- Check the basic constraints extension when validating SSL/TLS certificates. This fixes a security hole that allowed a malicious man-in-the-middle to impersonate an IM server or any other https endpoint. This affected both the NSS and GnuTLS plugins. Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
# libpurple3 compatibility
- Encrypted account passwords are preserved until the new one is set.
- Fix loading Google Talk and Facebook XMPP accounts.
# Windows-Specific Changes
- Don't allow overwriting arbitrary files on the file system when the user installs a smiley theme via drag-and-drop.
- Updates to dependencies NSS 3.17.1 and NSPR 4.10.7
- Fix build against Python 3.
- Updated internal libgadu to version 1.12.0.
- Fix potential remote crash parsing server message that indicates that a large amount of memory should be allocated.
- Fix a possible leak of unencrypted data when using /me command with OTR.
- Fix potential remote crash parsing a malformed emoticon response.