issues in some browsers) from Captcha image and validation Urls, where they were added unnecessarily
  • Disabled BotDetect SessionTroubleshooting warnings about the CustomSessionIDManager
  • Decreased height of the license-restricted link below Captcha images generated by the Free version of BotDetect from 15px to 10px; fixed link appearance (color scheme and font selection) to make it readable at the new size
  • Improved configurability of the Captcha help link (instead of completely removing it from paid versions of BotDetect), allowing choice between adding it to the Captcha image (mode="image") or below it (mode="text"); Free version users can also use these settings, but can not turn the link off completely like paid users can

v3.0.10 Released 2012-06-19 v3.0.10 migration guide

  • Fixed a bug with Captcha localization not recognizing the ISO-639-1 language code ja (Japanese)
  • Fixed a bug with the BotDetect client-side script throwing reloadLink is null errors when Captcha reloading is disabled
  • Fixed a bug with the BotDetect client-side initialization not working when the Captcha is shown inside a jQuery dialog
  • Improved compatibility of the built-in BotDetect client-side validation with jQuery validation (changed the ?get=validationResult endpoint response format, changed the response MIME type to application/json)
  • Improved ease of accessing the BotDetect client-side object in user scripts by referencing it through the custom Captcha property of the DOM element registered as the Captcha code user input field (through the UserInputClientID server-side object property)
  • Minor client-side tweaks: added the InstanceId client-side object property for easier custom validation; replaced the InputElement client-side object property with the GetInputElement() function call to avoid circular references (and the possible memory leaks)
  • Added a new code example showing how to integrate BotDetect Captcha validation with jQuery client-side validation (Asp.Net jQuery Validation Captcha Example)
  • Added the CaptchaImageTooltip, ReloadIconTooltip and SoundIconTooltip properties to Captcha control instances, allowing runtime customization of tooltip strings for localization purposes
  • Improved compatibility with ASP.NET MVC Areas and custom routes by automatically using absolute Urls for Captcha requests in ASP.NET MVC apps
  • Minor improvements in readability, security and scalability of some ImageStyles (Bullets, Chipped, Electric, Radar, Ripple, SunAndWarmAir)
  • Added a short cooldown to sound icon clicks, reducing the chance of accidental multiple concurrent Captcha sound playbacks
  • Improved Captcha icon display to help communicate that the reload icon is disabled while the Captcha image is reloading and that the sound icon is disabled while the Captcha sound cooldown is active
  • Merged all CSS declarations into a single stylesheet for easier inclusion in ASP.NET MVC apps and other scenarios in which the BotDetect stylesheet can't be included automatically
  • Disabled HttpHandlerTroubleshooting by default
  • Fixed a bug with UAC not displaying the full program name before installation
  • Removed the help link from Captcha images to prevent accidental clicks and navigation issues for mobile visitors
  • Added a license-restricted link to the bottom 15px of every Captcha image generated by the Free version of BotDetect

v3.0.9 Released 2011-11-21 v3.0.9 migration guide

  • Fixed a bug with the CustomSessionIdManager throwing FormatExceptions when the Captcha request querystring is malformed by faulty clients
  • Fixed a bug with Captcha image reloading occasionally throwing JavaScript errors in IE 8 when mousing over the Captcha image while it's reloading
  • Improved Captcha image security: if no image style is set, randomize the image style for each generated Captcha image (instead of using Chalkboard by default)
  • Improved Captcha image readability: tweaked most image styles to produce easier to read Captcha images
  • Added a BotDetect trademark to Captcha images generated by the Free version of the component
  • Improved Captcha sound security: if no sound style is set, randomize the sound style for each generated Captcha sound (instead of using Dispatch by default)

v3.0.8 Released 2011-08-15 v3.0.8 migration guide

  • Fixed a bug with CaptchaId generation causing JavaScript errors when Page.AppRelativeVirtualPath starts with a number
  • Improved CustomSessionIdManager performance under heavy load
  • Added a workaround for the GbPlugin known issue causing Captcha validation issues for Brazilian visitors (known-issues.html#gbplugin)
  • Improved Captcha image generation: slightly reduced PaintMess and Radar contrast

