- Patch #232931 by mikey_p, flobruit et al: clarified the PHPdoc of drupal_add_feed() and drupal_add_link().

- Patch #308138 by mfer, Dave Reid: replace valid_email_address with filter_var and FILTER_VALIDATE_EMAIL.

#308399 by Damien Tournoud: Fix SimpleTest error handler to not spaz out and die when PHP errors are encountered.

- Patch #208793 by kbahey, Damien Tournoud: stop hardcoding the HTTP protocol version where possible.

- Patch #302763 by Dave Reid, Rob Loach: replace time() by ['REQUEST_TIME'] as per Rasmus' suggestion.  Removed drupal_referrer() for consistency.

- Patch #225450 by Crell, chx, bjaspan, catch, swentel, recidive et al: next generation database layer for Drupal 7.

- Patch #295564 by boombatower, Damien Tournoud: fixed drupal_http_request error and cleaned up some simpletest stuff.  We should have a much more funky 'all tests passed' screen.  Having all tests pass shouldn't be this boring.  Let's be a bit more creative and injest some fun ... ;-)

- Patch #268477 by MadHarold, Damien Tournoud, kkaefer, et al: untranslatable suffix in format_size()

- Patch #283806 by mustafau: fixed bug in drupal_http_request() and added some first drupal_http_request() tests to core.  Yay.

- Patch #287877 by dmitrig01: rename drupal_rebuild_code_registry() to registry_rebuild() for consistency.

- Patch #158992 by sun, quicksketch, zeta ζ, bangpound, Dries et al: inline Javascript could generate invalid XHTML.

- Patch #252013 by Eaton, pwolanin, Susurrus et al: drupal_render() now printes #markup, not #value.

- Patch #151902 by MadHarold et al: a better format_size() (and removed some excessive white space).

- Patch #258128 by webchick: @parameter should be @param.  Gets the Most Trivial Patch of the Month Award.

  et al.  Can you say 'registry'?  Drupal now maintains an internal registry of
  all functions or classes in the system, allowing it to lazy-load code files as
  needed (reducing the amount of code that must be parsed on each request). The
  list of included files is cached per menu callback for subsequent loading by
  the menu router. This way, a given page request will have all the code it needs
  but little else, minimizing time spent parsing unneeded code.

- Patch #245115 by kkaefer, John Morahan, JohnAlbin et al: after a long discussion we've decided to make the concatenation operator consistent with the other operators.

- Patch #189568 by dvessel: don't include a CSS file in the aggregated CSS output when that file is overwritten by a theme-specific CSS file.

  This is a big and important patch for Drupal's security.  We are switching
  to much stronger password hashes that are also compatible with the Portable
  PHP password hashing framework.

  The new password hashes defeat a number of attacks, including:

  - The ability to try candidate passwords against multiple hashes at once.
  - The ability to use pre-hashed lists of candidate passwords.
  - The ability to determine whether two users have the same (or different)
    password without actually having to guess one of the passwords.

  Also implemented a pluggable password hashing API (similar to how an alternate
  cache mechanism can be used) to allow developers to readily substitute an
  alternative hashing and authentication scheme.

  Thanks all!

- Patch #239958 by Steve Dondley: make the explicit cache clearing functionality reload the theme's .info file.  (We're back from a vacation in the French Alpes, BTW!  Time to catch up with patches.)