- fixed: default placeholder tags where not replaced on system mails
- fixed: security vulnerability where a logged in user can discover the profile URL from a different user. (discovered by D.Jong from patchstack.com)
- improved: ajax operations are now checked against capabilities
- improved: updated "Preheader text hack" from Litmus