- Fixes a security issue when importing statuses from Facebook, Twitter or Google Plus.
- Introduces support for PayPal Billing Agreements in Commerce.
- Introduces new REST API for developers.
- Changes the behaviour of media embedding in the editor so links that can be embedded no longer need to be on their own line.
- General bug fixes and improvements.
This release includes a security patch to resolve an XSS (Cross Site Scripting) issue. We would like to thank @newbie LAC for for responsibly disclosing this issue to us.