SimpleCaptcha was completely removed because it didn't prevent properly from spam attacks. Please make sure to update your templates if you did use it in custom forms in your site.
If you want to use ReCaptcha, you have to register your site with ReCaptcha for public and private keys and store them as parameters JEASE_RECAPTCHA_PUBLIC and JEASE_RECAPTCHA_PRIVATE in System > Parameters.
JTidy was replaced by the far more powerful JSoup. Please change your code if you've used JTidy directly in your templates.
Created a system information panel.
Login is now Application; allow to inject a customized Navigation via ZUL-parameter.
Refactored Navigation so it is easier to build a custom navigation.
Ref. Setup so easier reuse of existing code is possible for a customized setup.
Added commons-lang to provide a "standard" for developers (StringUtils, StringEscapeUtils, ArrayUtils, NumberUtils, ...). Replaced Validations with StringUtils.
Replaced JTidy with JSoup.
Replaced SimpleCaptcha with ReCaptcha.
Replaced most cmf.service.Filenames-methods with FilenameUtils.
Refactored Java- & JSP-Compiler into dedicated package.
Cleaned up all templates, services & domain renderers
Added User#isContentManager() which returns true if a user has access to roots and a specified role.
Refactor purge method from Tash control to Revisions.
Reversed order of Navigations.getPageTitle()
Reordered Markup for feeds.
Use "Content-Dispostion" inline for generated PDFs.
Fixed escaping for Discussions: better safe than sorry, so escape all user input before storing it into database. Use JSoup to parse HTML.
Use JSP-include for Image and Document to improve performance.
Improved code for Streams by using NumberUtils.
Servlets.write() now sets content length for binaries.
Added ObjectDatabase#getPersistenceEngine() to retrieve the currently used persistence engine (e.g. for tooling).
Check if the user in session is stored in database before auto-login.