URL: …/rest/domains/{domain}/projects/{project}/{entity collection}/{parent_entity_id: [0-9]+}/attachments/{entity_id: [0-9]+}
API Change: The default behavior is now to ask the user whether to open the attachment or save it.
Required Application Change: If default downloading is required, enable it using the DOWNLOAD_REST_ATTACHMENTS site parameter.
Remarks: This change was driven by security concerns. It avoids running an executable attachment by default.