The Changelog seems to be mostly about the UI, security updates come from upstream, i.e. Firefox. But there’s this further down:

In response to recent privacy concerns, we’ve significantly strengthened Zen’s privacy measures. Previously, we only disabled telemetry, but some minimal pings were still being sent. Now, Firefox telemetry has been completely stripped out from the core.

Additionally, onboarding pages and initial Essentials favicons are now locally bundled and our website no longer relies on any external services, CDNs, nor Cloudflare services. Initial Essentials selected on startup will only be loaded when the tab is clicked on, so connections won’t be established until you explicitly enter the tab. We also changed our onboarding Essentials options to more privacy and productivity focused sites.

Only critical security updates and other non-telemetry-related services remain. As a result, the number of external connections has dropped from 82 to around 20-10 — factoring in that Zen’s site is loaded twice (for the welcome page and privacy policy).

Librewolf + LocalCDN is still better. Fight me!