I only know for the security part as their have changed the authentication hashing for encrypted password. What I can tell is the new hashing algorithm is really complex. They now use blowfish 60 chars long. It took me a while to match so I can support my poker game to new authentication scheme.
I already found the old hashing sha256 is already hard to crack. It could be the salt was stored on database and could be retrieved. Now, salt is no longer stored but randomly generated with preconfigured iterations makes it very very hard or even impossible to crack.
There is so many features they add I've not played around with.
I was administrator of a Xenforo forum for awhile and really enjoyed the updates. Although I wasn't involved in some of the more technical aspects of forum management, installing plugins was always a breeze.