This is a security release which addresses a vulnerability reported by one of our users (Paladion Networks Pvt. Ltd) that could be exploited through the Leads exported CSV file opened with Excel or any other similar programs.
The solution implemented to secure the CSV file is to prefix the row values starting with =, +, - or @ with a tab character. In case though, you're trying to use the CSV file in an app that doesn't automatically strip the tab characters, you can turn this option off in the component's configuration page.
Read more information here: https://vel.joomla.org/articles/2140-introducing-csv-injection