SA-CORE-2014-005 by Stefan Horst, greggles, larowlan, David_Rothstein, klausi: Fixed SQL injection vulnerability

Issue #2098129 by er.pushpinderrana, drupal_sensei, Berdir, joachim: Fix docs for DrupalDefaultEntityController entityCache variable

Issue #1956782 by joshi.rohit100, bdimaggio, tanmayk, chertzog: Document parameter to xmlrpc_server()

Issue #2273337 by vegantriathlete, ducktape, joachim: Fix up docs for db_add_field and related functions

Issue #2259361 by jweowu, David_Rothstein: Document that db_query_temporary() only works on SELECT queries

Issue #2143461 by Sneakyvv: drupal_get_query_array() does not work correctly if a query parameter contains an equals sign.

Issue #1525176 by klausi, amateescu, David_Rothstein, dlu, goldenboy, lucascaro, naveko, Georgique, webchick: Using array_diff_assoc() for multilevel arrays in DrupalDefaultEntityController->cacheGet().

Issue #1868972 by jweowu, DanChadwick: Db_query_temporary() fails to create a table when the SQL has leading whitespace.

Issue #2065917 by SpadXIII, andrewbelcher, kboopathi: SelectQueryExtender::hasAnyTag uses hasAnyTags which doesn't exist.

Issue #2106129 by brad.bulger, mmilano: Fix PHP notice in drupal_valid_path(): Undefined variable: form_item.

Issue #1068840 by sun, TR, Liam Morland, Pancho, Alan D., tim.plunkett, Damien Tournoud, droplet: Country codes missing from includes/iso.inc.

Issue #1984378 by Jaypan, JacobSanford, aroq | Dave Hirschman: $source argument is name of form field used to upload file, not "filepath or URI of the uploaded file."

Issue #1760330 by s.Daniel, David_Rothstein, jfhovinne: Hide vulnerable drupal install.php sites from search engines.

Issue #937284 by chx, chrisdolby, deviantintegral, Berdir, tim.plunkett | hefox: DEADLOCK errors on MergeQuery INSERT due to InnoDB gap locking when condition in SELECT ... FOR UPDATE results in 0 rows.