· Cross-site scripting attacks were fixed on several pages.
· An error in DefaultGroupProvide, certificate import, and the Flash cross domain handler were fixed.
· An IQ packet without the 'id' attribute could disconnect other users.
· Stream Compression has been re-added.
· A UTF-8 problem in HttpBindServlet has been fixed.
· The HTTPS port is once again working with HTTP Binding.
· A security flaw allowed authentication to be bypassed, allowing arbitrary code execution. This was fixed.
· JDBC and JID optimizations were done.
· This release adds a Slovenian translation.
· It updates the MINA library and Jetty server.
· Clients are no longer able to disconnect other clients.
· MUC lock could freeze the entire server.
· Resource conflict when running in a cluster was having synchronization problems.
· Sending non-Latin symbols in email messages is allowed.
· Closing idle HTTP sessions was not removing the user from groupchat rooms.
· Clearspace integration was improved.
· LDAP support was improved.
· Multiple conference services are supported.
· BOSH (HTTP Binding) was improved.
