UEFI specification 2.8 is out, will highlight some interesting (at least to me) changes and additions compared to the to the previous one - 2.7B.
uefi.org/sites/default/…

New chapter on serial device identification and a corresponding update of SERIAL_IO_PROTOCOL to include DeviceTypeGuid.

Lots of additions related to REST and JSON: new EFI_REST_EX_PROTOCOL, a converter from JSON to C structures and back (EFI_REST_JSON_STRUCTURE), a new type of REST_STYLE_FORMSET that contains REST-configurable HII forms, JSON support for capsule update mechanism, etc.

Two new kinds of device paths: NVDIMM Namespace Device Path (for bootable NVDIMM devices) and REST Service Device Path.

New (but optional) way for an OS to request the firmware not to touch certain memory ranges after memory-preserving reset. Once implemented, capsule updates can use S3 sleep-resume instead of full reset, so they can get much faster on platforms with slow DXE phase (i.e. servers).

Two new memory attributes: Specific-Purpose ("dear OS, please don't put non-relocatable data or code in this range, it may be used for something by device or firmware later"), and CPU Crypto ("hardware memory encryption can be enabled for this range").

EFI Byte Code interpreter is finally made optional De Jure. De Facto it was used extremely rarely for multiple reasons, so it's only a surprise that it got optional now (and not 5 years ago).

A full new chapter on EFI Redfish service (for remote management) describing Redfish Discover Protocol and related things.

Support for HTTPS host name validation with multiple flags that can be ORed together if needed.

HII Question opcodes now require a default value, finally!
"33.2.5.8 Defaults
To ensure consistent behavior when a platform attempts to restore settings to defaults, each question op-code must have an active default setting."

"Set (*Attributes) when gRT->GetVariable() returns EFI_BUFFER_TOO_SMALL and Attributes is non-NULL". Another very welcome addition that should have been there since EFI 1.1. Less gRT->SetVariable() calls with uninitialized attributes, more order to the things, yay!

EFI FMP Capsules got a way to express dependencies between different payloads sent to the firmware. The DepEx is implemented similarly to PEI and DXE DepEx, but uses a different set of OpCodes. Will reduce the amount of resets needed to apply multiple dependent updates to one.

The very best change for the end: UEFI Runtime Services being optional and returning EFI_UNSUPPORTED after ExitBS are finally supported De Jure!
This opens a way for in-spec UEFI FW with no OS-writable NVRAM, no Capsules, and no RT services in general. Zero-trace UEFI FW FTW!

That's all, folks. There are some other small changes and clarifications here and there, but they haven't caught my eye at this time.
My 5c on the update: aside of JSON and Redfish (that are both nearly impossible to implement in a secure way in C, IMO), it's great overall.