On * Fixed: some methods were defaulting to JSON when no format was specified. A format must be specified for all API calls.
* Security: it was possible to discover the currently logged-in user via an unauthenticated call to the /statuses/user_timeline method. This is a potential privacy concern, and was disabled.
* Fixed: Atom feeds for timelines incorrectly reported all user profile pictures as image/png.
* Fixed: Requests with &id= and no value returned a user rather than an error. Now an error is returned.
* Security: it was possible to discover the currently logged-in user via an unauthenticated call to the /statuses/user_timeline method. This is a potential privacy concern, and was disabled.
* Fixed: Atom feeds for timelines incorrectly reported all user profile pictures as image/png.
* Fixed: Requests with &id= and no value returned a user rather than an error. Now an error is returned.