diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT
index 2b59e028..948952dc 100644
--- a/CHANGELOG.TXT
+++ b/CHANGELOG.TXT
@@ -10,51 +10,322 @@
 # $Id$
 
 # (last real update was in r1166 - the above Id: was a minor change)
-Version ***svn*** - 2009/12/26 - SVN r***
+Version ***svn*** - 2013/12/09 - SVN r***
 -----------------------------------
 
 
-  - NOTE: changes from the 2.3 branch also apply to this version
-  - use smarty for templates
-  - new command-line interface for PostfixAdmin (scripts/postfixadmin-cli)
-  - add ability to choose activation date, end date and reply interval for vacation message
-*** reply interval needs rework, https://sourceforge.net/tracker/?func=detail&aid=3508083&group_id=191583&atid=937966
-  - add support for total quota per domain - $CONF[domain_quota]
-  - redesign login page, list and edit pages (goodbye, green!) and made them wider
-  - new config option $CONF['theme_custom_css'] - allows to add some custom CSS
-    without editing the default CSS file.
-  - changed default of $CONF['admin_email'] to '' (not set).
+  Summary of major changes:
+  - new command-line interface "postfixadmin-cli"
+  - major rewrite:
+    - move lots of code into *Handler classes, which are used by web and
+      command-line interface
+    - replace various edit-*.php and create-*.php with a generic editform
+      (edit.php/editform.tpl)
+    - this also means it's easy to customize forms, add fields etc.
+      (see $CONF['*_struct_hook'])
+    - lots of code cleanup, remove/merge lots of duplicated code and templates
+    - use smarty for templates
+  - various enhancements everywhere
+  - redesign login page, list and edit pages (goodbye, green!) and make them wider
+  - several new config options and changed defaults
+  - NOTE: changes from the 2.3.x releases also apply to this version
+  
+  new config options:
+  - $CONF['language_hook']
+    Hook function to override or add translations to $PALANG.
+    Example hook function included (commented out).
+  - $CONF['password_validation'] - array with regular expressions to check
+    if a password is valid/good enough.
+    The default configuration enforces:
+    - minimum length 5 characters/digits/whatever
+    - at least 2 characters
+    - at least 2 digits
+  - $CONF['*_struct_hook'] - make $struct in the *Handler classes customizeable
+  - $CONF['vacation_replytype_control'] - allow selecting vacation reply interval
+******* and various other options related to this feature ***********
+  - $CONF[domain_quota] - total quota per domain
+  - $CONF['theme_custom_css'] - to add some custom CSS without editing the
+    default CSS file
+  - $CONF['motd_*'] - replaces motd*.txt
+  
+  changed config defaults (with their new default value):
+  - $CONF['database_type'] = 'mysqli';
+  - $CONF['dovecotpw'] = "/usr/sbin/doveadm pw";
+    $CONF['new_quota_table'] = 'YES'; (for dovecot 2)
+  - $CONF['domain_path'] = 'YES'; $CONF['domain_in_mailbox'] = 'NO';
+    (results in domain.tld/username/ maildirs)
+  - $CONF['alias_control'] = 'YES'; $CONF['alias_control_admin'] = 'YES';
+  - $CONF['backup'] = 'NO';
+  - $CONF['show_status']='YES'; $CONF['show_status_key']='YES';
+    $CONF['show_undeliverable']='YES'; $CONF['show_popimap']='YES';
+    $CONF['show_undeliverable_exceptions'] - "gmail.com" removed
+  - $CONF[*_post*_script] - add empty defaults
+  - $CONF['admin_email'] = ''
     IMPORTANT: If set, this will be used as mail sender for all mails
     (2.3.x used the currently logged in admin's username in most cases).
     $CONF['admin_email'] = '' will match the 2.3.x behaviour.
