1. Admin Menu Controls
The /admin/includes/boxes/xxxxxx_dhtml.php files and /admin/includes/boxes/extra_boxes/*.php files which formerly controlled menu choices have been removed. These files no longer have any effect on admin menus.
Instead you will need to use the Admin Profiles menu to grant permissions to user profiles and profiles to users.
You can use the admin menus (Admin Page Registration) to add the appropriate menu choices as well.
Plugin authors can use function calls to zen_register_admin_page() and zen_deregister_admin_pages() to install/remove menu options for their plugins.
2. Rewriting addon admin pages to use form POSTs instead of GETs
In the interest of mitigating against CSRF issues, it is necessary to use GET parameters *only* when indicating selection criteria, and NEVER when performing destructive actions or database write operations.
There is a forum thread which outlines some guidance in the process of rewriting addons in this way: http://www.zen-cart.com/showthread.php?t=184616
Forms in v1.5.0 and newer must use security tokens such as those set by properly using zen_draw_form instead of hard-coded