+### Security
+- Disallow re-registration of previously deleted users, which allowed viewing direct messages addressed to them
+- Mastodon API: Fix `POST /api/v1/follow_requests/:id/authorize` allowing to force a follow from a local user even if they didn't request to follow
+
+### Fixed
+- Logger configuration through AdminFE
+- HTTP Basic Authentication permissions issue
+- ObjectAgePolicy didn't filter out old messages
+- Transmogrifier: Keep object sensitive settings for outgoing representation (AP C2S)
+
+### Added
+- NodeInfo: ObjectAgePolicy settings to the `federation` list.
+<details>
+ <summary>API Changes</summary>
+- Admin API: `GET /api/pleroma/admin/need_reboot`.
+</details>