-  - replaced motd*.txt with $CONF['motd_*']
-  - DOCUMENTS/POSTFIX_CONF.TXT is now executable and can generate the
-    mysql_*.cf maps for postfix
+  
+  removed config options:
+  - $CONF['min_password_length'] - now handled in /.{5}/ in
+    $CONF['password_validation']
+  - $CONF[postfix_admin_url] - relative paths are now used everywhere
+  
+  list-virtual.php:
+  - display percentage of quota usage
+  - display alias domains less confusing (using From/To)
   - list-virtual can now display only mailboxes, only aliases or only alias
     domains - or all in one page as in 2.3
-  - extreme speedup of page browser in list-virtual if a large number of 
+  - extreme speedup of page browser in list-virtual if a large number of
     mailboxes or aliases exist
-  - display alias domains less confusing (using From/To)
-*** TODO: make "all" the default? ***
-  - merge search.php functionality into list-virtual.php (which brings various
-    bug fixes for free)
-  - don't mark mailboxes with vacation active as undeliverable
+  - include search support (replaces search.php and brings various bug fixes
+    for free)
+  - fix: delivery to mailbox with a recipient delimiter (mailbox+foo@domain)
+    was marked as "forward only"
+  - fix: don't mark mailboxes with vacation active as undeliverable
   - fix: undeliverable targets were not flagged if another target pointed to a
     domain in $CONF[show_undeliverable_exceptions]
-  - move lots of code into classes (model/*Handler) which is then used by the
-    webinterface and the commandline interface
-  - supress warnings about PHP's date.timezone not set at various places
-  - table_by_key function now always prepends $CONF['database_prefix'] even if
-    $CONF['database_tables'][$table] is not set. If you have/had an incomplete
-    database_tables array and use a database_prefix, you might need to rename/
-    add the database_prefix to the affected tables manually.
-*** TODO: add a check/warning in setup.php? ***
-  - cleanup of $PALANG - removed lots of duplicated texts
-    (which means less texts to translate)
+  
+  fetchmail.php, fetchmail.pl:
+  - add sslcertck, sslcertpath, sslfingerprint fields/check
+    (sslcertpath and sslfingerprint require $CONF[fetchmail_extra_options]
+    because they don't have input validation)
+  
+  functions.inc.php
+  - allowed_quota: if $CONF[quota] == NO, just return 0 (unlimited)
+  - authentification_get_username() - honor POSTFIXADMIN_SETUP to avoid
+    a redirect to login.php after creating an admin with setup.php and to
+    get "SETUP.PHP" for db_log()
+  - check_domain(), check_email(): instead of calling flash_error(),
+    return string with error message - or empty string if everything is ok
+  - check_email():
+    - replace $CONF[vacation_domain] only at the end of the mail address
+    - don't trim() mail address to avoid that aliases starting with a space are
+      allowed. This fixes http://sourceforge.net/p/postfixadmin/bugs/210/
+  - check_language(): remove things like ";q=0.8" before checking if
+    a language exists
+  - check_owner():
+    - escape_string() $username and $domain to prevent SQL injections
+  - db_pgsql() - new function to replace lots of
+    "if ($CONF[database_type] == 'pgsql')) checks
+  - db_delete(): allow to specify additional conditions for the WHERE clause
+  - db_get_boolean(): allow 0 and 1 as parameters, not only boolean true/false
+  - db_log():
+    - allow log actions create_admin and edit_admin
+    - add edit_admin_state and delete_admin as comment/reminder that they
+      should also be logged
+  - db_query(): error_log() failed query
+  - db_where_clause($condition, $struct) - new function to create a WHERE clause
+    (bool values are converted with db_get_boolean() based on $struct)
+  - _flash_string():
+    - also accept an array of messages, not only a string
+    - html-escape messages to fix XSS if the message contains user-supplied input
+  - generate_password(): make generated password always 8 chars long
+    (instead of $CONF['min_password_length'])
+  - get_domain_properties(): use DomainHandler (function result mostly
+    unchanged, only difference: instead of quota_sum in bytes it now
+    returns total_quota in MB)
+  - list_domains_for_admin():
+    - rewrite to work for superadmins also (will list all domains now
+      instead of "ALL"), which means we can drop the admin vs. superadmin
+      check at various places
+  - pacrypt():
+    - no longer escape_string() the result. This fixes
+      http://sourceforge.net/p/postfixadmin/bugs/218/
+    - for 'system' encryption, use full hashed password as salt
+    https://sourceforge.net/p/postfixadmin/bugs/2/
+    - dovecot:*:
+      - add support for dovecot *-CRYPT passwords (needs dovecot >= 2.1)
+      - allow "." in dovecot method (to allow a suffix like ".b64")
+      - Also, the {METHOD} part is no longer removed (passwords without
+        {METHOD} still work)
+  - remove_from_array() - new function
+  - safesession() - new function (like safeget(), but for $_SESSION)
+  - smtp_mail(): error_log() the error message if fsockopen() fails
+  - table_by_key() now always prepends $CONF['database_prefix']
+    NOTE: If you have/had an incomplete database_tables array and use
+    $CONF['database_prefix'], you might need to rename the affected tables
+    manually (add the database_prefix in their name).
