The plugin team introduced two changes for the plugin guidelines. The topics are spam and the usage of libraries which are bundled with WordPress.
Additional security fix in 4.7.2
The original WordPress 4.7.2 post pointed out three fixed security issues. A fourth affected the REST API and was made public one week later because of its size, so as many installations as possible can get the upgrade before. On February 1, Aaron D. Campbell wrote about the security issue, and the reasons for the delayed disclosure in his post »Disclosure of Additional Security Fix in WordPress 4.7.2«.
Plugin guideline changes
Two points of the plugin guidelines changed. The twelfth guideline was modified to match the subject of spam and tags. Before that, it was only about »… may not contain ›sponsored‹ or ›affiliate‹ links or third party advertisements«. Now it forbids spam, like abusing tags, using more than twelve tags, and more.
Guideline 13, which formerly was about tags, now says that plugins need to use the libraries which are bundled with WordPress, instead of using own versions of them. More information about the changes can be found in the post »Plugin Guideline Change« by Mika Epstein.