[RM-1600] Tightened security of Groovy/Jelly transformers (and JEXL computed attributes). You can either run a script in a sandbox (and then an administrator can use a link from Manage Jenkins to approve legitimate API usages), or ask an administrator to approve the whole script. (The sandbox option is available only for Groovy.) Documentation: http://docs-latest.apps.cloudbees.com/docs/user-guide-bundle/template-sect-security.html
serializeOption was broken in 1.483+ for classes defined in plugins.
[ZD-13975] When deciding whether a template name needs disambiguation, consider shadowing by displayName, not name.
See issues in beta 1.
Security system is not polished yet. When creating a job fails due to a security failure, in Jenkins prior to 1.541 a stack trace is printed. Initial whitelist for sandbox is very small and typical scripts will need many entries added. UI-based management of approvals is limited (for example you cannot yet edit existing whitelist grants). Formal documentation not yet available.