+  - moved several functions to the *Handler classes
+  - deleted no longer used functions:
+    - admin_exist()
+    - authentication_is_admin()
+    - authentication_is_user()
+    - boolconf() (moved to Config::bool())
+    - check_string()
+    - create_admin()
+    - check_alias() (moved to AliasHandler->create_allowed())
+    - db_boolean_to_int()
+    - domain_exist()
+    - get_admin_properties()
+    - get_mailbox_properties()
+  - get rid of global $table_* variables, use table_by_key() instead
+  
+  PFAHandler.php:
+  - parent class for all *Handler classes
+  - contains code shared between all classes
+  
+  AdminHandler.php:
+  - Handler class for admins
+  - for now, set the superadmin column and add "ALL" in domain_admins to
+    keep the database backwards-compatible with 2.3.x
+  
+  AdminpasswordHandler.php:
+  - used for the "change password" form for admins
+  
+  DomainHandler.php
+  - handler class for domains
+  - delete(): do not allow to delete a domain if it is an alias domain target
+  
+  AliasdomainHandler.php:
+  - handler class for alias domains
+  - alias domains can now be edited
+  
+  AliasHandler.php:
+  - rewrite based on PFAHandler
+  - we even get a "deliver to local mailbox" checkbox :-)
+  - only allow @domain as target if $this->id is a catchall
+  - remove deprecated functions:
+    - get()
+    - hasStoreAndForward()
+    - update()
+    - is_mailbox_alias()
+    - is_vacation_address()
+    - hasAliasRecord()
+  
+  MailboxHandler (previously named UserHandler in 2.3):
+  - rewrite based on PFAHandler
+  - drop old __construct(), view() and change_pass()
+  - replace check of old password in change_pw() with $this->login
+  - delete(): also cleanup fetchmail, quota and quota2 tables
+  - always check password with validate_password()
+  - always display correct available quota (using allowed_quota())
+  - do not escape the password coming from $_POST. Fixes
+    http://sourceforge.net/p/postfixadmin/bugs/218/
+  
+  VacationHandler:
+  - rewrite based on PFAHandler (not useable yet)
+  
+  ------------------------------------------------------------------------
+  
+  vacation:
+  
+  - add ability to choose activation date, end date and reply interval for
+    vacation message
+*** reply interval needs rework,
+*** http://sourceforge.net/p/postfixadmin/patches/111/
+  
+  vacation.pl
+  - encode subject
+    https://sourceforge.net/p/postfixadmin/bugs/272/
+    https://sourceforge.net/p/postfixadmin/patches/119/
+  
+  
+  
+  
+  r1373 | GingerDog | 2012-04-19 23:55:36 +0200 (Do, 19. Apr 2012) | 1 Zeile
+     M /trunk/VIRTUAL_VACATION/vacation.pl
+     M /trunk/config.inc.php
+     M /trunk/model/VacationHandler.php
+     M /trunk/templates/vacation.tpl
+     M /trunk/upgrade.php
+     M /trunk/vacation.php
+  
+  Merge jan-kruis's vacation interval reply behaviour - see
+  http://sourceforge.net/p/postfixadmin/patches/111/
+  
+     M /trunk/VIRTUAL_VACATION/vacation.pl
+  
+  add a friendly from address to vacation messages ("Vacation Service"); 
+  probably needs more work to beautify it though...;
+  
+  change error handling if we cannot
+  send the reply to be hopefully more robust
+  
+  - add $smtp_client config option to specify the helo name
+  - added custom noreply detection
+  
+  ------------------------------------------------------------------------
+  
+  Config.php
+  - new class to store $CONF
+  - also used to store $PALANG texts (Config::Lang())
+  - contains functions to read config entries in various ways (bool etc.)
