[rocky]

*IMPORT/EXPORT*
[!] 14 Dec 2012, aim - Bug (0128743): There were some SQL errors related to import of users in strict mode. Fixed.

*USABILITY*
[!] 11 Feb 2013, random - Improvement (0126582): The storefront open/close link in Admin back end is now located at the top of page.
[!] 02 Nov 2012, random - Improvement (0123371, 0098610): Password recovery can now search for an account by email even in the 'Login as username' mode. A proper error message is now shown for suspended accounts.
[!] 02 Nov 2012, random - Bug (0098607): Number of failed login attempts given to a user before his or her account was actually suspended was greater by one attempt than the number defined in the General settings. Fixed.

*SECURITY*
[!] 12 Feb 2013, aim - Improvement (013004: Security improvement for XPayments_Connector module.
[!] 08 Feb 2013, aim, random - Improvement (0128588, 012845: Security improvement for admin sessions.
[!] 30 Jan 2013, aim - Improvement (0129814): Security improvement for passwords and secure keys.
[!] 30 Jan 2013, aim - Improvement (0129859): Security improvement for Social Login feature. Security improvement for reset passwords feature. Renamed xcart_change_password table to xcart_reset_passwords.
[!] 29 Jan 2013, aim - Improvement (0129850): Security improvement for installer.
[!] 29 Jan 2013, aim - Improvement (0129473): Security improvement related to config.
[!] 24 Jan 2013, random - Improvement (0128629): Changed the default values for some security options.
[!] 24 Jan 2013, aim - Improvement (0129020): Security improvement related to customers.
[!] 22 Jan 2013, random - Improvement (012843: Improvement for log files.
[!] 22 Jan 2013, aim - Improvement (0128497): Added a check for default (unsecure) values of security keys, blowfish key and auth code.
[!] 18 Jan 2013, aim - Improvement (0128449): Smarty security mode is now enabled. Changed smarty->secure_dir to skin folder.
[!] 15 Jan 2013, aim - Improvement (012940: Refactoring for the include/admin_security.php file. Changed the file to func_check_admin_security_redirect() function.
[!] 11 Jan 2013, random - Improvement (0128566): Moved security settings from top.inc.php and config.php to the class structure. Moved "disallowed_file_exts" and "compiled_tpl_check_md5" settings from DB to config.php.
[!] 27 Dec 2012, aim - Improvement (0128633): Security improvement for admin User Access Control feature.
[!] 26 Dec 2012, aim - Improvement (0128356): Added protected mode. Changes to files, database and security settings are now disabled by default.
[!] 26 Dec 2012, aim - Improvement (0128784): Security improvement for encrypted data.
[!] 24 Dec 2012, aim - Improvement (0128885): Refactoring for the 'Re-generate Blowfish encryption key' feature. Multi-key feature added.
[!] 18 Dec 2012, aim - Improvement (0128783): Security improvement for images.
[!] 18 Dec 2012, aim - Improvement (0128653): Cryptographic hash is now stored in the database instead of encrypted user passwords.
[!] 17 Dec 2012, aim - Improvement (012875: Security improvement for installer.
[!] 13 Dec 2012, random - Improvement (0128654): Security improvement for some .htaccess.
[!] 13 Dec 2012, random - Improvement (0128695): Installation Auth code is now required to be supported as auth_code parameter for the cleanup.php script.
[!] 12 Dec 2012, aim - Improvement (0128674): User passwords are not sent by email now.
[!] 11 Dec 2012, aim - Improvement (0128631): Made an adjustment for Protected mode. Added verfication by IP for security changes.
[!] 07 Dec 2012, aim - Improvement (0128577): Security improvement for Advanced_Customer_Reviews module.
[!] 07 Dec 2012, aim - Improvement (0128580): Security improvement for admin login page (Turned off the autocomplete feature for admin password).
[!] 06 Dec 2012, aim - Improvement (012844: Added unique secret keys for each store.
[!] 05 Dec 2012, random - Improvement (0128527): Smarty security improvement.
[!] 05 Dec 2012, aim - Improvement (0128521): Security improvement for the admin User Access Control feature.
[!] 03 Dec 2012, aim - Improvement (0128313): Weak passwords are disabled for admin accounts by default.
[!] 03 Dec 2012, random - Improvement (0128419): Empty MySQL password is not allowed during installation now.
[!] 29 Nov 2012, aim - Improvement (0128304): PHP setting register_globals=off is now required by default.
[!] 27 Nov 2012, aim - Improvement (012826: Security improvement related to users.
[!] 27 Nov 2012, aim - Improvement (0128243): Security improvement against XSS attacks.
[!] 26 Nov 2012, aim - Improvement (0128254): Security improvement related to POST/GET methods.

