Copy/paste errors from 2002 (changes -> uifc.changes in the help text).
Use "save/restore" uifc.list() mode, rather than "remain active" for
"Save Changes" prompt - no need to leave the prompt visible while saving
changes.

When processing area manager netmail messages, SBBSecho can modify
(add/change) keys in the [node:*] section of the sbbsecho.ini file. Although
SBBSecho would read node sections that had a domain (e.g. 5D address) just fine
when processing area manager changes and writing those changes back to the
sbbsecho.ini, only 4D addresses (no "@domain") were used in the section naming.
This could result in duplicate node sections being created in the sbbsecho.ini
file (one with a "@domain", one without) and then "bad things" could happen
(e.g. BinkP authentication failures, packet authentication failures, etc.).

Now, when SBBSecho writes linked-node setting to the sbbsecho.ini, it first
checks for the full 5D address of the node and if that section exists, modify
it, otherwise fall-through to the 3D/4D address of the node for the sectoin
naming.

getting kind of crazy common now and being employed even when totally
unnecessary (e.g. encoding strings that contain just plain ASCII):
- normalize message header fields, when possible
- normalize UTF-8 encoded characters, when possible (e.g. special punctuation
  chars)

This allows text filters (e.g. subject.can, name.can) to work on MIME-encoded
header fields and notifications about received e-mails are legible to humans.

Encoded-words that contain actual non-ASCII/CP437 chars (e.g. foreign symbols,
emojis) are left as encoded-words to be dealt with by whatever displays the
message header.

Special handling of folded normalized field values was necessary because
"White space between adjacent 'encoded-word's is not displayed." (per RFC 2047)

line 34: Error: can't open \sbbs\exec\undefined.js: No such file or directory

This introduces a new request field send_content which indicates if the
content should be sent.  This covers various cases like HEAD responses
where there's an entity, but no content is sent as well as 204, 304, and 1xx
responses where there is not even an entity.

writebuf() will now enforce this, so there's no need for various checks
throughout the code to see if data should be sent or not.

Also, we now only set sent_headers after the headers are sent.

1) Send Content-Length even if we will be closing the connection.
2) Send the highest HTTP version in the status line that has the same major version.

2a98aeb09190301ba782ba2f79837332ae277ac93851d3066e63fecf6abe6f2a) as patched
by build/cl-*.patch and built with MSVC2015 for Win32-release.

I had to remove eap*.c from cryptlib32.vcxproj file to get it to build, but no
other changes.

resolved host-name on "Hostname:" log lines.

CryptSupport (default true), to:
PlainTextOnly (default false).

With this option, it is now possible to support CRAM-MD5 authenication while
not allowing encrypted sessions (inbound or outbound) - not sure why.

Support [chat_sec] for backwards compatibility (anyone actually using this
feature?).

a string on error which can be logged/displayed/ignored as desired by the
caller.
Catch JSON.parse() errors gracefully and return an error (string).

load({}, "sbbsimsg.js") with no args).
the sbbsimsg_lib.parse_active_users() will now return a string on failure, so
display appropriately.

1. The 'irc' mod options value was toggling the 'I' command key, not 'R'
   ('R' is for IRC, not 'I')
2. Use load({}, "sbbsimsg.js") so that the chat_sec options aren't blown-away
   by sbbsimsg.js

Enhancement:
- added support for 'imsg' option in [chat_sec] section of modopts.ini, if set
  to false, disables the inter-bbs instant message command key.

the avatar (data) cache separately in bbs.mods.

performance optimization.

BinkP session password ("SessionPwd") in sbbsecho.ini would cause BinkIT/BinkP
to behave as though a session password was specified. The reason for the change
to fidocfg.js (specifying a default value for "SessionPwd" as a blank string)
was to force the return value to a string so that numeric passwords were not
returned as numbers but rather strings.
The binkit.js and binkp.js code assumed that a blank password would be
'undefined' and not a blank string.
This commit changes binkit.js and binkp.js to treat all of the following
session password values as "no password" with respect to BinkP:
- false
- undefined
- blank string ('')

!JavaScript .../showmsgavatar.js line 27: TypeError: msg_area.sub[sub] is undefined

(strtok can return NULL).

Fixed a minor screen refresh bug: In Ice mode, the help line at the bottom wasn't erasing all of the new ESC menu options when exiting the ESC menu.  Updated the version to 1.66.1.

a pskreporter cache to avoid throttling.

Maidenhead object.

avatar for all message areas not otherwise given a default value).

imported, e.g.
jsexec avatars sub_default=/sbbs/text/avatars/silhouettes.bin

section of modopts.ini (the value is base64-encoded avatar data). If
the <sub_code>_default or <group_name>_default keys exist, those defaults will
be used as appropriate (both <sub_code> and <group_name> are lower-case).
The avatar options ([avatars] section) of modopts.ini is cached (in bbs.mods)
for performance reasons, so changes require a log-off/on to see.

Weird.

one or the other.