# Changelog

## 1.7.2
- UX: About tab expanded with clearer purpose, scenarios, and direct links (plugin/author/support).
- New (General): Optional settings export download toggle (admin-only, nonce-protected endpoint).
- New (Restrictions): Optional, dismissible 2FA reminder notice (notice-only; no integrations).
- Fix: Prevent redirect loops when a blocked-screen redirect destination is also restricted.
- Maintenance: Documentation updates and minor UI consistency cleanup.

## 1.7.1 (WP.org-ready)
- Hardened options sanitization (single source of truth).
- Strict JSON import validation and clearer errors.
- Added capability/nonce/HTTP response hardening for admin flows.
- Improved admin notice markup (valid HTML) and log UI performance.
- Validated per-user targeting to prevent admin/super-admin selection.
- Packaging clean-up and release checklist.
- Follow-up hardening: stricter POST/GET handling for profile lock and custom screen matching, safer preset input casting, and code style fixes (whitespace/indentation).
- UX: Moved the About screen into an About tab (reduced admin menu clutter).
- New: Added optional restriction toggles (Hide Screen Options only, Block Customizer, Block Users screens).
- New: Added optional Safe Mode toggle to block destructive capabilities (delete plugins/themes).