* Fixed security issue on public-side (XSS) (thanks zarathu) * Fixed path disclosure issue (thanks zarathu) * Search for posted and last modifed dates in article list * New tag: <txp:hide /> as a container for comments and other internal content * Changed tags: <txp:comments />, <txp:category_list />, <txp:section_list /> and <txp:image_index /> support 'sort' attribute * Distribute jQuery 1.1.2 as a default JavaScript library * Keep image properties on replacement * Add 'delete thumbnail' function * Support back end branding: customizable logo and color bar * Table sort indicators * Textile improvements * Fix non-utf8 mails (iso 8859-1) * better wrapping in admin-interface to prevent horizontal scrollbar * Add comment status to comment notification mails * Fix "infinite" pagination in rare edge cases * Work around apache bug for file-downloads (in connection with mod_deflate) * Fix error messages on wrong logins for older mysql versions * Fix comment spam blacklist false positives (see faq for 4.0.4) * Fix file_download-tag from showing the same url for different downloads (see faq for 4.0.4) * Fix disappearing comment preferences in certain ciscumstances (see faq for 4.0.4) * Fix "active class" in section_list, category_list * Better cooperation with some proxies (and other HTTP/1.0 clients) * Smarter comment submit button emphasises preview step * Optionally hide spam comments in back end list * Truncate longish article category titles in the write screen * Handle thumbnailing of larger images * Better MoveableType import * Fix some more IIS issues * New callback event: 'textpattern_end' * New callback event: 'ping' * New tag: <txp:article_url_title /> * Changed tag: <txpermlink /> loses default title attribute * Changed tag: <txp:file_download_link /> returns filename as an additional URL part * Many, many minor improvements, see: http://dev.textpattern.com/log/development/4.0/?action=stop_on_copy&rev=2443&stop_rev=1963