Along with the release of 2.5.2, I would also like to release new versions of 2.3 and 2.4. These will be security-only releases, and include a few security-relevant bug fixes that are still being finalized.
As we don't have the infrastructure to produce full releases of 2.3 or 2.4 anymore, this will be a source release only. As such, it will likely see less testing than other releases, and users will have more difficulties in obtaining the software for their system - the releases will be targeted primarily at system vendors who can chose to include them as security patches in their system updates.
As a consequence, I would like to roll back all changes from the 2.3 and 2.4 branches which aren't security fixes. In specific cases, the nature of a change might be debatable; clear security fixes are prevention of memory corruption and interpreter crashes, clear non-security fixes are documentation and test-suite changes.
For 2.3, there are only few revisions that would be rolled back: r52798, r52803, r52824, r54342.
For 2.4, the list is longer; all changes on the branch since r52382 are candidate for roll-back. I would like to prepare a white-list of patches that should be preserved; if you think any of the patches committed in the 2.4 branch is a security fix, please let me know.