v3.0.7 Released 2011-06-13 v3.0.7 migration guide

  • Fixed a bug with security exceptions occurring when trying to play Captcha sounds from Bin folder deployed sound packages in Medium Trust (ASP.NET 4.0 only)
  • Fixed a bug with the Captcha control CssClass property value not being added to the generated Captcha markup
  • Improved BotDetect SessionTroubleshooting and HttpHandlerTroubleshooting: replaced Application State persistence with static fields, added several fall-back mechanisms to make troubleshooting more reliable
  • Improved BotDetect Captcha markup generation: the BotDetect stylesheet include is now placed before the first <link> or <style> element in the page <head>, instead of at the top (where it was interfering with elements that need to be placed first, such as the X-UA-Compatible meta tag)
  • Improved BotDetect Captcha markup generation: the &s parameter is not added to Captcha image and sound Urls when the BotDetect CustomSessionIdManager is not used
  • Improved BotDetect Captcha persistence: reduced the size of Session State used for Captcha data in certain scenarios (non-default Captcha locale, StateServer or SQLServer Session State modes)
  • Improved the Captcha Code Filtering Example: updated the example project explanation and simplified all three banned sequence declaration sources to contain the same banned sequences

v3.0.6 Released 2011-05-18 v3.0.6 migration guide

  • Added support for Captcha protection of ASP.NET MVC 3.0 Razor Views
  • Improved general ASP.NET MVC compatibility, simplifying the ASP.NET MVC Captcha integration procedure
  • Improved installed ASP.NET MVC Captcha code examples: ASP.NET MVC 3.0 & 2.0 examples running on .NET 4.0 and ASP.NET MVC 2.0 & 1.0 examples running on .NET 3.5
  • Fixed a bug with embedded resource access exceptions when server time is set before the assembly modification date
  • Fixed a bug with Captcha image size and certain other settings not affecting ASP.NET Web Form markup properly when assigned in InitializedCaptchaControl handlers: moved the InitializedCaptchaControl custom event handler execution to the Page_PreRender phase of the ASP.NET Web Forms lifecycle, so custom handlers registered in earlier phases are always fired as expected
  • Added support for Captcha tabindex setting through the TabIndex control property
  • Fixed some minor inconsistencies between the ASP.NET 4.0 and ASP.NET 2.0 Captcha control implementations
  • Improved the BotDetect setup package, so minor updates automatically remove older versions (and don't require manually uninstalling the older version)

v3.0.5 Released 2011-05-02 v3.0.5 migration guide

  • Fixed a bug with incorrect sound package permissions when using BotDetect from the GAC in ASP.NET applications running in Medium and Minimal Trust
  • Fixed a bug with the CaptchaRequestValidator consuming HttpCache persistence even when it's turned off
  • Fixed a bug in the Polish locale-specific character set and pronunciation sound package: replaced 'V' with 'W'
  • Added the OnHelpLinkClick custom BotDetect client-side event
  • Added the <captchaHttpHandlerTroubleshooting> BotDetect configuration element allowing BotDetect HttpHandler troubleshooting to be turned off
  • Updated all default character set definitions to reduce chance of character confusion: removed '7' easily confused with '1' from all CodeStyle.Alpha and CodeStyle.Alphanumeric Captcha codes

v3.0.4 Released 2011-04-11 v3.0.4 migration guide

  • Fixed a bug with the Lego Captcha image style placing the most noise over the last character
  • Improved Captcha sound reliability by falling back to an assembly-embedded sound package for the default "en-US" locale if it's not present in the configured sound packages folder
  • Improved BotDetect sound package folder configuration, now accepting BotDetect assembly-relative folder paths (starting with "\", e.g. "\BotDetectSounds"), ASP.NET application-relative folder paths (starting with "~/", e.g. "~/BotDetectSounds") and network shares (starting with "\\" e.g. "\\SERVER\BotDetectSounds")
  • Improved BotDetect Url configuration, now also accepting application-relative paths (starting with "~/", e.g. "~/BotDetectCaptcha.ashx" will make BotDetect use server-relative application root paths in generated markup)

