The Release Notes include the following items:
Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl (Tom Lane)
This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity [...]
Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433).
Prevent infinite loop in ProcessIncomingNotify() after unlistening (Jeff Davis)
Prevent show_session_authorization() from crashing within autovacuum processes (Tom Lane)