Version 1.3.5 released today:
http://www.zen-cart.com/forum/showthread.php?t=45177

============================================
What's New in v1.3.5

The following Improvements and bugfixes are included in v1.3.5:
  • SECURITY UPDATES. Numerous IMPORTANT security updates (in addition to the published security patch details) have been included in this release to prevent hack attempts and other exploitation of your site.
    You should prepare to upgrade ASAP.
    You should STILL be SURE to secure your site according to the Site Security Recommendations!

  • NEW CLASSIC TEMPLATE with tableless design. Uses only the stylesheet to make tableless layout look the same as the old v1.2 Classic Template (and with an added color change).
    This will help newbies have much less confusion while building their first site.


  • State/Country pulldown menus now work cooperatively
  • Speed performance enhanced with the improvements in database indexing
  • Resolved Slow Query problem with new and upcoming products

  • Rich-text-editor options enhanced. FCKeditor and TinyMCE editor plugins available in downloads area for v1.3.5 and newer.

  • Attributes ... while shopping, if a customer makes an error and fails to choose a required attribute, their previous selections for pulldowns were not remembered. This is now fixed.
  • Added: Optional alpha sorter pulldown menu in product listing and search results. Enable in Admin->Configuration>Product Listing
  • Added: Store Manager now has an optional button to use for optimizing database tables
  • Added: metatags can now have a user-selected divider, rather than just "space" (ie: comma)
  • Added: new notifiers added to password, address-book, checkout-process, checkout-shipping
  • Added: Product Listing now has option to display category image or not
  • Added: Site Map now enables/disables options using same settings as information sidebox
  • Added: search input fields now reinstate the default text if user clicks away from the field
  • Added: Admin->Customers->Orders page now has "edit" navigation button
  • Added: legend on/off indicators for payment/shipping/ot modules for clarity
  • Added: customer email notification upon customer status change from customer-listing screen
  • Added: Zones Definitions description now shows in admin geozones listing
  • Added: completed-order details available to checkout_success template for use by affiliate-tracking systems
  • Added: Email footer now contains CC type if CC was used for payment
  • Added: Checkout-Shipping page now explains that no options are available if no available options exist, rather than just leaving the selection area blank and confusing the customer
  • Added: style classes added for images on product listing to allow option for borders etc
  • Added: down-for-maintenance sends HTML 503 header so spiders return later and don't index the "down" page
  • Added: Checkout-payment page now explains that no options are available for customer's region if zones have restricted modules from display, or none are available for other reasons
  • Change: currency-updater now suppresses errors and also attempts to use cURL if normal attempts fail to retrieve currency data
  • Change: CSS-per-page was grabbing too many wildcard matches. Logic improved.
  • Change: renamed class.phpBB.php to lowercase for consistency
  • Change: stylesheet selector #cartAttribsList changed to .cartAttribsList so that the ID wasn't used repeatedly within a loop
  • Change: USPS module no longer uses obsolete password field. Updated help text for clarity.
  • Change: individual add-to-cart buttons and qty box now available on product-listing
  • Change: reinstated alternating-colors for all-products listing page
  • Change: add style support for odd/even rows on checkout-confirmation page
  • Change: admin configuration editor allows click on labels, not just radio buttons
  • Change: admin user edit screen no longer displays unused level/demo options
  • Change: POST data removed from navigation class
  • Change: Updated descriptions and helptext in various payment/shipping modules for clarity
  • Change: default image folders are now set for categories and manufacturers
  • Change: newsletter manager lock/unlock removed
  • Change: attributes using radio buttons, if only 1 option in gang ... are auto-selected for cust
  • Change: Shipping modules: Zones and Tables now can do Price or Weight or Items
  • PayPal: downloadable items paid by eCheck are now activated upon eCheck clearing
  • PayPal: multi-currency translator support repaired for currencies not handled natively by PayPal
  • PayPal: debug logging support added
  • PayPal: PayPal store-name display override added to language file. default: "store name purchase"
  • Bugfix: Deleting Images from admin for products, changed to work with recent browser updates: Added checkbox to handle removal.
  • Bugfix: Nick Name labels for forum now consistently displayed, and "*required" shows correctly
  • Bugfix: Zone problems related to adding addresses during checkout resolved
  • Bugfix: Zone problems where grabbing similar zones would ignore selected entry resolved
  • Bugfix: resolved display problem of "referral source" field in My Account->Edit
  • Bugfix: File Upload status messages now show when using upload attributes
  • Bugfix: table-cell alignment fix in tpl_tabular_display
  • Bugfix: My Account display of order information uninitialized array repaired
  • Bugfix: My Account display of newsletter/notifications now turns off properly via admin switch
  • Bugfix: Admin->Customers wasn't showing linked customer reviews stats properly
