New features :

 Support to enumerate and dump all databases’ tables containing user provided column(s) by specifying for instance ’—dump -C user,pass’. Useful to identify for instance tables containing custom application credentials (Bernardo).
 Support to parse -C (column name(s)) when fetching columns of a table with —columns: it will enumerate only columns like the provided one(s) within the specified table (Bernardo).

 Support for takeover features on PostgreSQL 8.4 (Bernardo).
 Enhanced —priv-esc to rely on new Metasploit Meterpreter’s ’getsystem’ command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows (Bernardo).
 Automatic support in —os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root (Bernardo and Miroslav).
 Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (-l), —scope (Miroslav).
 Major bug fix and enhancements to the multi-threading (—threads) functionality (Miroslav).

Complete list of changes at https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog.