Security fix: on Windows, other applications were able to bind to the same TCP port as a PuTTY local port forwarding.
Security fix: in bracketed paste mode, the terminal escape sequences that should delimit the pasted data were appearing together on one side of it, making it possible to misidentify pasted data as manual keyboard input.
Bug fix (possibly security-related): an SSH-1 server sending a disconnection message could cause an access to freed memory.
Bug fix: Windows Plink would crash on startup if it was acting as a connection-sharing downstream.
Bug fix: Windows PuTTY now updates its terminal window size correctly if the screen resolution changes while it's maximised.
Bug fix: tweaked terminal handling to prevent lost characters at the ends of lines in gcc's coloured error messages.
Bug fix: removed a bad interaction between the 'clear scrollback' operation and mouse selection that could give rise to the dreaded "line==NULL" assertion box.