GitLab

  Drupal core!  This is an important milestone for the project so enable
  the module and check it out ... :)

  Thanks to Rok Žlender, Károly Négyesi, Jimmy Berry, Kevin Bridges, Charlie
  Gordon, Douglas Hubler, Miglius Alaburda, Andy Kirkham, Dimitri13, Kieran
  Lal, Moshe Weitzman, and the many other people that helped with testing
  over the past years and that drove this home.

  It all works but it is still rough around the edges (i.e. documentation
  is still being written, the coding style is not 100% yet, a number of
  tests still fail) but we spent the entire weekend working on it in Paris
  and made a ton of progress.  The best way to help and to get up to speed,
  is to start writing and contributing some tests ... as well as fixing
  some of the failures.

  For those willing to help with improving the test framework, here are
  some next steps and issues to resolve:

    - How to best approach unit tests and mock functions?
    - How to test drupal_mail() and drupal_http_request()?
    - How to improve the admin UI so we have a nice progress bar?
    - How best to do code coverage?
    - See http://g.d.o/node/10099 for more ...

- Patch #248140 by thehong: usability: add destination to user editing page link on personal contact form.

- Patch #245504 by catch, David_Rothstein, Freso, et al: removed the throttle module from Drupal core.

- Patch #88892 by darthsteven et al: improved the PHPdoc of form_set_value().  Great work.  Much better. :)

- Patch #245115 by kkaefer, John Morahan, JohnAlbin et al: after a long discussion we've decided to make the concatenation operator consistent with the other operators.

- Patch #216072 by recidive, David Rothstein, ptalindstrom et al: switched from numeric block IDs to string IDs.

  The short explanation is that Drupal uses a lot of numeric deltas in the block system; blocks are identified by the 'module' and the 'delta'. In early Drupal, delta was numeric, but somewhere along the line it was changed to be possibly a string. In modern Drupal, block overrides are easily done via block-MODULE-DELTA.tpl.php.  The primary motivation to switch to string IDs everywhere is to make these deltas friendlier to themers:

    block-user-0.tpl.php --> block-user-navigation.tpl.php
    block-user-1.tpl.php --> block-user-login.tpl.php

  You get the picture.

- Patch #189568 by dvessel: don't include a CSS file in the aggregated CSS output when that file is overwritten by a theme-specific CSS file.

- Patch #195072 by webchick and coltrane: make _comment_load() a public API function by renaming it to comment_load().

- Patch #244597 by drumm: remove login form text as this can now be accomplished using hook form_alter.

  The access rules capability of user module has been stripped down to a
  simple method for blocking IP addresses. E-mail and username restrictions
  are now available in a contributed module. IP address range blocking is
  no longer supported and should be done at the server level.

  This patch is partly motiviated by the fact that at the usability testing,
  it frequently came up that users went to "access rules" when trying to
  configure their site settings.

- Patch #240387 by matt2000 et al: move 'content types' to 'site building' per the UMN usability study results.

- Patch #234785 by Rowanw, yoroy, flobruit, et al: usability: improve visibility of the 'more help' link by adding an icon.

- Patch #218403 by Gabor, catch, Arancaytar, keith, doug, et al: duplicate entry errors in search idexer due to collation issues.

- Patch #241629 by solotandem: the cron.php query left an extra row in the watchdog table due to a off-by-one error.

- Patch #241021 by keith.smith: we forgot to remove a reference to the 'story' node type.  It was renamed to 'article'.

- Patch #238528 by misamuelson, approved by Stefan: disabled menu items should not be opaque for usability.

- Oops, I forgot to add this file to CVS when I committed the secure password hashing patch last night.  Mea culpa.

  This is a big and important patch for Drupal's security.  We are switching
  to much stronger password hashes that are also compatible with the Portable
  PHP password hashing framework.

  The new password hashes defeat a number of attacks, including:

  - The ability to try candidate passwords against multiple hashes at once.
  - The ability to use pre-hashed lists of candidate passwords.
  - The ability to determine whether two users have the same (or different)
    password without actually having to guess one of the passwords.

  Also implemented a pluggable password hashing API (similar to how an alternate
  cache mechanism can be used) to allow developers to readily substitute an
  alternative hashing and authentication scheme.

  Thanks all!

- Patch #239958 by Steve Dondley: make the explicit cache clearing functionality reload the theme's .info file.  (We're back from a vacation in the French Alpes, BTW!  Time to catch up with patches.)