1.480.3 plugin POM published and so available as a baseline for plugins.
Various security fixes (SECURITY-13/16/46/47/55/59/60/61); see advisory for details.
SECURITY-54 (not exactly a security vulnerability but in response to the earlier fix of SECURITY-49): rather than forcing administrators to use their personal credentials (API token) to launch JNLP slaves installed as a service (and manually edit the slave configuration to effect this), slave service installers (for Windows, Mac OS X, and Linux) now store a secret tied to the slave rather than a user. Existing slave services will need to be recreated to take advantage of this feature.
Slow/hung web UI in 1.483+ (stuck in parseURI)
Avoid unnecessary downloads in FilePath.installIfNecessaryFrom
People page very slow when using Gravatar plugin, especially when also using older Subversion plugin.
Failure to delete old config files during rekeying on Windows (introduced in SECURITY-49 fix).
Possible race condition in RemoteClassLoader renders slave unusable
"Remember me on this computer" does not work, cookie is not accepted in new session. (Regression from SECURITY-49 fix.)
Earlier attempted fix for poor rendering performance of People page was ineffective.
Unconditionally displaying People link in side panel, since checking whether the result would be nonempty was much too expensive to do here.
Using file parameters could cause build records to not load. Solves the issue for newly created builds. Does not help loading pre-fix builds in which the upload temp file has been deleted; for these, you must manually delete <file class="org.apache.commons.fileupload.disk.DiskFileItem" serialization="custom">…</file> from the build.xml.
Lock contention in executor queue
Combobox component broken since 1.480
Fixed a potential issue with render-on-demand HTML fragments.
Diagnostics, though not a fix, for JNA-related error on Windows.
Partial amelioration of a memory leak.
NoClassDefFoundError on Base64 when launching an headless slave with -jnlpCredentials option, newly necessary as of SECURITY-49 in previous LTS. Less important with the fix of SECURITY-54 since that obsoletes this option.
Corrected instructions for passing -jnlpCredentials, relevant after SECURITY-49 fix.