+- Non-admin users now cannot register `admin` scope tokens (not security-critical, they didn't work before, but you _could_ create them)
+ - Admin scopes will be dropped on create
+- Rich media will now backoff for 20 minutes after a failure
+- Simplified HTTP signature processing
+
+### Fixed
+- /api/v1/accounts/lookup will now respect restrict\_unauthenticated