+ - Security: Multiple IE cross site scripting issues related to the
+ generous parsing of the words 'expression' and 'url' by IE.
+ - Security: Removing @import when sanitizing html mail.
+ - Redesigned plugin hook system. do_hook_function() has been removed
+ and do_hook() now emulates do_hook_function()'s return value and
+ also has its plugin arguments passed by value, etc.
+ - Drop obsolete ORDB RBL from filters plugin (#1629398).
+ - Add warning about magic_quotes_* in configtest.
+ - Unify accepted versions for imap_server_type and set_defaults (#1629722).
+ - Improve attachment temp file creation.
+ - Add ability for listcommands plugin to show post and reply links for
+ user-configured non-RFC 2369-compliant lists; admin must enable by
+ configuring plugin. Thanks to Peter Steiner.
+ - Fixed HttpOnly cookies again.
+ - Update for switch from CVS to Subversion.
+ - Default provider URI link fixed (was broken when on plugin options pages, etc)
+ - Fix URL to send read receipts from read_body (#1637572).