v3.0.3 Released 2011-03-28 v3.0.3 migration guide

  • Fixed a bug with Captcha persistence using StateServer and SQLServer Session state modes being unable to persist custom Captcha locales or colors
  • Fixed a bug with Captcha drawing code sometimes not placing random noise properly
  • Improved Captcha image security, scaling, performance and readability (tweaked all 50 existing Captcha image styles)
  • Added 10 new Captcha image styles: Bubbles, Electric, MeltingHeat2, Neon, Neon2, Radar, Ripple, Ripple2, SpiderWeb2, Split2
  • Updated font declarations for East Asian locales, using bold fonts by default to make Captcha images easier to read
  • Updated the default Han Simplified and Han Traditional character set definitions: removed the (0x7E9F, "silk") character from Captcha codes, since it isn't pronounceable
  • The Captcha Reload button is now placed above the Captcha sound button, and only displayed if JavaScript is enabled (since it's JavaScript-dependent)
  • The BotDetect client-side initialization script is now executed before window.load if possible (when the page DOM is ready)
  • Added client ids to all relevant Captcha Html elements for easier custom scripting and styling, and changed Css class names and declarations a bit to keep them consistent
  • Updated the Captcha layout code to allow greater flexibility through new Captcha object properties (UseHorizontalIcons, UseSmallIcons, and CaptchaIconsDivWidth) and BotDetect configuration elements (added the iconWidth attribute to custom <reloadIcon> and <soundIcon> declarations)
  • updated the IgnoreRoute statements in ASP.NET MVC code examples to ignore all BotDetect requests regardless of Area, Controller or View paths preceding them

v3.0.2 Released 2011-02-01 v3.0.2 migration guide

  • Fixed a bug with the Captcha code generation occasionally using less than the full available character set for random code generation
  • Fixed a bug in the BotDetect Sound Package processing code, which was incorrectly naming .bdsp files for locales with only the macrolanguage set
  • Improved sound Captcha clarity when using various newly available localized pronunciations: tweaked the Radio, Robot and Synth sound generation algorithms
  • Updated the default Cyrillic character set definition to reduce chance of character confusion: removed 'З' (Ze) and '3' (three) from alphanumeric Captcha codes

v3.0.1 Released 2011-01-17 v3.0.1 migration guide

  • Fixed a bug in the BotDetect client-side script include: the BotDetect.Init() function is now only called when the Captcha image is actually rendered on the page
  • Fixed a bug in BotDetect audio processing code involving Math.Abs(-32768) edge case exceptions
  • Updated BotDetect pronunciation sound packages for Canadian French and Mexican Spanish
  • Updated default Latin character set definitions to reduce chance of character confusion with the 3.0 drawing changes (removed 'F' sometimes confused with 'E', 'G' confused with 'C', 'Q' confused with 'O', 'Z' confused with '2' and '7' confused with '1')
  • Updated locale-specific default character set variants: removed 'W' and 'Z' for the Vietnamese locale
  • Added a link to the BotDetect localization downloads page in the BotDetect Start Menu folder

v3.0.0 Released 2010-12-13 v3.0.0 migration guide What's new in 3.0

  • Added multi-language Captcha code generation & validation, supporting various Unicode character sets and RTL languages (charsets: Latin, Cyrillic, Greek, Hebrew, Arabic, Devanagari, Han Simplified, Han Traditional, Hangul, Bopomofo, Hiragana and Katakana)
  • Added Captcha code character set customization options, using a user-defined character set for random Captcha code generation
  • Added Captcha code filtering, allowing randomly generated Captcha codes to be checked against a user-defined list of banned character sequences
  • Added Captcha code timeouts, so the Captcha can only be successfully solved within the specified time period after generation
  • Added test mode support for automated testing scenarios, exposing a configuration switch that causes 100% of Captcha codes generated to be "TEST"
  • Improved Captcha image security against bots (added more segmentation challenges and randomness to all 50 BotDetect Captcha image styles)
  • Improved Captcha image readability for humans (the text is larger, visual appearance is improved, there are less distortion challenges in all image styles)
  • Added Captcha image color scheme customization options, where two user-defined colors can be used to adjust the Captcha color scheme to suit any website design
  • Improved Captcha sound security, using 10 different sound styles with various effects, noises and randomizations (sound styles: Dispatch, HiveMind, Industrial, Pulse, Radio, RedAlert, Robot, Scratched, Synth, Workshop)
  • Added multi-language Captcha sound generation, using individual language sound packages downloadable separately from the main control
  • Improved Captcha sound compatibility, automatically using the HTML5 <audio> element in supporting browsers
  • Added a new sound format option (WavPcm8bit8kHzMono), resulting in smaller sound file downloads but reducing sound quality
  • HTML improvements: added customizable Captcha image, sound and reload titles, icons and urls; added automatic Captcha icon scaling to match the Captcha image height; improved client script and stylesheet include robustness
  • Client-side improvements: added customizable automatic user input lowercasing, textbox focusing on reload and sound Captcha icon clicks, automatic image reloading on Captcha code timeouts, and built-it Ajax validation support
  • Configuration improvement: added a custom <botDetect> configuration section, allowing detailed BotDetect customization using web.config settings
  • Persistence improvements: added a Session issue troubleshooting helper
  • Troubleshooting improvements: added optional detailed debug/trace logging and easy logging provider customization
  • Added new example projects (ASP.NET Membership integration, Captcha code filtering option, Captcha customization options) and demonstration forms (BotDetect image styles demo) demonstrating new v3.0 functionality
  • Improved all web application descriptions, navigation and IIS compatibility
  • Improved setup experience, with only one setup package for all .NET versions
  • Added binary package downloads for machines where running the setup package is not feasible
  • Added ASP.NET 4.0 & Visual Studio 2010 compatibility
  • Added ASP.NET MVC 2.0 compatibility

