As usual, full change log is available here. We’ve organized all of the PHP settings that UF can set (display_errors, log_errors, timezone, and error_reporting) under a single php key in the configuration files. So, please be aware of this potential breaking change.
Also, the CSRF blacklist now normalizes all URL paths to begin with / to make it consistent across different environments. Again, this might be a breaking change if you use CSRF blacklisting. Fixing this is easy - just add / to the beginning of your CSRF blacklist entries (after any ^ of course)!