Updated BlogEngine today because of a remote code execution (RCE) vulnerability, CVE-2019-10719 in versions 3.3.7 and earlier. Good thing I am subscribed to the Full Disclosure mailing list (I highly recommend it.) otherwise I wouldn't have know about it. Good luck to the other BlogEngine users out there. I was unable to find any mailing list that would have sent a notification of this.
You will have to download the latest release from the github repository directly. Last time I checked the website link wasn't updated with the latest version.
Security Metrics has a good article about it here.