- CSRF Verification is now functional again
- CSRF throws CSRFException
- XSS clean can now be disabled in the config globally. Once disabled, this can't be overridden
- X-Powered-By header is now always suppressed
- WebComponent now assigns global variables to the LayoutEngine.
- CSRF Exceptions can be handled by a view, if this one implements the securityExceptionHandler() method
- Error403 page added
