- Patch #24398: make password reset work in case someone does prefetching.  (Today's critical bugfix #4.))

- Patch #42935 by thierry_gd: fixed problem with upgrading the theme.  (Today's critical bugfix #3.)

- Patch #41509 by munga: setting profile field to hidden does not remove it from the user edit form. (Today's critical bugfix #2.)

- Patch #47919 by Thomas: fixed various glitches with MySQLi's error handling and non-standard port support..

    * Makes the user login and password fields in the login _block_ required.
    * Uses just if ($form['name']) rather than if (isset($form['name']) && $form['name']). AFAIK, using both is unnecessary with the form API.
    * Changes maxlength for usernames to 60 which is the (rather odd) database value. The maxlength fields at present don't accomodate affiliate logins with extra long usernames/domains, but I've left that issue alone for now.
    * Removes all instances of maxlength for password. They were a)not being applied with any degree of consistency, and b)unnecessary as only the hash is stored.
    * Corrects an e-mail address maxlength from 55 to 64.
    * unset() accepts more than one variable.

- Patch #44947 by rkerr / Moshe: fixed race condition in session handling, reduced query overhead of session handling, reduced database overhead of session handling.