  • Bugfix: Shopping Cart sidebox had display blocks misaligned within loops
  • Bugfix: fixed problem with duplicates in whos_online display
  • Bugfix: shopping cart qty box no longer drops too many products when clicking update
  • Bugfix: prev/next now displays properly when "always show cat" is set to 1
  • Bugfix: when logging out, customer-selected language is retained until session expires
  • Bugfix: duplicate status indicators removed from order status html-email notices
  • Bugfix: email option for "sendmail-f" reinstated
  • Bugfix: fixed html syntax error on checkout-shipping-address page
  • Bugfix: CC module no longer stores full CC numbers
  • Bugfix: admin legends with red icons displayed inconsistent ALT texts
  • Bugfix: Breadcrumb issues with "Categories Always Show" switch set to a specific category
  • Bugfix: separated featured/specials properly in Admin->Catalog->Featured
  • Bugfix: phpBB link sometimes didn't detect properly if phpBB only partially existed.
  • Bugfix: error in FILENAME_FEATURED_PRODUCTS when multiple-add-to-cart was turned off
  • Bugfix: fixed attributes display of "Please Choose:" when READONLY are used
  • Bugfix: cPath problems on searches and filters resolved
  • Bugfix: reinstate functionality of admin switch for Minimum Value of Also Purchased Products
  • Bugfix: reinstate out-of-stock indicators on checkout_confirmation page
  • Bugfix: metatags handles manufacturer filters correctly
  • Bugfix: metatags handles unknown page correctly
  • Bugfix: also-purchased-products centerbox no longer queries the database if disabled
  • Bugfix: checkout restrictions fixed where gift certificate/coupon used and payment module not properly selected
  • Bugfix: adding a new admin was logging into new admin's account immediately (RG problem)
  • Bugfix: admin product-type listing now goes to edit layout mode upon clicking
  • Bugfix: ez-pages listing includes navigation buttons
  • Bugfix: languages_code setting for some admin areas wasn't set properly including editor
  • Bugfix: checkout_confirmation page has SSL link to shopping-cart to retain session for edits
  • Bugfix: fixed XHTML error on contact-us page
  • Bugfix: fixed line-spacing problems on support files for phpMailer. Added .htaccess to folder.
  • Bugfix: repaired pulldown form in customers-edit screen
  • Bugfix: HTML Emails were inserting @CRLF incorrectly for BR and P tags
  • Bugfix: restored linefeed-handler setting for emails
  • Bugfix: style added to handle "order_history" sidebox content so UL wasn't misaligned
  • Bugfix: upcoming-products page was showing disabled products
  • Bugfix: zones shipping module wasn't honoring tax-basis setting properly
  • Bugfix: phpBB link in information sidebox builds smarter based on 1.3 syntax change
  • Bugfix: SMTP server port setting reinstated
  • Bugfix: checkout cart-contents areas have a CSS selector
  • Bugfix: Page Not Found page now sends HTML 404 header
  • Bugfix: table shipping module now works with total, weight, and items
  • Bugfix: free shipping enhanced to work with item/weight/price on shipping modules
  • Bugfix: group-pricing module wasn't working with tax classes properly
  • Bugfix: Default Order Status was being set too early for zero-balance orders
  • Bugfix: redemption of Gift Certificate from GV-FAQ page fixed
  • Bugfix: phpBB error of duplicate email upon editing customer name resolved
  • Bugfix: product+download combo items excluded from free-shipping price or item
  • Bugfix: shipping modules were not consistently handling weights < 1
  • Bugfix: product-status was being set to off incorrectly if quantity was <1 instead of <=0
  • Bugfix: Version Info listing of database-upgrade history was sorted incorrectly and displayed some duplicates.
  • Bugfix: footer bar logic changed for ez-pages listing to remove a DIV that caused troubles
  • Bugfix: company field-validation on create-account wasn't happening
  • Bugfix: qty boxes weren't hiding properly using pulldown filter sideboxes
  • Bugfix: SQLPatch no longer mistakenly displays debug results of processed SQL statements
  • Bugfix: some "extra_" folders were loading non-php files mistakenly
  • Bugfix: More MySQL5 fixes implemented to prevent datatype errors requiring STRICT_TRANS_TABLES disabled. These fixes are not exhaustive. Still not MySQL5-certified
  • Bugfix: group-pricing and coupons order-total modules not calculating taxes correctly. Structurally improved to be full credit-class modules.
  • Bugfix: improved garbage-collection routines for session-handling
  • Bugfix: Shipping estimator page was not properly nesting table components
  • Bugfix: Admin... when editing customer records, customer's "zone" would be busted and replaced with the 2-letter state abbreviation, resulting in broken tax calcs in next checkout
  • Bugfix: Shipping Estimator now remembers more information about customer in popup unless a timeout occurs
  • Bugfix: product_music template was not showing genre and artist information
  • Bugfix: address-book restrictions less than 2 was still showing "change address" on checkout
  • Bugfix: sort order problem on modules in admin was preventing some modules from triggering if sort orders were the same
  • Bugfix: Admin password-forgotten is now treated as an SSL page
  • Bugfix: the category icon display on product-info pages now allows image option on/off
  • Bugfix: fixed stylesheet problem with category tabs in Opera
  • Bugfix: more reliable logic for stripping non-numeric characters from gv/coupon inputs
  • Bugfix: removed empty <div> when banner is blank and no tagline defined for tpl_header