- Patch #29030 by Goba, chx, Jose, et al: reworked the URL rewrite hook so URLs can be rewritten dynamically.

  for performance's sake.

  use db_lock_table() and db_unlock_tables() for your code to be compatible.

- Patch #29274 by Jeremy: the "fuzzy cache" mechanism is supposed to enforce a minimum time before the cache table is flushed. Logical errors in the fuzzy cache implementation are leading to the cache table being flushed more frequently.  Configuration is simplified by removing all references to "strict" and "loose" caches. Instead, the cache is either "disabled" or "enabled". Additionally, the site administrator can now configure the "minimum cache lifetime", the minimum amount of time cached data will remain cached.

  up the documentation a little.

  chx: can you double-check whether the global $conf variable is secure?
       (That is, make sure it can't be send using the URL or something.)

- Patch #24135 by Moshe: made it possible to ban visitors based on hostname/IP.  Banning visitors can either be done from the 'access control' pages, or directly from the statistics pages.  This feature is very convenient to block badly behaving crawlers.

- Added the ability to track page generation times in the statistics module.
  (Made some improvements as per the suggestions in the issue.)

- Added extended timer implementation.

Drupal's existing caching mechanism doesn't perform well on highly dynamic websites in which the cache is flushed frequently. One example is a site that is under attack by a spambot that is posting spam comments every few seconds, causing all cached pages to be flushed every few seconds.  Loose caching immediately flushes the cache only for specific users who have modified cached data (whether or not they are logged in), delaying the flushing of data for other users by several minutes.

(I rewrote the help text a bit and made minor changes to the code comments.)

- Patch #13738 by TDobes: theme system fixes:

* Fix a bug which would cause the "configure" link for styles to be broken.
* Fix a bug with using drupal_get_filename for theme engines. Although this is not called anywhere in core, we should still fix it for contrib. (i.e. themes that may want to manually invoke a theme engine to create a hybrid theme)
* Correct an inaccurate comment in theme.inc
* Populate the default primary links with an "edit primary links" link for consistency with the secondary links
* remove some unnecessary variables in the theme administration which had misleading and confusing names
* replace time-consuming foreach when rendering theme admin page with a more efficient array_key_exists
* usability: rather than completely removing the search box checkbox when search.module is disabled, simply disable it. (UI elements shouldn't appear/disappear.)

  We added a 'severity' column to watchdog():
    watchdog($type, $message, $link) --> watchdog($type, $message, $severity, $link);

    * Specify a severity in case you are reporting a warning or error.
    * The $link-parameter is now the fourth parameter instead of the third.

  TODO: document this in the upgrade guide.

- Patch #14890: corrected the documentation of conf_init().

- Patch #13405 by Moshe: make you actually do something useful with the init hook.  A recent patch to 4.5 and HEAD made this patch run too early in the request (for non-cached pages).

   + Make bootstrap functionality work with HEAD.
   + Move functions into bootstrap.inc so that statistics_exit() works for cached pages.  (Does this close any issues?)

    + added support for multi-site configurations.
    + tidied up some old cruft and added code comments.

- Patch 13180 by chx: renamed check_query() to db_escape_string() and implemtented it properly per database backend.

  Read the manual for pg_escape_string:  "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."

- Simplified/reorganized version of patch #9620 by Jeremy: fixed errors when writing to cache.

- Patch #10945 by Adrian: more PostgreSQL fixes/updates.

- Patch #8179 by JonBob: reintroduced menu caching.