v2.0.15 Released 2009-11-23 v2.0.15 migration guide

  • Fixed a bug with the CAPTCHA image failing to render on some servers even when the CaptchaHandler is properly registered
  • Fixed a bug with the Captcha control breaking on shared servers (running in Medium Trust)
  • Fixed a bug with the CAPTCHA event registration occasionally throwing "key already exists" exceptions during concurrent page access (implemented proper global event locking)
  • Fixed a bug with the CAPTCHA Troubleshooting code examples not working properly on IIS 7.5 / Windows Server 2008 R2 and Windows 7 (the InstallSamples.bat script now also grants log file write access to the appropriate ApplicationPoolIdentity user)
  • Added a X-Robots-Tag Http header to CAPTCHA image and sound Http responses that prevents search engine indexing of CAPTCHA images and sounds
  • Improved handling of invalid CAPTCHA Http requests (basic problem identification)

v2.0.14 Released 2009-09-14 v2.0.14 migration guide

  • Fixed a bug with CAPTCHA validation failing inside UpdatePanel variants in Telerik and other non-Microsoft Ajax frameworks
  • Fixed a bug with CAPTCHA client-side scripts not working when the Captcha control is not visible on the first page load, but gets added after a partial postback
  • Fixed a bug causing key conflicts with applications or other components using Rick Strahl's ClientScriptProxy
  • Fixed a bug allowing direct access to sound CAPTCHAs even if the Captcha.SoundEnabled property is set to false
  • Fixed a bug with the BotDetect layout stylesheet not overriding other, possibly conflicting CSS declarations included on the page
  • Improved validation of CAPTCHA image and sound request querystring parameters, rejecting a wider variety of automated requests sent by some bots
  • Improved the BotDetect Troubleshooting utility and example projects, allowing users to also log all CAPTCHA validation attempts
  • Improved usability of the progress indicator for CAPTCHA image reloading, using a locale-independent animation
  • Improved flexibility of CAPTCHA image reloading by adding custom PreReloadCaptchaImage and PostReloadCaptchaImage client-side events that can be handled by user code
  • Improved usability of all BotDetect example projects by automatically clearing the CAPTCHA code user input after clicking the Reload CAPTCHA button
  • Improved the ASP.NET MVC CAPTCHA example projects, using a custom ActionFilterAttribute for CAPTCHA validation
  • Separated ASP.NET Ajax example projects for .NET Framework versions 2.0 and 3.5
  • Marked the Lanap.BotDetect.dll assembly as CLS-Compliant

v2.0.13 Released 2009-02-02 v2.0.13 migration guide

  • Added ASP.NET MVC RC1 support and ASP.NET MVC RC1 CAPTCHA code examples (C# BotDetect ASP.NET MVC Demo and VB.NET BotDetect ASP.NET MVC Demo)
  • Fixed a bug with the PreDrawCaptchaImage handler being re-registered and executed multiple times (the number cumulatively increasing for every page load)
  • Fixed a bug with multiple randomized CAPTCHA controls in the application all using the last registered PreDrawCaptchaImage handler instead of the appropriate one
  • Fixed a bug with the CAPTCHA CodeLength and CodeType not being randomized on the first page load
  • Fixed a bug with the CAPTCHA validation failing when there is an ASP.NET Ajax UpdatePanel on the page, but the Captcha control is not within it
  • Fixed a bug with the CAPTCHA sound and reload buttons not being focusable using the keyboard
  • Fixed a bug with the audio CAPTCHA not playing in IE when using SSL offloading (added client-side SSL detection)
  • Fixed a bug with the CustomSessionIDManager exposing the ASP.NET SessionID in plaintext
  • Fixed a bug with multiple CAPTCHA control instances on the same page and CAPTCHA CSS declarations (changed all BotDetect CSS declarations to use CSS classes instead of ids)
  • Fixed a bug with the CAPTCHA Troubleshooting code examples not registering the ErrorTrackingModule when using IIS 7.0 Integrated Mode
  • Added a missing </div> to the ASP.NET Ajax CAPTCHA code examples

