When trying to add a domain with "-" (e.g. server-server.com) into whitelist on Server to Server page, it saves it without it (e.g. serverserver.com). Reporter says it was ok before the update. Maybe another victim of XSS fixes?
Replace the standard XSS filter with someting more appropriate for domain name validation.