This is a bug fix that prevents new installations of the EDS from acting as an open redirector. Existing systems will continue to function as one until locked down, but the presence of the new setting will prevent this behavior.
Existing deployments should add the "this.returnWhiteList" parameter to their copy of idpselect_config.js to lock down the redirection to the right set of hosts. As an example, the instance on shibboleth.net is set to:
The ordering of history in the _saml_idp cookie has been fixed to align with the spec. This means that the first time that the EDS is run after an upgrade the preferred IdP list will appear backwards. Some extra configuration has been added to allow better interoperation with the Shibboleth SP's use of the _saml_idp cookie.
The EDS now incorporates AIRA mark up which makes it usable by screen readers EDS-26 (work in progress)
The language bundles now include Japanese, Brazillian Portugese as well as German and English. The bundles are now shipped separately from the main configuration which means that no work is needed at upgrade time to take advantage of these languages.
Several new configuration options are included. See the documentation for details.