v2.0.12 Released 2008-07-03 v2.0.12 migration guide

  • Fixed a bug with the audio CAPTCHA not playing in IE when using SSL
  • Fixed a bug with the audio CAPTCHA not playing in Opera 9.5
  • Fixed a bug with the CAPTCHA image not displaying when the IIS virtual folder name contains spaces
  • Fixed a bug with the CAPTCHA validation always returning false for all validation attempts after the first one when placed inside a Telerik RadAjaxPanel
  • Fixed a bug with the example projects not displaying the CAPTCHA image when using IIS 7.0 Integrated Mode

v2.0.11 Released 2008-05-29 v2.0.11 migration guide

  • Fixed a bug with the CAPTCHA randomization being bypassed when clicking the Reload CAPTCHA button, or for other direct CAPTCHA image requests
  • Fixed a bug with the sequential Reload CAPTCHA button clicks appending new values to the querystring instead of replacing the existing one
  • Fixed a bug with the CAPTCHA stylesheet not resetting link styles for the Reload and Sound CAPTCHA buttons, causing layout problems if the page link style includes padding etc.
  • Fixed a bug with the CAPTCHA validation always failing if the .aspx form path includes spaces or other Url-encoded characters
  • Fixed a client-side script include bug occurring when a Captcha control is placed inside a MultiView control which is inside an ASP.NET Ajax UpdatePanel
  • Added support for CAPTCHA image and sound request full path customization (instead of just the extension) via web.config settings
  • Improved handling of invalid CAPTCHA requests sent by some bots (repeated CAPTCHA image or sound requests with expired parameters)

v2.0.10 Released 2008-04-06 v2.0.10 migration guide

  • Added "Reload CAPTCHA" button support (allowing users to request a new CAPTCHA code if the current one is unreadable), and the related ReloadEnabled property
  • Added ASP.NET Ajax built-in compatibility, allowing the "out of the box" Captcha control to validate inside an UpdatePanel
  • Added built-in SharePoint support (previous versions required source code modifications)
  • Added support for CAPTCHA image and sound request extension customization via web.config settings
  • Added a static variant of the Validate() method, allowing easier integration with various Ajax and MVC frameworks
  • Rewrote the Captcha control rendering code to produce smaller, semantic, XHTML 1.1 Strict compliant markup
  • Added 3 new Captcha control properties: SoundIconAltText, ReloadIconAltText and CaptchaImageAltText, allowing HTML output string customization
  • Improved handling of invalid CAPTCHA requests sent by some bots (with &amp;amp;amp;-style constructs in the querystring)
  • Fixed a bug with the example projects not performing CAPTCHA validation in IE 6.0 & 7.0 when typing in the CAPTCHA code and pressing Enter
  • Improved the usability of all examples by automatically lowercasing the CAPTCHA code input while typing
  • Added a "Simulate Error" button and related instructions to the Troubleshooting example CAPTCHA projects
  • Packaged the updated version of the web.config file with the MS Ajax examples, allowing .NET 3.5 machines to use them without running the Visual Studio 2008 Conversion Wizard

v2.0.9 Released 2008-02-06

  • Minor ASP.NET 2.0 Ajax CAPTCHA examples code cleanup
  • Some cosmetic changes in existing CAPTCHA text styles

v2.0.8 Released 2007-10-21

  • Fixed a bug with the CAPTCHA code timeout being set to 20 min even if the Session timeout is longer
  • Fixed a bug with multiple CAPTCHAs on the same page and only being able to validate the first one
  • Fixed a bug causing exceptions to be thrown while processing invalid CAPTCHA image/sound requests used by some bots
  • Fixed the CAPTCHA control's XHTML output to be WCAG AAA compliant

