#148 Failed logins can optionally count as security exceptions, allowing you to use the automatic IP blocking after a number of failed login attempts
Adding an Apply (Joomla! 1.5) / Save (Joomla! 1.7) button in the WAF Configuration page
Added back the WAF Exceptions feature on popular request
IP lookup link in security exception email
More options for the inactive user removal feature
Making all back-end links absolute instead of relative
DFIShield would block JCE's image and file managers
Access from blacklisted IPs would send out an email and trigger a log message. That's pointless.
The CHANGELOG div caused a horizontal scrollbar to display
The Yes/No labels in Configure WAF are always shown in English in Joomla! 1.6 and later
Notices thrown by pro.php
Only Super Administrators could access Admin Tools on Joomla! 1.6 and later
Joomla! 1.7 or later changed the way the integrated extension update system works, rendering our update feeds invalid (Note: Live Update was still functional, as it's a standalone update system)
.htaccess Maker would always allow PHP files inside the templates directory to be web-accessible. If your template requires direct access to .php files inside it (most often used to serve GZipped versions of CSS files) you MUST add exceptions manually in the .htaccess Maker as explained in the documentation and Troubleshooter Wizard.