+** Authentication information is no longer sent as part of the Referer
+header in recursive fetches.
+
+** No authentication credentials are sent until a challenge is issued,
+for improved security. Authentication handling is still not
+RFC-compliant, as once a Basic challenge has been received, it will
+assume it can send credentials to any URL at that same host, and not
+just the ones at or below the original authenticated location.
+Credentials for Digest authentication are still never saved or issued
+automatically, and continue to require a challenge for each resource.
+
+** Added --max-redirect option, allowing the user to specify what should
+be the maximum number of HTTP redirects to follow.
+
+** Wget now saves HTTP downloads using file names specified by the
+`Content-Disposition' header. This is a standard way of specifying the
+file name used by many web dynamically generated pages. For the time
+being, Content-Disposition is not used by default, to avoid the extra
+round-trips incurred (must specify "-e contentdisposition=yes"); this
+may change in a future version. NOTE: This functionality is currently
+considered "experimental", and may not be fully functional.
+
+** The GnuTLS library is now also experimentally supported for https
+downloads. This is still work-in-progress. OpenSSL is still used by
+default; use --with-ssl=gnutls to build with GnuTLS. OpenSSL is still
+required for NTLM authorization to work, but this should eventually
+change. NOTE: Certificate verification is _not_ currently supported:
+this means that you can currently only use GnuTLS to encrypt
+connections, but _not_ to verify that a host is who it claims to be. Use
+of OpenSSL is suggested until this missing feature is implemented.