* Bug, which prevented the correct use of WordPress nonces on some installations (Windows), is fixed;
* DIRECTORY_SEPARATOR constant used in path to User Role Editor CSS file was empty on some installations (Windows). Constant DIRECTORY_SEPARATOR is excluded from the plugin code;
* User capabilities page: roles checkboxes are excluded from ‘Select All’, ‘Unselect All’, ‘Inverse’ operations. Only capabilities checkboxes are processed.
* Interface update: role/capability add/remove stuff was removed from the page. Plugin has toolbar at the right side now. Click on the button opens needed dialog window.
* New role may have different attrubutes “ID” and “Name”. While ID is still restricted by latin characters hyphen, underscore and digits only, Name could contain spaces and national languages characters.
* General code cleanup and security enhancements: all data changes request are processed via POST instead of GET now. So its more difficult to send modified malicious request without special software. Presence of special nonce field is checked for all requests.
* Setting up the ‘administrator’ role as default one for new registered users is prohibited at server side.
* Update for administrators of multi-site WordPress installations. Single-site WordPress installation administrator could skip this update.
* “Apply to All Sites” feature did not work at version 3.12. It is fixed.
* “Apply to All Sites” feature is available now from main site of the network only
* Critical update: persistent cross-site scripting vulnerability is fixed.
* WordPress built-in constants, like WP_PLUGIN_URL are not used in order to provide compatibility with sites which use SSL. plugin_dir_url(), plugin_dir_path() functions are used to define paths to the plugin’s files instead.
* “Greetings” section is removed from the plugin’s main page. All that content is still available at [plugin page](http://shinephp.com/user-role-editor-wordpress-plugin)
* Required WordPress version checking is moved to plugin activation hook.
* Administrator can now exclude non-core (custom) capabilities from his role. It is useful if you need to fully remove some capability as capability deletion is prohibited while it is used at least one role.
* bbPress compatibility issue is fixed: capabilities created by bbPress dinamically are excluded from the capabilities set in User Role Editor to not store them in the database as persistent WP roles data.
* Additional roles are assigned to user without overriding her primary WordPress role and bbPress role.
* Changing WordPress user primary role at user profile doesn’t clear additonal roles assigned with User Role Editor earlier.
* You can assign to user multiple roles simultaneously. Use user level roles and capabilities editor for that. You can click ‘Capabilities’ link under selected user row at users list or ‘Assign Roles and Additional Capabilities’ link at user profile.
* Critical bug fix: hidden deprecated WordPress core capabilities had turned on after any update made to the role. Deprecated capabilities are not currently in use by WordPress itself. But old plugins or themes could still use them. If you use some outdated code I recommend you to check all roles, you modified with User Role Editor, and turn off unneeded deprecated capabilities there.
* User with Administrator role is secured better from editing, deletion by user with lower capabilities.
* Compatibility with bbPress 2.2 new user roles model is provided. More details about the reason of such update at http://shinephp.com/bbpress-user-role-editor-conflict-fix/
* “Reset” button works differently now. It restores WordPress roles data to its 1st, default state, exactly that, what WordPress has just after fresh install/latest version update. Be careful with it, make database backup copy before fulfill this operation. Some plugin could require reactivation to function properly after roles reset.
* Compatibility issue with WordPress 3.5 was found (thanks to Sonja) and fixed: $wpdb->prepare() was called without 2nd $args parameter – removed.
* load_plugin_textdomain() call moved to the ‘plugins_loaded’ hook for higher compatibility with translation plugins.
* Traditional Chinese translation is added. Thanks to Jingxin Lai.
* Fix: URE taked roles names from the database directly and ignored changes made to roles names on the fly by other plugins or themes, names, which were cached by WordPress internally, but were not written to the database. URE uses WordPress internal cache now.
* Roles names translation update: if URE translation file doesn’t exist for blog default language, URE uses WordPress internal translation now.
* Serbian translation is added. Thanks to [Diana](http://wpcouponshop.com).
* Bug fix: Some times URE didn’t show real changes it made to the database. The reason was that direct update of database did not invalidate data stored at WordPress cache. Special thanks to [Knut Sparhell](http://sparhell.no/knut/) for the help to detect this critical issue.
* WordPress core capabilities are shown separately from capabilities added by plugins and manually.
* If you configured URE to show you ‘Administrator’ role, you will see its capabilities, but you can not exclude any capability from it. I may just add capabilities to the Administrator role now. The reason – Administrator role should have all existing capabilities included.
* Brasilian Portuguese translation is updated. Thanks to [Onbiz](http://www.onbiz.com.br/).