v2.0.7 Released 2007-07-18

  • Fixed a bug with the audio CAPTCHA in IE 7.0 / Vista / Media Player 11 (.NET 2.0 version only)
  • Fixed a bug with the audio CAPTCHA in older versions of IE when using SSL
  • Fixed the CAPTCHA image and sound links to be XHTML compliant

v2.0.6 Released 2007-07-02

  • Fixed a bug causing errors when using the “Sql” and “StateServer” Session State modes (marked the CaptchaCode class as Serializable)
  • Improved control extensibility (changed useful Captcha class fields and methods from private to protected)
  • Improved all examples to also work with disabled cookies (.NET 2.0 version only)
  • Added basic MS ASP.NET 2.0 Ajax Extensions examples (C# and VB.NET) to the installation (.NET 2.0 version only)
  • Added the “log4net.dll” assembly to the “Troubleshooting” installation folder, which was omitted by error in the previous release (.NET 1.1 version only)

v2.0.5 Released 2007-03-20

  • Fixed a bug with the component sometimes throwing exceptions on the Visual Studio design surface

v2.0.4 Released 2007-03-13

  • Fixed a bug with the sound link both playing the sound in the background and opening the download dialog in Firefox (.NET 1.1 version only)

v2.0.3 Released 2007-03-02

  • Fixed a bug preventing detailed error logging (accidentally deleting inner exception data)
  • Added a centralized, non-intrusive, BotDetect-only, highly customizable error logging utility
  • Fixed a bug with "object reference not set…" errors for BotDetect properties in the Visual Studio designer
  • Fixed a bug displaying the same image and/or breaking validation when using multiple CAPTCHAs per page
  • Fixed a bug breaking validation with the same page (containing CAPTCHA) opened in multiple browser tabs
  • Fixed a bug allowing the same code to be used to draw multiple images if both validation and page reloading were skipped
  • Fixed a bug displaying the same CAPTCHA (but breaking validation) when using the Back button in IE
  • Fixed a bug with the sound CAPTCHA not working without Javascript
  • Fixed a bug with the sound CAPTCHA not working in Safari
  • Fixed a bug with the CAPTCHA image not changing after first load in Opera
  • Fixed a bug in the uninstallation script occurring on machines without IIS
  • Fixed a bug in the installation script for ASP.NET not setting the correct runtime version when multiple .NET framework versions are installed
  • Added a new example demonstrating CAPTCHA randomization
  • Added a new example demonstrating CAPTCHA troubleshooting
  • Updated and expanded the Help

v2.0.2 Released 2006-06-25

  • Updated licensing information packaged in the setup

v2.0.1 Released 2006-06-18 What's new in 2.0

  • Added sound CAPTCHA support
  • Added 10 new CAPTCHA text styles (for a total of 50 different CAPTCHA algorithms)
  • Improved memory management
  • Added shared server support
  • Fixed a CAPTCHA vulnerability allowing the user to bypass the CAPTCHA entirely by replaying a previous ViewState parameter value
  • Stopped using client side (ViewState) persistence altogether
  • Added a VB.NET example demonstrating dynamic setting of all CAPTCHA properties
  • Fixed a bug preventing ASP.NET 1.1. and ASP.NET 2.0 versions from coexisting on the same machine

v1.5.3 Released 2005-08-13

  • Added support for ASP.NET 2.0 (.NET framework 2.0)
  • Added 21 new CAPTCHA text styles (for a total of 40 different CAPTCHA algorithms)
  • Some cosmetic changes in existing CAPTCHA text styles

v1.5.2 Released 2005-05-18

  • Added 12 new CAPTCHA text styles (for a total of 19 different CAPTCHA algorithms)
  • Some cosmetic changes in existing CAPTCHA text styles

v1.5.1 Released 2005-04-12

  • Removed a *.tmp file that was packaged with the setup by mistake

v1.5.0 Released 2004-12-28

  • Implemented CAPTCHA image generation with a HttpHandler
  • Added support for multiple CAPTCHA text styles (the TextStyle property)
  • Added 6 new CAPTCHA text styles (for a total of 7 different CAPTCHA algorithms)
  • Added a new C# example demonstrating dynamic setting of all CAPTCHA properties

v1.0.3 Released 2004-12-11

  • Some cosmetic changes in the CAPTCHA image drawing algorithm

v1.0.2 Released 2004-12-01

  • Some cosmetic changes in the CAPTCHA image drawing algorithm

v1.0.1 Released 2004-11-27

  • First release