--------------- 1.0.13 Stable Released -- [21-July-2007 16:00 UTC] -----------------

18-Jul-2007 Rob Schley
# Fixed admin session problems with immediate logout after login.
# Fixed a few misc. bugs.

11-Jul-2007 Sam Moffatt
^ Removed assumption that a group exists for a user (may not actually be true)

04-Jul-2007 Rob Schley
# Fixed a bug in the administrator login system that prevented users from logging in

02-Jul-2007 Rob Schley
* SECURITY A6 [LOW Level]: Fixed [#5630] HRS attack on variable "url"
* SECURITY A1 [LOW Level]: Fixed [#5654] Multiple fields subjected to cross-site scripting vulnerabilities
* SECURITY A7 [LOW Level]: Fixed possible session fixation vulnerability in administrator application

29-Jun-2007 Louis Landry
^ Hardened password storage mechanism to use a random salt
! Remember Me cookies will be invalid and require a re-login

20-May-2007 Rob Schley
# Fixed key reference lookups to match whole results only
# Fixed two help screen naming issues.
^ Changed RG_EMULATION warning message to refer to Global Configuration Setting

17-May-2007 Rob Schley
^ Moved register globals emulation controls into Global Configuration

15-May-2007 Rob Schley
# Fixed [topic,170296] : Typos in Search Mambot configurations

14-May-2007 Rob Schley
# Fixed [topic,153233] : "Mail to Friend" parameter checks not checking content item setings
# Fixed [topic,126371] : IE7 left align problem
# Fixed [topic,167745] : Added JavaScript alert for empty category title

28-Apr-2007 Rob Schley
^ Changed cookie naming conventions to not break when using HTTPS
# Fixed [topic,156116] : Optimzed queries for menu creation to improve performance.
* SECURITY A4 [ LOW Level ]: XSS issue in com_search and com_content
* SECURITY A4 [ LOW Level ]: XSS vulnerability in mod_login

16-Apr-2007 Enno Klasing
# Re-enabled Itemid behaviour of 1.0.11 (optional, default is behaviour of 1.0.12)

--------------- 1.0.12 Stable Released -- [25-December-2006 01:00 UTC] -----------------