These functions are already deprecated and replaced by the Mailer:: class. The deprecated tag was simply missing.
The user properties (login, real name, etc) where not properly escaped in the user manager's edit form. This allowed a XSS attack on the superuser by registered users. Thanks to Filippo Cavallarin from www.segment.technology for discovering this bug.
This also reverses the order of crypto protocols tried again. Using TLS first again. related to #915
The code reading .bz2 compressed files did not correctly check for possible read errors. In case of a corrupted file this could have led to an infinite loop. Thanks to Filippo Cavallarin from www.segment.technology for dicovering this bug.