* Feature: new API methods for retrieving lists of user IDs from the social graph, /friends/ids and /followers/ids.

* Fixed: updates to the name and location fields would silently fail when the data was too long and would later be truncated. The methods now correctly report an error.

* Security (OAuth): Fixed a bug where the application authorization form did not require the POST request come from the same domain.

* Feature (OAuth): Added the ability to use non-http callback URLs for iPhone development.

* Fixed (OAuth): Improved error messaging on OAuth protocol failures.

* Fixed (OAuth): Changed access token generation to prevent truncation problems reports via feedback.

* Fixed: Calls to /friendships/exists.json were returning incorrect results.

* Feature: The /users/show call now accepts the parameters user_id and screen_name to allow disambiguation of numeric screen names.

* Security (OAuth): Misconfigured applications could use insecure PLAINTEXT signatures. This has now been explicitly disallowed.

* Fixed (OAuth): Changed OAuth tokens to work correctly during database replication delays.

* Feature (OAuth): Removed the approval process for new applications. New applications will be allowed by default and we will review and revoke as needed.

* Fixed: The new /user/show calls with user_id and screen_name parameters were incorrectly returning the wrong data due to a caching bug.

* Feature (OAuth): Added the ability to regenerate the client key and secret in the event the secret gets leaked.

* Feature (OAuth): Added support for callback urls with query strings.

* Fixed (OAuth): The approval page incorrectly said all application needed update access. Now this is correctly displayed per application.

* Fixed (OAuth): The oauth_callback parameter is now retained if the user choses to sign in as a different user.