*PERFORMANCE*
[!] 29 Jan 2013, random - Improvement (0129786): Added tiny thumbnails for products and corresponding image cache. Thanks to Karina.
[!] 17 Jan 2013, aim - Improvement (0129181): Small optimization for service scripts like image.php (related to Social Login module).
[!] 20 Dec 2012, aim - Improvement (0128841): Optimization for check_requirements.php.
[!] 12 Dec 2012, random - Improvement (0128586): Moved some rarely used back-end functions from func.core.php to func.backoffice.php.
[!] 07 Dec 2012, aim - Improvement (0128535): Small optimization for X-Cart sessions.

*MISCELLANEOUS*
[!] 01 Feb 2013, aim - Improvement (0129936): After the re-genertion of the blowfish key, the previous values of the blowfish and security keys are now preserved as comments to the respective lines in config.php.
[!] 23 Jan 2013, aim - Improvement (0129653): All HTTPS requests are now HTTP 1.1 compatible.
[!] 22 Jan 2013, aim - Improvement (0129373): x_load('debug'); call does not work without DEVELOPMENT_MODE now.
[!] 05 Jan 2013, random - Improvement (0128729): Added test/live security profiles selector and other minor changes in installer.
[!] 05 Jan 2013, random - Improvement (0128729): Added a link to the detailed requirements check in installer.
[!] 24 Dec 2012, aim - Improvement (0128912): Refactoring for the 'Check IP registration codes expiration date' functionality (func_delete_expired_ip_register_codes).
[!] 23 Nov 2012, aim - Improvement (0128206): Added 'SOAP support' checking to the check_requirements script.
[!] 08 Feb 2013, random - Improvement (0130152): The General settings->Appearance options page contained the McAfee SECURE trust mark (30 days free) offer link which had expired. Removed.
[!] 22 Jan 2013, aim - Bug (0129634): Package weight was wrong for UPS Shipping Labels. Fixed. Thanks2Seyfin.
[!] 22 Jan 2013, aim - Bug (0129654): 'Re-generate Blowfish encryption key' feature did now work when SocialLogin module was disabled.
[!] 21 Jan 2013, aim - Bug (0129583): Customer's session was lost if an admin user logged in when the customer was paying for an order. Fixed.
[!] 12 Jan 2013, random - Bug (0129373): There were unused debug functions included in some files. Removed.
[!] 09 Jan 2013, random - Bug (0129026): There was an unused template "auth.tpl". Removed.
[!] 09 Jan 2013, aim - Bug (0129259): There were some PHP notices on the Users management page. Fixed.
[!] 25 Dec 2012, aim - Bug (0128939): Event handling cycle was broken on the first FALSE handler. Fixed.
[!] 17 Dec 2012, random - Bug (0128566): Install script was improperly including config multiple times. Install script was using include for required init script. Fixed.
[!] 12 Dec 2012, random - Bug (0128587): There was a PHP 5.4 warning on the Summary page in Admin backend. Fixed.
[!] 12 Dec 2012, random - Bug (0128661): There was a PHP notice during Blowfish regeneration. Fixed.
[!] 22 Nov 2012, random - Bug (0128146): It was not possible to modify Product Search settings in MySQL Strict mode. Fixed.