* Fixed: source parameters specified when posting on the web (for example, as part of a link from a "Tweet This"/"Share This On Twitter" button) were being ignored.

* Fixed: /friendship/exists.json was returning "true" and "false" as strings, not boolean literals, as they should in a proper JSON response.

* Fixed: some methods were defaulting to JSON when no format was specified. A format must be specified for all API calls.

* Security: it was possible to discover the currently logged-in user via an unauthenticated call to the /statuses/user_timeline method. This is a potential privacy concern, and was disabled.

* Fixed: Atom feeds for timelines incorrectly reported all user profile pictures as image/png.

* Fixed: Requests with &id= and no value returned a user rather than an error. Now an error is returned.

* Fixed: the /statuses/replies method did not support the count parameter to control the number of statuses returned. Support for the count parameter was added.

* Feature: new API methods for retrieving lists of user IDs from the social graph, /friends/ids and /followers/ids.

* Fixed: updates to the name and location fields would silently fail when the data was too long and would later be truncated. The methods now correctly report an error.

* Security (OAuth): Fixed a bug where the application authorization form did not require the POST request come from the same domain.

* Feature (OAuth): Added the ability to use non-http callback URLs for iPhone development.

* Fixed (OAuth): Improved error messaging on OAuth protocol failures.

* Fixed (OAuth): Changed access token generation to prevent truncation problems reports via feedback.

* Fixed: Calls to /friendships/exists.json were returning incorrect results.

* Feature: The /users/show call now accepts the parameters user_id and screen_name to allow disambiguation of numeric screen names.

* Security (OAuth): Misconfigured applications could use insecure PLAINTEXT signatures. This has now been explicitly disallowed.

* Fixed (OAuth): Changed OAuth tokens to work correctly during database replication delays.

* Feature (OAuth): Removed the approval process for new applications. New applications will be allowed by default and we will review and revoke as needed.

* Fixed: The new /user/show calls with user_id and screen_name parameters were incorrectly returning the wrong data due to a caching bug.

* Feature (OAuth): Added the ability to regenerate the client key and secret in the event the secret gets leaked.

* Feature (OAuth): Added support for callback urls with query strings.

* Fixed (OAuth): The approval page incorrectly said all application needed update access. Now this is correctly displayed per application.

* Fixed (OAuth): The oauth_callback parameter is now retained if the user choses to sign in as a different user.

* Fixed: New accounts would silently allow over sized values in some profile fields and the bad data would later be truncated. The system now correctly reports an error.

* Fixed: The /friends/ids and /followers/ids no longer require authentication for protected users.

* Fixed: The /friends/ids and /followers/ids now support the callback parameter for JSON.

* Fixed: Statuses ending in "..." are no longer incorrectly trimmed when displayed on twitter.com.

* Feature (Search): You can now search for ticker symbols like $DIA.

* Feature (OAuth): Added an oauth_access_type parameter to the authorize URL so applications can specify read/read write per user.

* Fixed (OAuth): There was a delay after an application was approved where requests would not work. This has been corrected.

* Feature (OAuth): The OAuth closed beta has ended and OAuth is now open to all for a more extensive beta.

* Feature (Search): Trend reports are now available for current, daily, and weekly timeframes.

* Feature (REST): Timeline methods now support a max_id parameter. (Issue #152)

* Fixed (REST): Methods with id parameters now accept user_id and screen_name parameters for disambiguation. (Issue #354)

* Feature (REST): Added rate limit status to HTTP response headers as X-RateLimit-Limit and X-RateLimit-Remaining

* Fixed (OAuth): Fixed an issue where application icons were not being saved. Icons missed will show up eventually but developers can re-upload to fix the issue.

* Feature: Added a /friendships/add/[screen_name]page for 3rd party sites to refer web users to for following new people.

* Feature (REST): statuses/replies now includes mentions. Announcement Thread.

* Feature (REST): Added rate limit HTTP response header X-RateLimit-Reset.

* Fixed (REST): The since_id parameter on direct messages had recently stopped working and was repaired.

* Feature (REST): User objects are now returned with all possible attributes everywhere in the API. Previously, only some methods returned the "full" or "extended" representation of User objects. Announcement Thread.

* Changed (REST): The since parameter and If-Modified-Since header are no longer supported.

* Fixed (REST): Methods documented as requiring GET were allowing POST and not counting the rate limit correctly. These methods now require GET and return an error message if POST is used.

* Fixed (REST): The /users/show.$fmt method now thorws a 404 error if no recognized parameters are given.

* Fixed (REST): The deprecated email parameter was being silently ignored, an error is now returned.

* Fixed (OAuth): Rate limiting was incorrectly by IP only when using the Authenitcation header. This has been corrected.

* Fixed (OAuth): Error messaging for OAuth clients is now more detailed.

* Fixed (REST): Direct message objects were not returning the large user representations in json responses. They will now begin doing so.

* Fixed (REST): Calls to direct message XML methods were incorrectly displaying the nilclass root tag. This has been corrected.

* Feature (REST): Added /direct_messages/show/$id.$fmt method (where $id is the direct message id and $fmt is xml or json)

* Feature (OAuth): Added provisional support for "Sign in via Twitter" for OAuth applications. An official annoucement will follow after full support is available.

* Fixed (OAuth): Accented characters in statuses were causing signature error for OAuth clients. This has been corrected.