+  
+  edit.php
+  - generic edit page for everything (admins, domains, mailboxes, aliases, ...)
+  - use ?table= parameter to decide what will be edited (basically $tableHandler)
+  - read handler-specific configuration from $handler->webformConfig()
+    and use it at various places
+  - always redirect to edit.php?table=$table after adding an item to
+    ensure correct initialization for next item
+  - call $handler->mergeId if $id_field is editable, but not displayed
+    in form (usecase: merge localpart + domain to address)
+  - set $form_fields and $id_field later (after $hander->init()) - needed
+    for AliasHandler to decide if goto_mailbox should be displayed
+  - only set $values if a field is editable and displayed in the form
+  
+  editform.tpl:
+  - generic edit form template, uses $struct to render the form
+  - implement handling of 'list' fields (<select> with multiple choices
+    allowed)
+  - also include alternative implementation with checkboxes (commented out)
+  
+  upgrade.php
+  - _pgsql_field_exists(), _mysql_field_exists():
+    Those functions are always called with the expanded table name - don't
+    expand it twice. (The better solution would be to change all calling
+    code to provide non-expanded tablenames, but that's more work.)
+  - change {BIGINT} to include "NOT NULL DEFAULT 0"
+  - upgrade_1283(): add a "superadmin" column to the admin table
+    This is the first step to get rid of the "ALL" dummy domain.
+  - upgrade_1284(): migrate the ALL domain to the superadmin column
+    Note: The ALL domain is not (yet) deleted to stay backwards-compatible
+    for now (will be done in a later upgrade function)
+  
+  setup.php:
+****** TODO: fix the TODO ;-)
+  - add TODO note to check for PHP >= 5.2.3 because smarty uses
+    htmlentities with 4 parameters (4th param added in PHP 5.2.3)
+  
+  login.php
+  - when login.php is requested, logout the current admin/user
+    https://sourceforge.net/p/postfixadmin/bugs/284/
+  - this also means login.php is now used for logout
+  - error_log() failed login attemps
+    https://sourceforge.net/p/postfixadmin/feature-requests/111/
+  
+  delete.php, editactive.php:
+  - require token for CSRF protection, see
+    https://sourceforge.net/p/postfixadmin/bugs/269/
+  
+  xmlrpc.php:
+  - adopt to *Handler syntax
+  - setAway(): add (optional) new parameters for interval_time, activeFrom and
+    activeUntil - https://sourceforge.net/p/postfixadmin/patches/113/
+  - change $_SESSION['username'] to $_SESSION['sessid']['username']
+***** Note: the changes in xmlrpc.php are untested!
+  
+  *.lang:
+  - get rid of several duplicate texts
   - removed HTML tags from $PALANG texts
   - several translation updates
-  - merged templates for "edit" and "create" forms and for user and admin mode
-  - lots of code cleanup, removal of duplicated code etc.
+  
+  documentation updates:
+  - SECURITY.TXT: add note about templates_c directory
+  - DOCUMENTS/POSTFIX_CONF.TXT is now executable and can generate the
+    mysql_*.cf maps for postfix
+  
+  Debian packaging:
+  - Changed source format to 3.0 (quilt)
+  - simplified the DB credential patch and removing ucf registrations on package
+    purge...
+  - control: added php5-cli dependency
+  - rules:
+    - some permission fixes to postfixadmin-cli scripts
+    - New target prep: Create a needed tar.gz file to build a non-nativ .dpkg
+    - New target build-package: Call this target to build a shiny new .dpkg file
+  - postfixadmin.docs: removed redundant changelog file
+  - debian/postfixadmin.postrm: Call wwwconfig scripts only if they are existing
 
 Version 2.3.6 - 2013/01/02 - SVN r1417 (postfixadmin-2.3 branch)
 ----------------------------------------------------------------