- Critical update: persistent cross-site scripting vulnerability is fixed.
- WordPress built-in constants, like WP_PLUGIN_URL are not used in order to provide compatibility with sites which use SSL. plugin_dir_url(), plugin_dir_path() functions are used to define paths to the plugin's files instead.
- "Greetings" section is removed from the plugin's main page. All that content is still available at plugin page
- Required WordPress version checking is moved to plugin activation hook.
- Administrator can now exclude non-core (custom) capabilities from his role. It is useful if you need to fully remove some capability as capability deletion is prohibited while it is used at least one role.
- bbPress compatibility issue is fixed: capabilities created by bbPress dinamically are excluded from the capabilities set in User Role Editor to not store them in the database as persistent WP roles data.
- Additional roles are assigned to user without overriding her primary WordPress role and bbPress role.
- Changing WordPress user primary role at user profile doesn't clear additonal roles assigned with User Role Editor earlier.
- Brasilian Portuguese translation is updated.
- You can assign to user multiple roles simultaneously. Use user level roles and capabilities editor for that. You can click 'Capabilities' link under selected user row at users list or 'Assign Roles and Additional Capabilities' link at user profile.
- Critical bug fix: hidden deprecated WordPress core capabilities had turned on after any update made to the role. Deprecated capabilities are not currently in use by WordPress itself. But old plugins or themes could still use them. If you use some outdated code I recommend you to check all roles, you modified with User Role Editor, and turn off unneeded deprecated capabilities there.
- User with Administrator role is secured better from editing, deletion by user with lower capabilities.
- Compatibility with bbPress 2.2 new user roles model is provided. More details about the reason of such update at http://shinephp.com/bbpress-user-role-editor-conflict-fix/
- "Reset" button works differently now. It restores WordPress roles data to its 1st, default state, exactly that, what WordPress has just after fresh install/latest version update. Be careful with it, make database backup copy before fulfill this operation. Some plugin could require reactivation to function properly after roles reset.
- Arabic translation is added. Thanks to Yaser
- Slovak translation is added. Thanks to Branco
- Compatibility issue with WordPress 3.5 was found (thanks to Sonja) and fixed: $wpdb->prepare() was called without 2nd $args parameter - removed.
- load_plugin_textdomain() call moved to the 'plugins_loaded' hook for higher compatibility with translation plugins.
- Traditional Chinese translation is added. Thanks to Jingxin Lai.
- Fix: URE taked roles names from the database directly and ignored changes made to roles names on the fly by other plugins or themes, names, which were cached by WordPress internally, but were not written to the database. URE uses WordPress internal cache now.
- Roles names translation update: if URE translation file doesn't exist for blog default language, URE uses WordPress internal translation now.
- Serbian translation is added. Thanks to Diana.
- Bug fix: Some times URE didn't show real changes it made to the database. The reason was that direct update of database did not invalidate data stored at WordPress cache. Special thanks to Knut Sparhell for the help to detect this critical issue.
- WordPress core capabilities are shown separately from capabilities added by plugins and manually.
- If you configured URE to show you 'Administrator' role, you will see its capabilities, but you can not exclude any capability from it. I may just add capabilities to the Administrator role now. The reason - Administrator role should have all existing capabilities included.
- Brasilian Portuguese translation is updated. Thanks to Onbiz.
Click here to look at the rest part of User Role Editor changelog.