* Fixed (REST): Attempting to direct message yourself failed and returned a direct message from cache. You can now direct message yourself again.

* Fixed (OAuth): non-ASCII characters in POST parameters were incompatible afte the April 9th change. That incompatibility was corrected.

* Fixed (REST): The since_id parameter now works on the /direct_messages/sent method

* Fixed (OAuth): All application image updates were reporting the image was too large. This has been corrected.

* Fixed (REST): Changing your profile image on the web was not reflected in the API. This has been corrected.

* Fixed (Search): The atom results did not contain a language element for each status. A twitter:lang element has been added.

* Fixed (REST): When sending Direct Messages reaching the limit now returns HTTP 403 instead of HTTP 500.

* Fixed (REST): When uploading a new background image via the API the result was not immediately reflected. This has now been fixed.

* Feature (REST): Support the user_id and screen_name parameters for friendships/create, friendships/destroy, notifications/create, and notifications/leave.

* Feature (REST): Support the max_id parameter for direct message pagination.

* Fixed (REST): Basic authentication now works with passwords containing a colon. (issue 496)

* Fixed (REST): Error message during downtime now matches documented response. (issue 300)

* Deprecated (REST): Support for the oauth_callback parameter has been removed due to security vulnerability. (discussion)

* Fixed (OAuth): OAuth images are properly served from through HTTPS. (issue 476)

* Feature (REST): The in_reply_to_status_id can now reference any mentioned user. (announcement)

* Feature (REST): The social graph methods now support pagination via the page parameter so you can work with very large users. (issue 518)

* Feature (REST): Added methods to retrieve blocking information: blocks/exists, blocks/blocking, blocks/blocking/ids. (issue 9)

* Deprecation Announced (REST): and elements will be moved to their own method in the near future. (announcement)

* Fixed (REST): Background images uploaded via the API now take effect immediately (issue 451)

* Fixed (OAuth): Using the authenticate method with force_login=true incorrectly returned the old users token.
There is still a known issue where the user is asked to accept the application each time. A fix is pending.

* Feature (OAuth): When retrieving the access token via the access_token call the screen_name and user_id are returned as well.

Fixed (REST): Social graph methods now correctly return 5000 items per page when the page parameter is used (issue 613)

Fixed (OAuth): Using the force_login parameter would incorrectly return an old token in some cases (issue 559)

Fixed (OAuth): Internet Explorer users were not being correctly redirected back to the originating site when using the authenticate method. (issue 644)

Fixed (OAuth): Internet Explorer users were seeing a warning about insecure items on OAuth pages.

Fixed (REST): The source parameter was incorrectly being reported as 'from web' in all cases (issue 634)

Feature (REST): Added access to saved search data: saved_searches, saved_searches/show, saved_searches/create, and saved_searches/destroy. (issue 605)

Feature (OAuth): Updated OAuth to 1.0a and added a PIN-based desktop workflow for OAuth apps. (announcement)

Fixed (Search): Search errors are now returned in the API format requested (issue 509)

Fixed (Search): Searches for never-used phrases incorrectly returned an error rather than 0 results. (issue 740)

Fixed (Search): The combinations of some operators with since_id incorrectly returned an error, now it returns results. (issue 742)

Feature (REST): Added screen_name and user_id attributes to direct_messages/new for disambiguation (issue 550, documentation)

Feature (REST): Added new friendships/show method (issue 474, documentation)

Fixed (REST): Partially fixed issue with tiling background images via the API (issue 650)

Fixed (OAuth): Added a more helpful error message when you try to use a request token in place of an access token.

Fixed (OAuth): Improved error handling when invalid data is submitted in place of a token.

Fixed (REST): The JSON returned in maintenance mode now correctly contains null rather than NULL (issue 703)

Fixed (Mail): Improved outbound email reliability (for apps parsing DM/friend emails)

Fixed (Search): Searches for accented and non-accented words are now combined. (issue 503)

Fixed (REST): The new friendships/show method no longer returns 502 on large users. (issue 757)

Feature (Search): Added Farsi/Persian to the list of available languages.

Fixed (OAuth): The oauth_access_type parameter was not respected in all cases. (issue 767)

Fixed (OAuth): Allow international domain names for OAuth URLs via punnycode input. (issue 772)

Feature (REST): API updates are now identified as being from API rather than web.

Feature (REST): The rate limit has been changed form 100 to 150. (documentation)

12:29 The documentation for the /search method specifies that all queries should be performed with an HTTP GET. On or after July 15, 2009, we will begin enforcing the use of HTTP GET for all queries. Requests sent to the /search method which are not performed with an HTTP GET will be met with an HTTP 403 response. (announcement thread)

14:28 We are going to be moving images to a new domain (twimg.com) to streamline our image hosting and offer better performance. We hope this will have limited impact as will only change the image URL. Example URLs include:

Profile images:

http://s3.amazonaws.com/twitter_production/profile_images/35240332/2929920.gif

http://a0.twimg.com/profile_images/35240332/2929920.gif

Background images:
http://s3.amazonaws.com/twitter_production/profile_background_images/18156348/jessica_tiled.jpg.jpeg
http://a0.twimg.com/profile_background_images/18156348/jessica_tiled.jpg.jpeg

[ed: no word on when this will happen yet]

(announcement thread)