This release features a stronger RSA encryption algorithm for certificate creation, prevents users from changing other users' passwords, fixes handling of AltBaseDN for LdapGroups members, logs stack traces while initializing SSLConfig, and fixes a problem with DefaultAdminProvider not including a default admin account.
Cross-site scripting attacks were fixed on several pages. An error in DefaultGroupProvide, certificate import, and the Flash cross domain handler were fixed.
An IQ packet without the 'id' attribute could disconnect other users. Stream Compression has been re-added. A UTF-8 problem in HttpBindServlet has been fixed. The HTTPS port is once again working with HTTP Binding.